| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.08.2012, 12:43
| #16 |
 |  Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen So, ich hoffe das ist das richtige Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1445491938-3163146774-1667579322-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1445491938-3163146774-1667579322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1445491938-3163146774-1667579322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1445491938-3163146774-1667579322-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1445491938-3163146774-1667579322-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== FILES ==========
C:\ProgramData\go_0molg.pad moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
D:\Alter Rechner\Downloads\NEU\SoftonicDownloader_fuer_freecol.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 113839 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Admin.***
->Temp folder emptied: 113839 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 50175 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: HP
->Temp folder emptied: 142179188 bytes
->Temporary Internet Files folder emptied: 180626 bytes
->FireFox cache emptied: 64799609 bytes
->Flash cache emptied: 532 bytes
User: ***
->Temp folder emptied: 280554 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ***.***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 196608 bytes
->FireFox cache emptied: 55216273 bytes
->Flash cache emptied: 456 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 251,00 mb
[EMPTYFLASH]
User: Admin
User: Admin.***
User: All Users
User: Default
User: Default User
User: Gast
User: HP
->Flash cache emptied: 0 bytes
User: ***
User: ***.***
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 08042012_132952
Ich wünsche Dir ein schönes Wochenende.  |
|
04.08.2012, 17:54
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
05.08.2012, 21:26
| #18 |
| | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Guten Abend,
__________________hier das Logfile des TDSSKillers: Code:
ATTFilter 22:17:17.0060 5940 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:17:17.0076 5940 ============================================================
22:17:17.0076 5940 Current date / time: 2012/08/05 22:17:17.0076
22:17:17.0076 5940 SystemInfo:
22:17:17.0076 5940
22:17:17.0076 5940 OS Version: 6.1.7601 ServicePack: 1.0
22:17:17.0076 5940 Product type: Workstation
22:17:17.0076 5940 ComputerName: ***
22:17:17.0076 5940 UserName: ***
22:17:17.0076 5940 Windows directory: C:\Windows
22:17:17.0076 5940 System windows directory: C:\Windows
22:17:17.0076 5940 Running under WOW64
22:17:17.0076 5940 Processor architecture: Intel x64
22:17:17.0076 5940 Number of processors: 8
22:17:17.0076 5940 Page size: 0x1000
22:17:17.0076 5940 Boot type: Normal boot
22:17:17.0076 5940 ============================================================
22:17:17.0949 5940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:17:17.0965 5940 ============================================================
22:17:17.0965 5940 \Device\Harddisk0\DR0:
22:17:17.0965 5940 MBR partitions:
22:17:17.0965 5940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:17:17.0965 5940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x61A8000
22:17:17.0965 5940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61DA800, BlocksNum 0x279E9000
22:17:17.0965 5940 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2DBC3800, BlocksNum 0xC7C2800
22:17:17.0965 5940 ============================================================
22:17:18.0012 5940 C: <-> \Device\Harddisk0\DR0\Partition1
22:17:18.0027 5940 D: <-> \Device\Harddisk0\DR0\Partition2
22:17:18.0058 5940 E: <-> \Device\Harddisk0\DR0\Partition3
22:17:18.0058 5940 ============================================================
22:17:18.0058 5940 Initialize success
22:17:18.0058 5940 ============================================================
22:17:41.0661 6408 ============================================================
22:17:41.0661 6408 Scan started
22:17:41.0661 6408 Mode: Manual; SigCheck; TDLFS;
22:17:41.0661 6408 ============================================================
22:17:42.0145 6408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:17:42.0223 6408 1394ohci - ok
22:17:42.0254 6408 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:17:42.0270 6408 Accelerometer - ok
22:17:42.0301 6408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:17:42.0316 6408 ACPI - ok
22:17:42.0332 6408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:17:42.0379 6408 AcpiPmi - ok
22:17:42.0457 6408 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:17:42.0472 6408 AdobeARMservice - ok
22:17:42.0566 6408 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:17:42.0582 6408 AdobeFlashPlayerUpdateSvc - ok
22:17:42.0644 6408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:17:42.0660 6408 adp94xx - ok
22:17:42.0706 6408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:17:42.0722 6408 adpahci - ok
22:17:42.0738 6408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:17:42.0753 6408 adpu320 - ok
22:17:42.0784 6408 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:17:42.0816 6408 AeLookupSvc - ok
22:17:42.0925 6408 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
22:17:42.0940 6408 AESTFilters - ok
22:17:43.0003 6408 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:17:43.0050 6408 AFD - ok
22:17:43.0081 6408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:17:43.0096 6408 agp440 - ok
22:17:43.0128 6408 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:17:43.0143 6408 ALG - ok
22:17:43.0174 6408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:17:43.0190 6408 aliide - ok
22:17:43.0237 6408 AMD External Events Utility (48619a29f9c9c3cfeb66718dd03d8057) C:\Windows\system32\atiesrxx.exe
22:17:43.0268 6408 AMD External Events Utility - ok
22:17:43.0284 6408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:17:43.0299 6408 amdide - ok
22:17:43.0330 6408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:17:43.0362 6408 AmdK8 - ok
22:17:43.0814 6408 amdkmdag (06bf0785de714637eba9bb1084b28626) C:\Windows\system32\DRIVERS\atikmdag.sys
22:17:43.0923 6408 amdkmdag - ok
22:17:44.0048 6408 amdkmdap (2dec3274589ff6889ab05adceeb0f642) C:\Windows\system32\DRIVERS\atikmpag.sys
22:17:44.0095 6408 amdkmdap - ok
22:17:44.0126 6408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:17:44.0173 6408 AmdPPM - ok
22:17:44.0204 6408 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:17:44.0220 6408 amdsata - ok
22:17:44.0235 6408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:17:44.0251 6408 amdsbs - ok
22:17:44.0251 6408 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:17:44.0266 6408 amdxata - ok
22:17:44.0298 6408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:17:44.0344 6408 AppID - ok
22:17:44.0360 6408 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:17:44.0391 6408 AppIDSvc - ok
22:17:44.0438 6408 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:17:44.0469 6408 Appinfo - ok
22:17:44.0500 6408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:17:44.0516 6408 arc - ok
22:17:44.0516 6408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:17:44.0532 6408 arcsas - ok
22:17:44.0563 6408 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
22:17:44.0594 6408 aswFsBlk - ok
22:17:44.0625 6408 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
22:17:44.0641 6408 aswMonFlt - ok
22:17:44.0703 6408 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
22:17:44.0719 6408 aswRdr - ok
22:17:44.0797 6408 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
22:17:44.0812 6408 aswSnx - ok
22:17:44.0875 6408 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
22:17:44.0890 6408 aswSP - ok
22:17:44.0906 6408 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
22:17:44.0922 6408 aswTdi - ok
22:17:44.0953 6408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:17:45.0000 6408 AsyncMac - ok
22:17:45.0000 6408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:17:45.0015 6408 atapi - ok
22:17:45.0265 6408 athr (b4421d8cdadc441f76ba39532a3e3414) C:\Windows\system32\DRIVERS\athrx.sys
22:17:45.0343 6408 athr - ok
22:17:45.0483 6408 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
22:17:45.0499 6408 AtiHdmiService - ok
22:17:45.0717 6408 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:17:45.0780 6408 AudioEndpointBuilder - ok
22:17:45.0780 6408 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:17:45.0811 6408 AudioSrv - ok
22:17:45.0873 6408 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:17:45.0873 6408 avast! Antivirus - ok
22:17:45.0904 6408 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:17:45.0936 6408 AxInstSV - ok
22:17:45.0982 6408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:17:45.0998 6408 b06bdrv - ok
22:17:46.0045 6408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:17:46.0076 6408 b57nd60a - ok
22:17:46.0092 6408 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:17:46.0107 6408 BDESVC - ok
22:17:46.0123 6408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:17:46.0185 6408 Beep - ok
22:17:46.0263 6408 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:17:46.0294 6408 BFE - ok
22:17:46.0357 6408 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:17:46.0419 6408 BITS - ok
22:17:46.0466 6408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:17:46.0497 6408 blbdrive - ok
22:17:46.0606 6408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:17:46.0653 6408 bowser - ok
22:17:46.0731 6408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:17:46.0762 6408 BrFiltLo - ok
22:17:46.0762 6408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:17:46.0794 6408 BrFiltUp - ok
22:17:46.0825 6408 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:17:46.0887 6408 Browser - ok
22:17:46.0903 6408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:17:46.0918 6408 Brserid - ok
22:17:46.0934 6408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:17:46.0950 6408 BrSerWdm - ok
22:17:46.0950 6408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:17:46.0965 6408 BrUsbMdm - ok
22:17:46.0981 6408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:17:46.0996 6408 BrUsbSer - ok
22:17:47.0043 6408 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:17:47.0059 6408 BthEnum - ok
22:17:47.0090 6408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:17:47.0106 6408 BTHMODEM - ok
22:17:47.0137 6408 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:17:47.0152 6408 BthPan - ok
22:17:47.0199 6408 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:17:47.0230 6408 BTHPORT - ok
22:17:47.0262 6408 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:17:47.0308 6408 bthserv - ok
22:17:47.0324 6408 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:17:47.0355 6408 BTHUSB - ok
22:17:47.0402 6408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:17:47.0433 6408 cdfs - ok
22:17:47.0480 6408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:17:47.0511 6408 cdrom - ok
22:17:47.0558 6408 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:17:47.0589 6408 CertPropSvc - ok
22:17:47.0605 6408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:17:47.0636 6408 circlass - ok
22:17:47.0667 6408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:17:47.0698 6408 CLFS - ok
22:17:47.0745 6408 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:17:47.0761 6408 clr_optimization_v2.0.50727_32 - ok
22:17:47.0808 6408 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:17:47.0823 6408 clr_optimization_v2.0.50727_64 - ok
22:17:47.0886 6408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:17:47.0917 6408 clr_optimization_v4.0.30319_32 - ok
22:17:47.0932 6408 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:17:47.0948 6408 clr_optimization_v4.0.30319_64 - ok
22:17:47.0964 6408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:17:47.0995 6408 CmBatt - ok
22:17:48.0026 6408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:17:48.0042 6408 cmdide - ok
22:17:48.0088 6408 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:17:48.0120 6408 CNG - ok
22:17:48.0135 6408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:17:48.0151 6408 Compbatt - ok
22:17:48.0182 6408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:17:48.0198 6408 CompositeBus - ok
22:17:48.0198 6408 COMSysApp - ok
22:17:48.0213 6408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:17:48.0229 6408 crcdisk - ok
22:17:48.0276 6408 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:17:48.0307 6408 CryptSvc - ok
22:17:48.0354 6408 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:17:48.0400 6408 DcomLaunch - ok
22:17:48.0447 6408 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:17:48.0494 6408 defragsvc - ok
22:17:48.0510 6408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:17:48.0556 6408 DfsC - ok
22:17:48.0588 6408 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:17:48.0634 6408 Dhcp - ok
22:17:48.0650 6408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:17:48.0681 6408 discache - ok
22:17:48.0712 6408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:17:48.0712 6408 Disk - ok
22:17:48.0744 6408 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:17:48.0775 6408 Dnscache - ok
22:17:48.0806 6408 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:17:48.0853 6408 dot3svc - ok
22:17:48.0946 6408 DpHost (3e6b2753a09d46958f5d0df8e1b650ca) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
22:17:48.0946 6408 DpHost - ok
22:17:48.0993 6408 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:17:49.0056 6408 DPS - ok
22:17:49.0087 6408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:17:49.0102 6408 drmkaud - ok
22:17:49.0180 6408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:17:49.0212 6408 DXGKrnl - ok
22:17:49.0243 6408 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:17:49.0274 6408 EapHost - ok
22:17:49.0477 6408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:17:49.0539 6408 ebdrv - ok
22:17:49.0648 6408 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:17:49.0680 6408 EFS - ok
22:17:49.0773 6408 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:17:49.0804 6408 ehRecvr - ok
22:17:49.0836 6408 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:17:49.0867 6408 ehSched - ok
22:17:49.0960 6408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:17:49.0976 6408 elxstor - ok
22:17:50.0007 6408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:17:50.0038 6408 ErrDev - ok
22:17:50.0101 6408 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:17:50.0148 6408 EventSystem - ok
22:17:50.0163 6408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:17:50.0194 6408 exfat - ok
22:17:50.0226 6408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:17:50.0257 6408 fastfat - ok
22:17:50.0335 6408 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:17:50.0382 6408 Fax - ok
22:17:50.0397 6408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:17:50.0413 6408 fdc - ok
22:17:50.0428 6408 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:17:50.0491 6408 fdPHost - ok
22:17:50.0491 6408 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:17:50.0522 6408 FDResPub - ok
22:17:50.0553 6408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:17:50.0569 6408 FileInfo - ok
22:17:50.0584 6408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:17:50.0616 6408 Filetrace - ok
22:17:50.0631 6408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:17:50.0647 6408 flpydisk - ok
22:17:50.0678 6408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:17:50.0694 6408 FltMgr - ok
22:17:50.0928 6408 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:17:50.0974 6408 FontCache - ok
22:17:51.0052 6408 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:17:51.0068 6408 FontCache3.0.0.0 - ok
22:17:51.0099 6408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:17:51.0115 6408 FsDepends - ok
22:17:51.0146 6408 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:17:51.0162 6408 Fs_Rec - ok
22:17:51.0208 6408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:17:51.0224 6408 fvevol - ok
22:17:51.0255 6408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:17:51.0271 6408 gagp30kx - ok
22:17:51.0349 6408 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:17:51.0396 6408 gpsvc - ok
22:17:51.0427 6408 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
22:17:51.0442 6408 grmnusb - ok
22:17:51.0536 6408 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:17:51.0552 6408 gupdate - ok
22:17:51.0567 6408 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:17:51.0583 6408 gupdatem - ok
22:17:51.0614 6408 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
22:17:51.0630 6408 hamachi - ok
22:17:51.0645 6408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:17:51.0661 6408 hcw85cir - ok
22:17:51.0723 6408 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:17:51.0754 6408 HdAudAddService - ok
22:17:51.0786 6408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:17:51.0801 6408 HDAudBus - ok
22:17:51.0832 6408 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:17:51.0848 6408 HECIx64 - ok
22:17:51.0848 6408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:17:51.0879 6408 HidBatt - ok
22:17:51.0879 6408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:17:51.0910 6408 HidBth - ok
22:17:51.0942 6408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:17:51.0957 6408 HidIr - ok
22:17:51.0973 6408 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:17:52.0020 6408 hidserv - ok
22:17:52.0082 6408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:17:52.0098 6408 HidUsb - ok
22:17:52.0144 6408 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:17:52.0207 6408 hkmsvc - ok
22:17:52.0254 6408 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:17:52.0285 6408 HomeGroupListener - ok
22:17:52.0300 6408 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:17:52.0332 6408 HomeGroupProvider - ok
22:17:52.0410 6408 HP Health Check Service (be78357fb49759b79ccc01894bcfdddb) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
22:17:52.0425 6408 HP Health Check Service - ok
22:17:52.0472 6408 HPDrvMntSvc.exe (2dfb151fd34df104dac0adf070eda83c) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:17:52.0488 6408 HPDrvMntSvc.exe - ok
22:17:52.0519 6408 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:17:52.0534 6408 hpdskflt - ok
22:17:52.0597 6408 hpqwmiex (184c500cb9f69585f3fe85e1d2667cd8) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:17:52.0612 6408 hpqwmiex - ok
22:17:52.0659 6408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:17:52.0675 6408 HpSAMD - ok
22:17:52.0675 6408 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
22:17:52.0690 6408 hpsrv - ok
22:17:52.0768 6408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:17:52.0815 6408 HTTP - ok
22:17:52.0846 6408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:17:52.0862 6408 hwpolicy - ok
22:17:52.0909 6408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:17:52.0924 6408 i8042prt - ok
22:17:52.0971 6408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:17:53.0002 6408 iaStorV - ok
22:17:53.0112 6408 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:17:53.0127 6408 idsvc - ok
22:17:53.0158 6408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:17:53.0174 6408 iirsp - ok
22:17:53.0236 6408 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:17:53.0299 6408 IKEEXT - ok
22:17:53.0330 6408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:17:53.0330 6408 intelide - ok
22:17:53.0361 6408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:17:53.0392 6408 intelppm - ok
22:17:53.0424 6408 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:17:53.0455 6408 IPBusEnum - ok
22:17:53.0486 6408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:17:53.0548 6408 IpFilterDriver - ok
22:17:53.0611 6408 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:17:53.0658 6408 iphlpsvc - ok
22:17:53.0689 6408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:17:53.0704 6408 IPMIDRV - ok
22:17:53.0736 6408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:17:53.0767 6408 IPNAT - ok
22:17:53.0782 6408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:17:53.0814 6408 IRENUM - ok
22:17:53.0829 6408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:17:53.0845 6408 isapnp - ok
22:17:53.0860 6408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:17:53.0876 6408 iScsiPrt - ok
22:17:53.0892 6408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:17:53.0907 6408 kbdclass - ok
22:17:53.0923 6408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:17:53.0938 6408 kbdhid - ok
22:17:53.0985 6408 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:53.0985 6408 KeyIso - ok
22:17:54.0016 6408 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:17:54.0032 6408 KSecDD - ok
22:17:54.0048 6408 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:17:54.0063 6408 KSecPkg - ok
22:17:54.0094 6408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:17:54.0157 6408 ksthunk - ok
22:17:54.0204 6408 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:17:54.0250 6408 KtmRm - ok
22:17:54.0297 6408 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:17:54.0344 6408 LanmanServer - ok
22:17:54.0391 6408 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:17:54.0438 6408 LanmanWorkstation - ok
22:17:54.0562 6408 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:17:54.0578 6408 LBTServ - ok
22:17:54.0609 6408 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:17:54.0625 6408 LHidFilt - ok
22:17:54.0687 6408 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:17:54.0687 6408 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:17:54.0687 6408 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:17:54.0734 6408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:17:54.0796 6408 lltdio - ok
22:17:54.0828 6408 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:17:54.0874 6408 lltdsvc - ok
22:17:54.0906 6408 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:17:54.0937 6408 lmhosts - ok
22:17:54.0952 6408 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:17:54.0968 6408 LMouFilt - ok
22:17:54.0984 6408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:17:54.0999 6408 LSI_FC - ok
22:17:55.0015 6408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:17:55.0030 6408 LSI_SAS - ok
22:17:55.0046 6408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:17:55.0046 6408 LSI_SAS2 - ok
22:17:55.0062 6408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:17:55.0077 6408 LSI_SCSI - ok
22:17:55.0093 6408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:17:55.0140 6408 luafv - ok
22:17:55.0171 6408 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:17:55.0202 6408 Mcx2Svc - ok
22:17:55.0218 6408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:17:55.0233 6408 megasas - ok
22:17:55.0264 6408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:17:55.0280 6408 MegaSR - ok
22:17:55.0296 6408 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:17:55.0342 6408 MMCSS - ok
22:17:55.0358 6408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:17:55.0389 6408 Modem - ok
22:17:55.0405 6408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:17:55.0420 6408 monitor - ok
22:17:55.0467 6408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:17:55.0483 6408 mouclass - ok
22:17:55.0498 6408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:17:55.0514 6408 mouhid - ok
22:17:55.0545 6408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:17:55.0561 6408 mountmgr - ok
22:17:55.0639 6408 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:17:55.0654 6408 MozillaMaintenance - ok
22:17:55.0670 6408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:17:55.0686 6408 mpio - ok
22:17:55.0701 6408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:17:55.0732 6408 mpsdrv - ok
22:17:55.0795 6408 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:17:55.0842 6408 MpsSvc - ok
22:17:55.0951 6408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:17:55.0982 6408 MRxDAV - ok
22:17:56.0013 6408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:17:56.0044 6408 mrxsmb - ok
22:17:56.0091 6408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:17:56.0122 6408 mrxsmb10 - ok
22:17:56.0138 6408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:17:56.0154 6408 mrxsmb20 - ok
22:17:56.0169 6408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:17:56.0185 6408 msahci - ok
22:17:56.0216 6408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:17:56.0232 6408 msdsm - ok
22:17:56.0247 6408 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:17:56.0278 6408 MSDTC - ok
22:17:56.0294 6408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:17:56.0325 6408 Msfs - ok
22:17:56.0341 6408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:17:56.0372 6408 mshidkmdf - ok
22:17:56.0372 6408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:17:56.0388 6408 msisadrv - ok
22:17:56.0434 6408 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:17:56.0466 6408 MSiSCSI - ok
22:17:56.0466 6408 msiserver - ok
22:17:56.0481 6408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:17:56.0528 6408 MSKSSRV - ok
22:17:56.0528 6408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:17:56.0559 6408 MSPCLOCK - ok
22:17:56.0575 6408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:17:56.0606 6408 MSPQM - ok
22:17:56.0653 6408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:17:56.0668 6408 MsRPC - ok
22:17:56.0700 6408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:17:56.0715 6408 mssmbios - ok
22:17:56.0731 6408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:17:56.0762 6408 MSTEE - ok
22:17:56.0778 6408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:17:56.0793 6408 MTConfig - ok
22:17:56.0809 6408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:17:56.0809 6408 Mup - ok
22:17:56.0856 6408 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:17:56.0902 6408 napagent - ok
22:17:56.0949 6408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:17:56.0980 6408 NativeWifiP - ok
22:17:57.0090 6408 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
22:17:57.0105 6408 NAUpdate - ok
22:17:57.0183 6408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:17:57.0214 6408 NDIS - ok
22:17:57.0246 6408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:17:57.0292 6408 NdisCap - ok
22:17:57.0308 6408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:17:57.0355 6408 NdisTapi - ok
22:17:57.0370 6408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:17:57.0402 6408 Ndisuio - ok
22:17:57.0433 6408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:17:57.0480 6408 NdisWan - ok
22:17:57.0495 6408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:17:57.0526 6408 NDProxy - ok
22:17:57.0542 6408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:17:57.0573 6408 NetBIOS - ok
22:17:57.0620 6408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:17:57.0651 6408 NetBT - ok
22:17:57.0682 6408 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:57.0698 6408 Netlogon - ok
22:17:57.0745 6408 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:17:57.0776 6408 Netman - ok
22:17:57.0792 6408 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:17:57.0854 6408 netprofm - ok
22:17:57.0932 6408 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:17:57.0948 6408 NetTcpPortSharing - ok
22:17:57.0979 6408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:17:57.0994 6408 nfrd960 - ok
22:17:58.0041 6408 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:17:58.0072 6408 NlaSvc - ok
22:17:58.0213 6408 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
22:17:58.0228 6408 NMIndexingService - ok
22:17:58.0244 6408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:17:58.0291 6408 Npfs - ok
22:17:58.0306 6408 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:17:58.0353 6408 nsi - ok
22:17:58.0369 6408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:17:58.0400 6408 nsiproxy - ok
22:17:58.0540 6408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:17:58.0572 6408 Ntfs - ok
22:17:58.0681 6408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:17:58.0728 6408 Null - ok
22:17:58.0759 6408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:17:58.0790 6408 nvraid - ok
22:17:58.0806 6408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:17:58.0821 6408 nvstor - ok
22:17:58.0868 6408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:17:58.0884 6408 nv_agp - ok
22:17:58.0962 6408 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:17:58.0993 6408 odserv - ok
22:17:58.0993 6408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:17:59.0024 6408 ohci1394 - ok
22:17:59.0071 6408 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:17:59.0071 6408 ose - ok
22:17:59.0118 6408 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:17:59.0149 6408 p2pimsvc - ok
22:17:59.0180 6408 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:17:59.0211 6408 p2psvc - ok
22:17:59.0227 6408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:17:59.0258 6408 Parport - ok
22:17:59.0289 6408 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:17:59.0305 6408 partmgr - ok
22:17:59.0336 6408 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:17:59.0367 6408 PcaSvc - ok
22:17:59.0414 6408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:17:59.0430 6408 pci - ok
22:17:59.0445 6408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:17:59.0461 6408 pciide - ok
22:17:59.0477 6408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:17:59.0492 6408 pcmcia - ok
22:17:59.0492 6408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:17:59.0508 6408 pcw - ok
22:17:59.0555 6408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:17:59.0601 6408 PEAUTH - ok
22:17:59.0664 6408 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:17:59.0695 6408 PerfHost - ok
22:17:59.0867 6408 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:17:59.0929 6408 pla - ok
22:17:59.0991 6408 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:18:00.0007 6408 PlugPlay - ok
22:18:00.0038 6408 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:18:00.0069 6408 PNRPAutoReg - ok
22:18:00.0101 6408 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:18:00.0116 6408 PNRPsvc - ok
22:18:00.0163 6408 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:18:00.0225 6408 PolicyAgent - ok
22:18:00.0241 6408 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:18:00.0288 6408 Power - ok
22:18:00.0350 6408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:18:00.0381 6408 PptpMiniport - ok
22:18:00.0397 6408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:18:00.0428 6408 Processor - ok
22:18:00.0459 6408 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:18:00.0491 6408 ProfSvc - ok
22:18:00.0506 6408 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:18:00.0522 6408 ProtectedStorage - ok
22:18:00.0553 6408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:18:00.0600 6408 Psched - ok
22:18:00.0615 6408 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
22:18:00.0631 6408 PSI - ok
22:18:00.0725 6408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:18:00.0756 6408 ql2300 - ok
22:18:00.0881 6408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:18:00.0896 6408 ql40xx - ok
22:18:00.0927 6408 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:18:00.0943 6408 QWAVE - ok
22:18:00.0959 6408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:18:00.0990 6408 QWAVEdrv - ok
22:18:01.0005 6408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:18:01.0037 6408 RasAcd - ok
22:18:01.0068 6408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:18:01.0099 6408 RasAgileVpn - ok
22:18:01.0115 6408 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:18:01.0146 6408 RasAuto - ok
22:18:01.0193 6408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:18:01.0224 6408 Rasl2tp - ok
22:18:01.0255 6408 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:18:01.0302 6408 RasMan - ok
22:18:01.0317 6408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:18:01.0380 6408 RasPppoe - ok
22:18:01.0395 6408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:18:01.0427 6408 RasSstp - ok
22:18:01.0458 6408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:18:01.0505 6408 rdbss - ok
22:18:01.0520 6408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:18:01.0536 6408 rdpbus - ok
22:18:01.0567 6408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:18:01.0598 6408 RDPCDD - ok
22:18:01.0598 6408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:18:01.0645 6408 RDPENCDD - ok
22:18:01.0661 6408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:18:01.0692 6408 RDPREFMP - ok
22:18:01.0723 6408 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:18:01.0739 6408 RDPWD - ok
22:18:01.0785 6408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:18:01.0801 6408 rdyboost - ok
22:18:01.0832 6408 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:18:01.0863 6408 RemoteAccess - ok
22:18:01.0895 6408 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:18:01.0926 6408 RemoteRegistry - ok
22:18:01.0973 6408 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:18:02.0004 6408 RFCOMM - ok
22:18:02.0019 6408 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:18:02.0066 6408 RpcEptMapper - ok
22:18:02.0082 6408 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:18:02.0097 6408 RpcLocator - ok
22:18:02.0144 6408 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:18:02.0175 6408 RpcSs - ok
22:18:02.0191 6408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:18:02.0222 6408 rspndr - ok
22:18:02.0269 6408 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
22:18:02.0285 6408 RSUSBSTOR - ok
22:18:02.0347 6408 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:18:02.0363 6408 RTL8167 - ok
22:18:02.0378 6408 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:18:02.0394 6408 SamSs - ok
22:18:02.0441 6408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:18:02.0456 6408 sbp2port - ok
22:18:02.0597 6408 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:18:02.0628 6408 SBSDWSCService - ok
22:18:02.0659 6408 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:18:02.0690 6408 SCardSvr - ok
22:18:02.0753 6408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:18:02.0784 6408 scfilter - ok
22:18:02.0877 6408 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:18:02.0940 6408 Schedule - ok
22:18:02.0955 6408 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:18:02.0987 6408 SCPolicySvc - ok
22:18:03.0018 6408 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:18:03.0049 6408 SDRSVC - ok
22:18:03.0096 6408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:18:03.0143 6408 secdrv - ok
22:18:03.0143 6408 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:18:03.0189 6408 seclogon - ok
22:18:03.0330 6408 Secunia PSI Agent (9044795e9d1a912d5f1b8df6211850fd) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:18:03.0377 6408 Secunia PSI Agent - ok
22:18:03.0439 6408 Secunia Update Agent (8b1a72e4fb63a9c068b08e1f9b70482a) C:\Program Files (x86)\Secunia\PSI\sua.exe
22:18:03.0470 6408 Secunia Update Agent - ok
22:18:03.0548 6408 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:18:03.0595 6408 SENS - ok
22:18:03.0611 6408 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:18:03.0626 6408 SensrSvc - ok
22:18:03.0657 6408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:18:03.0673 6408 Serenum - ok
22:18:03.0704 6408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:18:03.0720 6408 Serial - ok
22:18:03.0767 6408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:18:03.0782 6408 sermouse - ok
22:18:03.0813 6408 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:18:03.0860 6408 SessionEnv - ok
22:18:03.0860 6408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:18:03.0891 6408 sffdisk - ok
22:18:03.0907 6408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:18:03.0923 6408 sffp_mmc - ok
22:18:03.0938 6408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:18:03.0969 6408 sffp_sd - ok
22:18:03.0985 6408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:18:04.0032 6408 sfloppy - ok
22:18:04.0079 6408 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:18:04.0141 6408 SharedAccess - ok
22:18:04.0172 6408 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:18:04.0235 6408 ShellHWDetection - ok
22:18:04.0250 6408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:18:04.0266 6408 SiSRaid2 - ok
22:18:04.0281 6408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:18:04.0297 6408 SiSRaid4 - ok
22:18:04.0391 6408 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:18:04.0406 6408 SkypeUpdate - ok
22:18:04.0453 6408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:18:04.0515 6408 Smb - ok
22:18:04.0547 6408 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:18:04.0578 6408 SNMPTRAP - ok
22:18:04.0593 6408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:18:04.0593 6408 spldr - ok
22:18:04.0656 6408 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:18:04.0687 6408 Spooler - ok
22:18:04.0905 6408 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:18:04.0999 6408 sppsvc - ok
22:18:05.0077 6408 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:18:05.0124 6408 sppuinotify - ok
22:18:05.0217 6408 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
22:18:05.0233 6408 sptd - ok
22:18:05.0280 6408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:18:05.0311 6408 srv - ok
22:18:05.0358 6408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:18:05.0389 6408 srv2 - ok
22:18:05.0405 6408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:18:05.0420 6408 srvnet - ok
22:18:05.0467 6408 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:18:05.0514 6408 SSDPSRV - ok
22:18:05.0529 6408 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:18:05.0561 6408 SstpSvc - ok
22:18:05.0670 6408 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
22:18:05.0701 6408 STacSV - ok
22:18:05.0732 6408 StarOpen - ok
22:18:05.0826 6408 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
22:18:05.0841 6408 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
22:18:05.0841 6408 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
22:18:05.0857 6408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:18:05.0873 6408 stexstor - ok
22:18:05.0919 6408 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
22:18:05.0951 6408 STHDA - ok
22:18:05.0997 6408 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:18:06.0029 6408 stisvc - ok
22:18:06.0060 6408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:18:06.0075 6408 swenum - ok
22:18:06.0122 6408 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:18:06.0169 6408 swprv - ok
22:18:06.0231 6408 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
22:18:06.0247 6408 SynTP - ok
22:18:06.0372 6408 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:18:06.0419 6408 SysMain - ok
22:18:06.0528 6408 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:18:06.0543 6408 TabletInputService - ok
22:18:06.0590 6408 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:18:06.0637 6408 TapiSrv - ok
22:18:06.0653 6408 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:18:06.0699 6408 TBS - ok
22:18:06.0840 6408 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:18:06.0887 6408 Tcpip - ok
22:18:07.0074 6408 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:18:07.0105 6408 TCPIP6 - ok
22:18:07.0167 6408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:18:07.0199 6408 tcpipreg - ok
22:18:07.0214 6408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:18:07.0245 6408 TDPIPE - ok
22:18:07.0277 6408 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:18:07.0292 6408 TDTCP - ok
22:18:07.0308 6408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:18:07.0355 6408 tdx - ok
22:18:07.0401 6408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:18:07.0401 6408 TermDD - ok
22:18:07.0464 6408 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:18:07.0511 6408 TermService - ok
22:18:07.0526 6408 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:18:07.0557 6408 Themes - ok
22:18:07.0589 6408 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:18:07.0620 6408 THREADORDER - ok
22:18:07.0635 6408 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:18:07.0682 6408 TrkWks - ok
22:18:07.0729 6408 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:18:07.0776 6408 TrustedInstaller - ok
22:18:07.0807 6408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:07.0838 6408 tssecsrv - ok
22:18:07.0885 6408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:18:07.0916 6408 TsUsbFlt - ok
22:18:07.0947 6408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:18:07.0979 6408 tunnel - ok
22:18:08.0010 6408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:18:08.0025 6408 uagp35 - ok
22:18:08.0057 6408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:18:08.0088 6408 udfs - ok
22:18:08.0103 6408 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:18:08.0119 6408 UI0Detect - ok
22:18:08.0166 6408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:18:08.0166 6408 uliagpkx - ok
22:18:08.0197 6408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:18:08.0213 6408 umbus - ok
22:18:08.0244 6408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:18:08.0244 6408 UmPass - ok
22:18:08.0291 6408 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:18:08.0337 6408 upnphost - ok
22:18:08.0369 6408 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:18:08.0384 6408 usbaudio - ok
22:18:08.0431 6408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:08.0462 6408 usbccgp - ok
22:18:08.0478 6408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:18:08.0509 6408 usbcir - ok
22:18:08.0540 6408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:18:08.0556 6408 usbehci - ok
22:18:08.0587 6408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:18:08.0603 6408 usbhub - ok
22:18:08.0603 6408 USBMULCD - ok
22:18:08.0634 6408 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
22:18:08.0649 6408 usbohci - ok
22:18:08.0665 6408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:18:08.0696 6408 usbprint - ok
22:18:08.0727 6408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:08.0743 6408 USBSTOR - ok
22:18:08.0759 6408 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
22:18:08.0759 6408 usbuhci - ok
22:18:08.0805 6408 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:18:08.0837 6408 usbvideo - ok
22:18:08.0868 6408 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:18:08.0899 6408 UxSms - ok
22:18:08.0930 6408 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:18:08.0930 6408 VaultSvc - ok
22:18:08.0961 6408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:18:08.0977 6408 vdrvroot - ok
22:18:09.0024 6408 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:18:09.0071 6408 vds - ok
22:18:09.0102 6408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:09.0102 6408 vga - ok
22:18:09.0117 6408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:18:09.0164 6408 VgaSave - ok
22:18:09.0195 6408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:18:09.0211 6408 vhdmp - ok
22:18:09.0211 6408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:18:09.0227 6408 viaide - ok
22:18:09.0242 6408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:18:09.0258 6408 volmgr - ok
22:18:09.0305 6408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:18:09.0320 6408 volmgrx - ok
22:18:09.0351 6408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:18:09.0367 6408 volsnap - ok
22:18:09.0398 6408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:18:09.0414 6408 vsmraid - ok
22:18:09.0570 6408 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:18:09.0648 6408 VSS - ok
22:18:09.0757 6408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:18:09.0773 6408 vwifibus - ok
22:18:09.0804 6408 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:18:09.0819 6408 vwififlt - ok
22:18:09.0835 6408 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:18:09.0851 6408 vwifimp - ok
22:18:09.0897 6408 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:18:09.0929 6408 W32Time - ok
22:18:09.0944 6408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:18:09.0975 6408 WacomPen - ok
22:18:10.0022 6408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:10.0053 6408 WANARP - ok
22:18:10.0053 6408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:10.0085 6408 Wanarpv6 - ok
22:18:10.0209 6408 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:18:10.0241 6408 wbengine - ok
22:18:10.0334 6408 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:18:10.0365 6408 WbioSrvc - ok
22:18:10.0412 6408 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:18:10.0428 6408 wcncsvc - ok
22:18:10.0443 6408 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:18:10.0459 6408 WcsPlugInService - ok
22:18:10.0490 6408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:18:10.0506 6408 Wd - ok
22:18:10.0553 6408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:18:10.0568 6408 Wdf01000 - ok
22:18:10.0584 6408 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:18:10.0615 6408 WdiServiceHost - ok
22:18:10.0615 6408 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:18:10.0646 6408 WdiSystemHost - ok
22:18:10.0677 6408 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:18:10.0709 6408 WebClient - ok
22:18:10.0740 6408 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:18:10.0787 6408 Wecsvc - ok
22:18:10.0802 6408 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:18:10.0849 6408 wercplsupport - ok
22:18:10.0865 6408 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:18:10.0911 6408 WerSvc - ok
22:18:10.0958 6408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:18:11.0005 6408 WfpLwf - ok
22:18:11.0005 6408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:18:11.0021 6408 WIMMount - ok
22:18:11.0052 6408 WinDefend - ok
22:18:11.0052 6408 WinHttpAutoProxySvc - ok
22:18:11.0114 6408 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:18:11.0145 6408 Winmgmt - ok
22:18:11.0286 6408 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:18:11.0348 6408 WinRM - ok
22:18:11.0473 6408 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
22:18:11.0504 6408 WinUSB - ok
22:18:11.0567 6408 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:18:11.0613 6408 Wlansvc - ok
22:18:11.0816 6408 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:18:11.0863 6408 wlidsvc - ok
22:18:11.0972 6408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:18:12.0003 6408 WmiAcpi - ok
22:18:12.0066 6408 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:18:12.0081 6408 wmiApSrv - ok
22:18:12.0113 6408 WMPNetworkSvc - ok
22:18:12.0144 6408 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:18:12.0159 6408 WPCSvc - ok
22:18:12.0191 6408 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:18:12.0206 6408 WPDBusEnum - ok
22:18:12.0222 6408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:18:12.0269 6408 ws2ifsl - ok
22:18:12.0284 6408 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:18:12.0315 6408 wscsvc - ok
22:18:12.0315 6408 WSearch - ok
22:18:12.0487 6408 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:18:12.0534 6408 wuauserv - ok
22:18:12.0659 6408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:18:12.0690 6408 WudfPf - ok
22:18:12.0737 6408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:12.0768 6408 WUDFRd - ok
22:18:12.0783 6408 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:18:12.0815 6408 wudfsvc - ok
22:18:12.0846 6408 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:18:12.0877 6408 WwanSvc - ok
22:18:12.0908 6408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:18:13.0158 6408 \Device\Harddisk0\DR0 - ok
22:18:13.0173 6408 Boot (0x1200) (8e3d36da1cece9788978bd8380bc1973) \Device\Harddisk0\DR0\Partition0
22:18:13.0173 6408 \Device\Harddisk0\DR0\Partition0 - ok
22:18:13.0173 6408 Boot (0x1200) (499bf6254707cf5f8e649b55a791539a) \Device\Harddisk0\DR0\Partition1
22:18:13.0173 6408 \Device\Harddisk0\DR0\Partition1 - ok
22:18:13.0189 6408 Boot (0x1200) (e954ca4551763eb4217e0035e965c982) \Device\Harddisk0\DR0\Partition2
22:18:13.0189 6408 \Device\Harddisk0\DR0\Partition2 - ok
22:18:13.0220 6408 Boot (0x1200) (d86061da34879dc49cab1a624321df24) \Device\Harddisk0\DR0\Partition3
22:18:13.0220 6408 \Device\Harddisk0\DR0\Partition3 - ok
22:18:13.0220 6408 ============================================================
22:18:13.0220 6408 Scan finished
22:18:13.0220 6408 ============================================================
22:18:13.0236 6900 Detected object count: 2
22:18:13.0236 6900 Actual detected object count: 2
22:18:55.0060 6900 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:55.0060 6900 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:55.0060 6900 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:55.0060 6900 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.08.2012, 12:52
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 17:48
| #20 |
| | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Hallo, nach den ersten 2 Combofix-Scans und Neustart ist Combofix abgestürzt (Das Programm wurde ständig geöffnet und geschlossen.) und hat keine logdatei erstellt. Nach erneutem Runterladen und Installieren hat es dann funktioniert. Hier das Logfile: Code:
ATTFilter ComboFix 12-08-05.02 - *** 06.08.2012 18:16:46.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4030.2831 [GMT 2:00]
ausgeführt von:: c:\users\HP\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
--------
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
--------
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-04 11:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6BB6D7E-3809-4A77-89B4-4EC32B7A242A}\mpengine.dll
2012-08-04 11:29 . 2012-08-04 11:29 -------- d-----w- C:\_OTL
2012-08-01 10:27 . 2012-08-01 10:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-01 10:27 . 2012-08-01 10:27 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-01 10:27 . 2012-08-01 10:27 -------- d-----w- c:\program files (x86)\Java
2012-07-29 12:08 . 2012-07-29 12:08 -------- d-----w- c:\users\HP\AppData\Local\Macromedia
2012-07-29 11:58 . 2012-07-29 11:58 -------- d-----w- c:\users\HP\AppData\Roaming\Nero
2012-07-29 11:52 . 2012-07-29 11:52 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-07-29 11:20 . 2012-07-14 00:15 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-29 10:56 . 2012-07-29 11:37 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-29 10:45 . 2012-07-29 10:44 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-29 10:45 . 2012-07-29 10:44 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-29 10:45 . 2012-07-29 10:44 268720 ----a-w- c:\windows\system32\javaws.exe
2012-07-29 10:44 . 2012-07-29 10:44 189360 ----a-w- c:\windows\system32\javaw.exe
2012-07-29 10:44 . 2012-07-29 10:44 188840 ----a-w- c:\windows\system32\java.exe
2012-07-29 10:44 . 2012-07-29 10:44 -------- d-----w- c:\program files\Java
2012-07-29 10:41 . 2012-07-14 00:12 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-29 10:41 . 2012-07-14 00:12 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-29 10:40 . 2012-08-06 06:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 10:40 . 2012-07-29 10:40 -------- d-----w- c:\windows\system32\Macromed
2012-07-29 10:27 . 2012-07-29 10:27 -------- d-----w- c:\program files (x86)\FileHippo.com
2012-07-29 10:15 . 2012-07-29 10:15 53248 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-29 10:15 . 2012-07-29 10:15 -------- d-----w- c:\users\HP\AppData\Local\Logishrd
2012-07-29 10:14 . 2012-07-29 10:14 -------- d-----w- c:\program files\Logitech
2012-07-29 10:12 . 2012-07-29 10:12 -------- d-----w- c:\programdata\LightScribe
2012-07-29 09:42 . 2012-07-29 09:43 -------- d-----w- c:\users\***.***
2012-07-28 23:27 . 2012-07-28 23:27 -------- d-----w- c:\users\HP\AppData\Local\Secunia PSI
2012-07-28 23:26 . 2012-07-28 23:26 -------- d-----w- c:\program files (x86)\Secunia
2012-07-28 22:16 . 2012-07-28 22:16 -------- d-----w- c:\program files (x86)\Microsoft
2012-07-28 22:14 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-28 22:14 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-28 21:31 . 2012-07-28 21:31 -------- d-----w- c:\users\Gast
2012-07-28 21:21 . 2012-07-28 21:21 -------- d-----w- c:\users\Admin
2012-07-27 09:45 . 2012-07-27 09:45 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2012-07-27 09:45 . 2012-07-27 09:45 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 09:45 . 2012-07-27 09:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-27 09:45 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-27 09:16 . 2012-07-27 09:16 -------- d-----w- c:\users\HP\.jordan
2012-07-27 07:12 . 2012-07-27 07:12 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-11 17:33 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:24 . 2012-06-02 12:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-11 17:23 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 17:23 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 06:56 . 2011-05-17 18:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 10:27 . 2012-01-03 17:59 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-29 10:15 . 2011-03-27 08:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-11 17:29 . 2011-02-26 15:29 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 21:31 . 2012-07-05 21:31 0 ---ha-w- c:\users\HP\AppData\Local\BIT6682.tmp
2012-07-03 16:21 . 2012-02-24 12:11 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-03-07 20:08 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-03-07 20:08 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-03-07 20:08 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-03-07 20:08 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-03-07 20:08 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-03-07 20:07 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-03-07 20:07 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-03-04 23:03 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-30 15:51 . 2012-06-30 15:51 0 ---ha-w- c:\users\HP\AppData\Local\BITE6F6.tmp
2012-06-30 15:50 . 2012-06-30 15:50 0 ---ha-w- c:\users\HP\AppData\Local\BIT7751.tmp
2012-06-20 07:42 . 2012-06-20 07:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-06-02 22:19 . 2012-06-26 15:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 15:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 15:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 15:35 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 15:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 15:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 15:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-26 15:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-26 15:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-02-26 14:38 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 250056]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-26 503352]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 12:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 06:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = about:blank
TCP: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
FF - ProfilePath - c:\users\***.***\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-RunOnce-OTL - c:\users\HP\Desktop\OTL.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1445491938-3163146774-1667579322-1000\Software\SecuROM\License information*]
"datasecu"=hex:99,28,70,ec,a0,84,53,05,6c,82,b2,28,d6,b7,fa,04,47,0d,c0,76,a8,
37,9a,8f,b0,53,03,a7,17,2d,4a,3f,b6,ff,bf,0a,5a,fd,73,26,19,d5,ad,04,a5,a1,\
"rkeysecu"=hex:f1,f6,0c,8c,35,6e,15,5d,39,3b,5e,af,04,dc,be,05
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-06 18:33:41
ComboFix-quarantined-files.txt 2012-08-06 16:33
.
Vor Suchlauf: 13 Verzeichnis(se), 17.438.453.760 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 17.128.062.976 Bytes frei
.
- - End Of File - - B15E2424B96241287639458CAF3A0ACF
|
|
07.08.2012, 11:47
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen |
|
07.08.2012, 17:30
| #22 |
| | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen So, hier die Logs: Osam: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:05:54 on 07.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "AxSWindCx64.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindCx64.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File not found) "USB Multi-Channel Audio Device Interface" (USBMULCD) - ? - C:\Windows\System32\drivers\CM10664.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL (Hidden registry entry, rootkit activity | File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "DigitalPersona, Inc." - C:\Windows\system32\DPPassFilter.dll "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***.***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files (x86)\Nero\Update\NASvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-07 17:52:02
Windows 6.1.7601 Service Pack 1
Running: ux94yrul.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395320f2f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395320f2f@0023d6b9d8d0 0x0D 0x11 0x1F 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x70 0x1C 0x73 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5D 0x02 0x1A 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395320f2f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395320f2f@0023d6b9d8d0 0x0D 0x11 0x1F 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x70 0x1C 0x73 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5D 0x02 0x1A 0xB9 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 18:17:27
-----------------------------
18:17:27.762 OS Version: Windows x64 6.1.7601 Service Pack 1
18:17:27.762 Number of processors: 8 586 0x1E05
18:17:27.762 ComputerName: *** UserName: ***
18:17:28.215 Initialize success
18:17:28.355 AVAST engine defs: 12080700
18:17:52.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:17:52.676 Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OC72E Size: 476940MB BusType: 11
18:17:52.723 Disk 0 MBR read successfully
18:17:52.723 Disk 0 MBR scan
18:17:52.723 Disk 0 Windows 7 default MBR code
18:17:52.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:17:52.738 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 50000 MB offset 206848
18:17:52.754 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 324562 MB offset 102606848
18:17:52.785 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 102277 MB offset 767309824
18:17:52.816 Disk 0 scanning C:\Windows\system32\drivers
18:17:58.791 Service scanning
18:18:13.892 Modules scanning
18:18:13.907 Disk 0 trace - called modules:
18:18:13.939 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:18:13.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d19790]
18:18:13.954 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004c28a10]
18:18:13.954 5 hpdskflt.sys[fffff88001997189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004af0680]
18:18:14.266 AVAST engine scan C:\Windows
18:18:15.826 AVAST engine scan C:\Windows\system32
18:19:43.732 AVAST engine scan C:\Windows\system32\drivers
18:19:50.518 AVAST engine scan C:\Users\***.***
18:19:56.587 AVAST engine scan C:\ProgramData
18:20:34.386 Scan finished successfully
18:20:48.410 Disk 0 MBR has been saved successfully to "C:\Users\***.***\Desktop\MBR.dat"
18:20:48.410 The log file has been saved successfully to "C:\Users\***.***\Desktop\aswMBR.txt"
18:21:19.616 Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\MBR.dat"
18:21:19.616 The log file has been saved successfully to "D:\Eigene Dateien\aswMBR.txt"
|
|
08.08.2012, 18:37
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.08.2012, 00:50
| #24 |
| | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Hier der Malwarebytes-Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.08.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [administrator] 08.08.2012 23:41:01 mbam-log-2012-08-08 (23-41-01).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 450619 Time elapsed: 35 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/09/2012 at 01:40 AM
Application Version : 5.5.1012
Core Rules Database Version : 9032
Trace Rules Database Version: 6844
Scan type : Complete Scan
Total Scan Time : 01:11:47
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 518
Memory threats detected : 0
Registry items scanned : 71423
Registry threats detected : 0
File items scanned : 168210
File threats detected : 0
|
|
10.08.2012, 09:34
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Keine Funde!  Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2012, 17:15
| #26 |
| | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Hallo Cosinus, sieht gut aus, der Laptop funktioniert im Moment einwandfrei!  Ich danke Dir vielmals für Deine Hilfe und Deine Mühe. |
|
13.08.2012, 14:39
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 21:39
| #28 |
| | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Guten Abend, habe die Tips abgearbeitet, alles auf dem neuesten Stand. Jetzt werde ich noch ein Image der Systempartition machen, damit ich Dich beim nächsten mal nicht so lange beschäftigen muss.  Viele Grüße. |
|
10.09.2012, 07:54
| #29 |
| | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen Hallo Cosinus, eine Frage habe ich noch: Muss ich über Defogger wieder irgendwas reenablen? Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:00 on 27/07/2012 (HP)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
|
|
10.09.2012, 16:22
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen defogger ist wenn überhaupt nur relevant wenn du sowas wie DaemonTools installiert hast
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen |
| 7-zip, administrator, anti-malware, antivirus, appdata, autostart, avast, avast free antivirus, avira, ctfmon.lnk, datei, dateien, explorer, folge, forum, free, gelöscht, infizierte, install.exe, langs, log-datei, malwarebytes, microsoft, nicht mehr, office 2007, plug-in, programme, pum.hijack.homepagecontrol, rechner, required, richtlinie, roaming, safer networking, scan, searchscopes, software, spybot, suche, usb 2.0 |
Linear-Darstellung
