| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Backdoor.bot auf Windows-7 Home Premium (x64)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.09.2012, 14:17
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Backdoor.bot auf Windows-7 Home Premium (x64) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.94.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\Shell - "" = AutoRun
O33 - MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1
:Files
C:\windows\SysWow64\1
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.09.2012, 16:16
| #17 |
 | Backdoor.bot auf Windows-7 Home Premium (x64) Hier das Log-file vom OTL-Fix:
__________________Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2371013698-2949519152-906224175-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2371013698-2949519152-906224175-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\ not found.
File H:\.\Autorun.exe AUTORUN=1 not found.
========== FILES ==========
C:\windows\SysWow64\1 moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ralf\Desktop\cmd.bat deleted successfully.
C:\Users\Ralf\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Ralf
->Temp folder emptied: 8120891 bytes
->Temporary Internet Files folder emptied: 14260602 bytes
->Java cache emptied: 9942517 bytes
->FireFox cache emptied: 79767128 bytes
->Google Chrome cache emptied: 411041776 bytes
->Flash cache emptied: 57124 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82515017 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 7294175 bytes
Total Files Cleaned = 585,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 09282012_170730
Files\Folders moved on Reboot...
File move failed. C:\Users\Ralf\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
28.09.2012, 18:39
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.bot auf Windows-7 Home Premium (x64) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
29.09.2012, 11:28
| #19 |
| | Backdoor.bot auf Windows-7 Home Premium (x64) Hallo Cosinus, der normale Windows-Modus geht noch nicht wieder. Ich bekomme die Fehlermeldung, dass ein Treiber von Malwarebytes nicht gefunden werden konnte. Ich habe probeweise Malwarebytes aus dem Autostart genommen, aber das hat auch nicht geholfen. Hilft der TDSS-Killer auch im abgesicherten Modus? Gruß IT-confused |
|
01.10.2012, 11:27
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.bot auf Windows-7 Home Premium (x64) Ja mach das dann im abgesicherten Modus mit Netzwerktreibern
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2012, 12:24
| #21 |
| | Backdoor.bot auf Windows-7 Home Premium (x64) Hier das Log-File: Code:
ATTFilter
13:16:20.0855 0376 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:16:21.0050 0376 ============================================================
13:16:21.0050 0376 Current date / time: 2012/10/01 13:16:21.0050
13:16:21.0050 0376 SystemInfo:
13:16:21.0050 0376
13:16:21.0050 0376 OS Version: 6.1.7601 ServicePack: 1.0
13:16:21.0050 0376 Product type: Workstation
13:16:21.0051 0376 ComputerName: RALF-PC
13:16:21.0051 0376 UserName: Ralf
13:16:21.0051 0376 Windows directory: C:\windows
13:16:21.0051 0376 System windows directory: C:\windows
13:16:21.0051 0376 Running under WOW64
13:16:21.0051 0376 Processor architecture: Intel x64
13:16:21.0051 0376 Number of processors: 4
13:16:21.0051 0376 Page size: 0x1000
13:16:21.0051 0376 Boot type: Safe boot with network
13:16:21.0051 0376 ============================================================
13:16:21.0913 0376 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:16:21.0916 0376 ============================================================
13:16:21.0916 0376 \Device\Harddisk0\DR0:
13:16:21.0916 0376 MBR partitions:
13:16:21.0916 0376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
13:16:21.0916 0376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
13:16:21.0950 0376 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
13:16:21.0950 0376 ============================================================
13:16:21.0982 0376 C: <-> \Device\Harddisk0\DR0\Partition2
13:16:22.0031 0376 D: <-> \Device\Harddisk0\DR0\Partition3
13:16:22.0031 0376 ============================================================
13:16:22.0031 0376 Initialize success
13:16:22.0031 0376 ============================================================
13:19:55.0704 2728 ============================================================
13:19:55.0704 2728 Scan started
13:19:55.0704 2728 Mode: Manual; SigCheck; TDLFS;
13:19:55.0704 2728 ============================================================
13:19:55.0876 2728 ================ Scan system memory ========================
13:19:55.0876 2728 System memory - ok
13:19:55.0876 2728 ================ Scan services =============================
13:19:56.0063 2728 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
13:19:56.0141 2728 1394ohci - ok
13:19:56.0188 2728 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
13:19:56.0203 2728 ACPI - ok
13:19:56.0250 2728 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
13:19:56.0297 2728 AcpiPmi - ok
13:19:56.0328 2728 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
13:19:56.0344 2728 ACPIVPC - ok
13:19:56.0437 2728 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:19:56.0437 2728 AdobeARMservice - ok
13:19:56.0531 2728 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:19:56.0546 2728 AdobeFlashPlayerUpdateSvc - ok
13:19:56.0578 2728 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
13:19:56.0593 2728 adp94xx - ok
13:19:56.0640 2728 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
13:19:56.0656 2728 adpahci - ok
13:19:56.0687 2728 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
13:19:56.0702 2728 adpu320 - ok
13:19:56.0718 2728 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:19:56.0843 2728 AeLookupSvc - ok
13:19:56.0905 2728 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
13:19:56.0952 2728 AFD - ok
13:19:56.0999 2728 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
13:19:56.0999 2728 agp440 - ok
13:19:57.0046 2728 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
13:19:57.0108 2728 ALG - ok
13:19:57.0139 2728 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
13:19:57.0155 2728 aliide - ok
13:19:57.0170 2728 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
13:19:57.0170 2728 amdide - ok
13:19:57.0186 2728 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
13:19:57.0217 2728 AmdK8 - ok
13:19:57.0233 2728 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
13:19:57.0248 2728 AmdPPM - ok
13:19:57.0264 2728 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
13:19:57.0264 2728 amdsata - ok
13:19:57.0311 2728 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
13:19:57.0311 2728 amdsbs - ok
13:19:57.0326 2728 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:19:57.0342 2728 amdxata - ok
13:19:57.0404 2728 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\windows\system32\inetsrv\apphostsvc.dll
13:19:57.0436 2728 AppHostSvc - ok
13:19:57.0467 2728 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
13:19:57.0701 2728 AppID - ok
13:19:57.0748 2728 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
13:19:57.0794 2728 AppIDSvc - ok
13:19:57.0826 2728 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
13:19:57.0872 2728 Appinfo - ok
13:19:57.0888 2728 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
13:19:57.0888 2728 arc - ok
13:19:57.0919 2728 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
13:19:57.0919 2728 arcsas - ok
13:19:57.0935 2728 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:19:57.0997 2728 AsyncMac - ok
13:19:58.0013 2728 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
13:19:58.0028 2728 atapi - ok
13:19:58.0091 2728 [ 782D36BAD8DDBF008D02E055DBE70F82 ] athr C:\windows\system32\DRIVERS\athrx.sys
13:19:58.0153 2728 athr - ok
13:19:58.0200 2728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:19:58.0262 2728 AudioEndpointBuilder - ok
13:19:58.0294 2728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
13:19:58.0325 2728 AudioSrv - ok
13:19:58.0356 2728 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
13:19:58.0403 2728 AxInstSV - ok
13:19:58.0465 2728 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
13:19:58.0481 2728 b06bdrv - ok
13:19:58.0512 2728 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
13:19:58.0543 2728 b57nd60a - ok
13:19:58.0590 2728 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
13:19:58.0606 2728 BDESVC - ok
13:19:58.0637 2728 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
13:19:58.0699 2728 Beep - ok
13:19:58.0746 2728 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
13:19:58.0793 2728 BFE - ok
13:19:58.0824 2728 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
13:19:58.0996 2728 BITS - ok
13:19:59.0027 2728 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:19:59.0042 2728 blbdrive - ok
13:19:59.0074 2728 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:19:59.0105 2728 bowser - ok
13:19:59.0167 2728 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
13:19:59.0167 2728 BPntDrv - ok
13:19:59.0198 2728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
13:19:59.0230 2728 BrFiltLo - ok
13:19:59.0245 2728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
13:19:59.0245 2728 BrFiltUp - ok
13:19:59.0276 2728 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
13:19:59.0292 2728 Browser - ok
13:19:59.0308 2728 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:19:59.0339 2728 Brserid - ok
13:19:59.0339 2728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:19:59.0354 2728 BrSerWdm - ok
13:19:59.0386 2728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:19:59.0417 2728 BrUsbMdm - ok
13:19:59.0417 2728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:19:59.0448 2728 BrUsbSer - ok
13:19:59.0479 2728 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
13:19:59.0510 2728 BthEnum - ok
13:19:59.0557 2728 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
13:19:59.0588 2728 BTHMODEM - ok
13:19:59.0604 2728 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
13:19:59.0635 2728 BthPan - ok
13:19:59.0666 2728 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
13:19:59.0698 2728 BTHPORT - ok
13:19:59.0729 2728 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
13:19:59.0744 2728 bthserv - ok
13:19:59.0760 2728 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
13:19:59.0791 2728 BTHUSB - ok
13:19:59.0838 2728 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
13:19:59.0854 2728 BTWAMPFL - ok
13:19:59.0869 2728 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
13:19:59.0869 2728 btwaudio - ok
13:19:59.0900 2728 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
13:19:59.0916 2728 btwavdt - ok
13:19:59.0978 2728 [ 3D5E7FB2CB69A6186C7954C0859173F4 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
13:19:59.0994 2728 btwdins - ok
13:20:00.0041 2728 [ 346B4051B3D7FF70E8F027869B8ECA6E ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
13:20:00.0041 2728 btwl2cap - ok
13:20:00.0056 2728 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
13:20:00.0072 2728 btwrchid - ok
13:20:00.0072 2728 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:20:00.0134 2728 cdfs - ok
13:20:00.0181 2728 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
13:20:00.0197 2728 cdrom - ok
13:20:00.0244 2728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
13:20:00.0306 2728 CertPropSvc - ok
13:20:00.0322 2728 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
13:20:00.0322 2728 circlass - ok
13:20:00.0368 2728 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
13:20:00.0384 2728 CLFS - ok
13:20:00.0446 2728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:20:00.0478 2728 clr_optimization_v2.0.50727_32 - ok
13:20:00.0493 2728 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:20:00.0509 2728 clr_optimization_v2.0.50727_64 - ok
13:20:00.0571 2728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:20:00.0634 2728 clr_optimization_v4.0.30319_32 - ok
13:20:00.0680 2728 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:20:00.0696 2728 clr_optimization_v4.0.30319_64 - ok
13:20:00.0743 2728 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
13:20:00.0743 2728 clwvd - ok
13:20:00.0758 2728 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:20:00.0790 2728 CmBatt - ok
13:20:00.0805 2728 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
13:20:00.0805 2728 cmdide - ok
13:20:00.0836 2728 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
13:20:00.0868 2728 CNG - ok
13:20:00.0899 2728 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
13:20:00.0914 2728 Compbatt - ok
13:20:00.0930 2728 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
13:20:00.0961 2728 CompositeBus - ok
13:20:00.0977 2728 COMSysApp - ok
13:20:01.0024 2728 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
13:20:01.0102 2728 cphs - ok
13:20:01.0117 2728 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
13:20:01.0133 2728 crcdisk - ok
13:20:01.0180 2728 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
13:20:01.0226 2728 CryptSvc - ok
13:20:01.0258 2728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
13:20:01.0320 2728 DcomLaunch - ok
13:20:01.0336 2728 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
13:20:01.0382 2728 defragsvc - ok
13:20:01.0414 2728 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:20:01.0445 2728 DfsC - ok
13:20:01.0492 2728 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
13:20:01.0554 2728 Dhcp - ok
13:20:01.0570 2728 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
13:20:01.0601 2728 discache - ok
13:20:01.0632 2728 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
13:20:01.0648 2728 Disk - ok
13:20:01.0663 2728 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:20:01.0694 2728 Dnscache - ok
13:20:01.0710 2728 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
13:20:01.0741 2728 dot3svc - ok
13:20:01.0788 2728 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
13:20:01.0819 2728 Dot4 - ok
13:20:01.0850 2728 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
13:20:01.0882 2728 Dot4Print - ok
13:20:01.0913 2728 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
13:20:01.0928 2728 dot4usb - ok
13:20:01.0944 2728 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
13:20:01.0991 2728 DPS - ok
13:20:02.0022 2728 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:20:02.0038 2728 drmkaud - ok
13:20:02.0069 2728 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:20:02.0100 2728 DXGKrnl - ok
13:20:02.0116 2728 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\windows\system32\DRIVERS\eamonm.sys
13:20:02.0131 2728 eamonm - ok
13:20:02.0162 2728 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
13:20:02.0209 2728 EapHost - ok
13:20:02.0287 2728 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
13:20:02.0381 2728 ebdrv - ok
13:20:02.0412 2728 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
13:20:02.0443 2728 EFS - ok
13:20:02.0521 2728 [ 2C1A297638E4319179A1112D4D6522B8 ] EgisTec Service C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
13:20:02.0537 2728 EgisTec Service - ok
13:20:02.0599 2728 [ 0AC3BAA7DF250C76DD9BCFC51565CB5F ] EgisTec Service Help C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
13:20:02.0599 2728 EgisTec Service Help - ok
13:20:02.0646 2728 [ 7745AAFFB61438C28C75E18CE98D4E64 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
13:20:02.0662 2728 EgisTec Ticket Service - ok
13:20:02.0693 2728 [ 33708C6D915F8DE734CF3ABB0731515B ] EgisTecFF C:\windows\system32\DRIVERS\EgisTecFF.sys
13:20:02.0708 2728 EgisTecFF - ok
13:20:02.0740 2728 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\windows\system32\DRIVERS\ehdrv.sys
13:20:02.0740 2728 ehdrv - ok
13:20:02.0802 2728 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
13:20:02.0833 2728 ehRecvr - ok
13:20:02.0864 2728 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
13:20:02.0864 2728 ehSched - ok
13:20:02.0942 2728 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
13:20:02.0958 2728 ekrn - ok
13:20:03.0005 2728 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
13:20:03.0020 2728 elxstor - ok
13:20:03.0052 2728 [ 2380976CF8A4A56611F35633ACD2A74F ] epfwwfpr C:\windows\system32\DRIVERS\epfwwfpr.sys
13:20:03.0067 2728 epfwwfpr - ok
13:20:03.0067 2728 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
13:20:03.0098 2728 ErrDev - ok
13:20:03.0130 2728 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
13:20:03.0192 2728 EventSystem - ok
13:20:03.0223 2728 [ 4A158424FE9E32365D67989304733241 ] ewsercd C:\windows\system32\DRIVERS\ewsercd.sys
13:20:03.0239 2728 ewsercd - ok
13:20:03.0270 2728 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
13:20:03.0301 2728 exfat - ok
13:20:03.0332 2728 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
13:20:03.0364 2728 fastfat - ok
13:20:03.0410 2728 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
13:20:03.0442 2728 Fax - ok
13:20:03.0473 2728 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
13:20:03.0473 2728 fbfmon - ok
13:20:03.0504 2728 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
13:20:03.0520 2728 fdc - ok
13:20:03.0566 2728 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
13:20:03.0613 2728 fdPHost - ok
13:20:03.0644 2728 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
13:20:03.0676 2728 FDResPub - ok
13:20:03.0691 2728 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:20:03.0707 2728 FileInfo - ok
13:20:03.0722 2728 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:20:03.0769 2728 Filetrace - ok
13:20:03.0800 2728 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
13:20:03.0816 2728 flpydisk - ok
13:20:03.0847 2728 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:20:03.0863 2728 FltMgr - ok
13:20:03.0894 2728 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
13:20:03.0941 2728 FontCache - ok
13:20:03.0972 2728 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:20:03.0972 2728 FontCache3.0.0.0 - ok
13:20:04.0003 2728 [ 1899D0FB4C5AD0D6D0BFA258C54903F7 ] FPSensor C:\windows\system32\Drivers\FPSensor.sys
13:20:04.0019 2728 FPSensor - ok
13:20:04.0050 2728 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:20:04.0050 2728 FsDepends - ok
13:20:04.0066 2728 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:20:04.0081 2728 Fs_Rec - ok
13:20:04.0112 2728 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:20:04.0128 2728 fvevol - ok
13:20:04.0159 2728 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
13:20:04.0159 2728 gagp30kx - ok
13:20:04.0206 2728 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
13:20:04.0237 2728 gpsvc - ok
13:20:04.0300 2728 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:20:04.0300 2728 gupdate - ok
13:20:04.0315 2728 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:20:04.0315 2728 gupdatem - ok
13:20:04.0331 2728 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:20:04.0346 2728 hcw85cir - ok
13:20:04.0393 2728 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:20:04.0424 2728 HdAudAddService - ok
13:20:04.0456 2728 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
13:20:04.0471 2728 HDAudBus - ok
13:20:04.0487 2728 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
13:20:04.0502 2728 HidBatt - ok
13:20:04.0549 2728 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
13:20:04.0580 2728 HidBth - ok
13:20:04.0596 2728 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
13:20:04.0596 2728 HidIr - ok
13:20:04.0627 2728 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
13:20:04.0658 2728 hidserv - ok
13:20:04.0705 2728 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
13:20:04.0721 2728 HidUsb - ok
13:20:04.0736 2728 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
13:20:04.0783 2728 hkmsvc - ok
13:20:04.0814 2728 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:20:04.0830 2728 HomeGroupListener - ok
13:20:04.0846 2728 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:20:04.0877 2728 HomeGroupProvider - ok
13:20:04.0955 2728 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:20:04.0970 2728 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:20:04.0970 2728 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:20:05.0017 2728 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:20:05.0033 2728 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:20:05.0033 2728 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:20:05.0048 2728 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:20:05.0064 2728 HpSAMD - ok
13:20:05.0126 2728 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:20:05.0220 2728 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:20:05.0220 2728 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:20:05.0251 2728 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys
13:20:05.0282 2728 HTCAND64 - ok
13:20:05.0329 2728 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\windows\system32\DRIVERS\htcnprot.sys
13:20:05.0329 2728 htcnprot - ok
13:20:05.0376 2728 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
13:20:05.0423 2728 HTTP - ok
13:20:05.0454 2728 [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
13:20:05.0485 2728 hwdatacard - ok
13:20:05.0485 2728 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:20:05.0501 2728 hwpolicy - ok
13:20:05.0548 2728 [ 1F24CF1F7DB6D4461AC65A86DB8E4BC2 ] hwusbfake C:\windows\system32\DRIVERS\ewusbfake.sys
13:20:05.0563 2728 hwusbfake - ok
13:20:05.0626 2728 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
13:20:05.0626 2728 i8042prt - ok
13:20:05.0657 2728 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
13:20:05.0672 2728 iaStor - ok
13:20:05.0719 2728 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:20:05.0735 2728 iaStorV - ok
13:20:05.0813 2728 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:20:05.0828 2728 idsvc - ok
13:20:06.0109 2728 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
13:20:06.0499 2728 igfx - ok
13:20:06.0530 2728 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
13:20:06.0546 2728 iirsp - ok
13:20:06.0577 2728 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
13:20:06.0624 2728 IKEEXT - ok
13:20:06.0718 2728 [ 03076F51AF9F78A272CCCDE03E9340CE ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
13:20:06.0764 2728 IntcAzAudAddService - ok
13:20:06.0811 2728 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
13:20:06.0842 2728 IntcDAud - ok
13:20:06.0842 2728 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
13:20:06.0858 2728 intelide - ok
13:20:06.0874 2728 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:20:06.0889 2728 intelppm - ok
13:20:06.0920 2728 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:20:06.0967 2728 IPBusEnum - ok
13:20:06.0998 2728 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:20:07.0014 2728 IpFilterDriver - ok
13:20:07.0045 2728 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:20:07.0092 2728 iphlpsvc - ok
13:20:07.0108 2728 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
13:20:07.0123 2728 IPMIDRV - ok
13:20:07.0154 2728 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:20:07.0186 2728 IPNAT - ok
13:20:07.0217 2728 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
13:20:07.0248 2728 IRENUM - ok
13:20:07.0264 2728 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
13:20:07.0279 2728 isapnp - ok
13:20:07.0279 2728 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
13:20:07.0295 2728 iScsiPrt - ok
13:20:07.0326 2728 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
13:20:07.0326 2728 kbdclass - ok
13:20:07.0357 2728 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
13:20:07.0373 2728 kbdhid - ok
13:20:07.0388 2728 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
13:20:07.0404 2728 KeyIso - ok
13:20:07.0420 2728 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:20:07.0435 2728 KSecDD - ok
13:20:07.0451 2728 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:20:07.0466 2728 KSecPkg - ok
13:20:07.0482 2728 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
13:20:07.0529 2728 ksthunk - ok
13:20:07.0560 2728 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
13:20:07.0607 2728 KtmRm - ok
13:20:07.0669 2728 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
13:20:07.0716 2728 LanmanServer - ok
13:20:07.0747 2728 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:20:07.0778 2728 LanmanWorkstation - ok
13:20:07.0794 2728 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
13:20:07.0810 2728 LHDmgr - ok
13:20:07.0841 2728 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:20:07.0888 2728 lltdio - ok
13:20:07.0903 2728 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
13:20:07.0950 2728 lltdsvc - ok
13:20:07.0981 2728 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
13:20:08.0028 2728 lmhosts - ok
13:20:08.0090 2728 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:20:08.0106 2728 LMS - ok
13:20:08.0122 2728 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
13:20:08.0137 2728 LSI_FC - ok
13:20:08.0153 2728 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
13:20:08.0153 2728 LSI_SAS - ok
13:20:08.0168 2728 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
13:20:08.0168 2728 LSI_SAS2 - ok
13:20:08.0184 2728 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
13:20:08.0200 2728 LSI_SCSI - ok
13:20:08.0231 2728 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
13:20:08.0278 2728 luafv - ok
13:20:08.0324 2728 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
13:20:08.0340 2728 MBAMProtector - ok
13:20:08.0402 2728 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:20:08.0418 2728 MBAMScheduler - ok
13:20:08.0449 2728 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:20:08.0465 2728 MBAMService - ok
13:20:08.0496 2728 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
13:20:08.0527 2728 Mcx2Svc - ok
13:20:08.0543 2728 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
13:20:08.0558 2728 megasas - ok
13:20:08.0574 2728 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
13:20:08.0590 2728 MegaSR - ok
13:20:08.0621 2728 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
13:20:08.0636 2728 MEIx64 - ok
13:20:08.0668 2728 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
13:20:08.0683 2728 MMCSS - ok
13:20:08.0714 2728 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
13:20:08.0746 2728 Modem - ok
13:20:08.0777 2728 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:20:08.0808 2728 monitor - ok
13:20:08.0824 2728 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:20:08.0824 2728 mouclass - ok
13:20:08.0839 2728 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:20:08.0855 2728 mouhid - ok
13:20:08.0870 2728 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:20:08.0886 2728 mountmgr - ok
13:20:08.0933 2728 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:20:08.0948 2728 MozillaMaintenance - ok
13:20:08.0964 2728 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
13:20:08.0980 2728 mpio - ok
13:20:08.0995 2728 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:20:09.0026 2728 mpsdrv - ok
13:20:09.0058 2728 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
13:20:09.0089 2728 MpsSvc - ok
13:20:09.0104 2728 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:20:09.0136 2728 MRxDAV - ok
13:20:09.0167 2728 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:20:09.0198 2728 mrxsmb - ok
13:20:09.0229 2728 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:20:09.0260 2728 mrxsmb10 - ok
13:20:09.0276 2728 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:20:09.0292 2728 mrxsmb20 - ok
13:20:09.0307 2728 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
13:20:09.0323 2728 msahci - ok
13:20:09.0338 2728 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
13:20:09.0354 2728 msdsm - ok
13:20:09.0385 2728 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
13:20:09.0401 2728 MSDTC - ok
13:20:09.0448 2728 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
13:20:09.0479 2728 Msfs - ok
13:20:09.0494 2728 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:20:09.0541 2728 mshidkmdf - ok
13:20:09.0557 2728 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:20:09.0557 2728 msisadrv - ok
13:20:09.0604 2728 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:20:09.0635 2728 MSiSCSI - ok
13:20:09.0635 2728 msiserver - ok
13:20:09.0682 2728 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:20:09.0713 2728 MSKSSRV - ok
13:20:09.0728 2728 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:20:09.0775 2728 MSPCLOCK - ok
13:20:09.0806 2728 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:20:09.0838 2728 MSPQM - ok
13:20:09.0853 2728 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:20:09.0869 2728 MsRPC - ok
13:20:09.0900 2728 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
13:20:09.0900 2728 mssmbios - ok
13:20:09.0931 2728 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:20:09.0978 2728 MSTEE - ok
13:20:09.0994 2728 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
13:20:09.0994 2728 MTConfig - ok
13:20:10.0025 2728 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
13:20:10.0040 2728 Mup - ok
13:20:10.0056 2728 [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter C:\windows\system32\DRIVERS\mwlPSDFilter.sys
13:20:10.0056 2728 mwlPSDFilter - ok
13:20:10.0072 2728 [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ C:\windows\system32\DRIVERS\mwlPSDNServ.sys
13:20:10.0087 2728 mwlPSDNServ - ok
13:20:10.0087 2728 [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
13:20:10.0103 2728 mwlPSDVDisk - ok
13:20:10.0134 2728 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
13:20:10.0181 2728 napagent - ok
13:20:10.0228 2728 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:20:10.0259 2728 NativeWifiP - ok
13:20:10.0306 2728 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
13:20:10.0321 2728 NDIS - ok
13:20:10.0368 2728 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:20:10.0399 2728 NdisCap - ok
13:20:10.0415 2728 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:20:10.0446 2728 NdisTapi - ok
13:20:10.0477 2728 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:20:10.0508 2728 Ndisuio - ok
13:20:10.0524 2728 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:20:10.0555 2728 NdisWan - ok
13:20:10.0586 2728 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:20:10.0618 2728 NDProxy - ok
13:20:10.0649 2728 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:20:10.0680 2728 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:20:10.0680 2728 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:20:10.0696 2728 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:20:10.0727 2728 NetBIOS - ok
13:20:10.0758 2728 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:20:10.0789 2728 NetBT - ok
13:20:10.0805 2728 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
13:20:10.0805 2728 Netlogon - ok
13:20:10.0836 2728 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
13:20:10.0883 2728 Netman - ok
13:20:10.0914 2728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
13:20:10.0976 2728 netprofm - ok
13:20:10.0992 2728 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:11.0008 2728 NetTcpPortSharing - ok
13:20:11.0039 2728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
13:20:11.0039 2728 nfrd960 - ok
13:20:11.0070 2728 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
13:20:11.0117 2728 NlaSvc - ok
13:20:11.0148 2728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
13:20:11.0179 2728 Npfs - ok
13:20:11.0210 2728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
13:20:11.0242 2728 nsi - ok
13:20:11.0273 2728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:20:11.0304 2728 nsiproxy - ok
13:20:11.0351 2728 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:20:11.0398 2728 Ntfs - ok
13:20:11.0413 2728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
13:20:11.0444 2728 Null - ok
13:20:11.0476 2728 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
13:20:11.0491 2728 nvraid - ok
13:20:11.0507 2728 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
13:20:11.0522 2728 nvstor - ok
13:20:11.0522 2728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:20:11.0538 2728 nv_agp - ok
13:20:11.0538 2728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
13:20:11.0569 2728 ohci1394 - ok
13:20:11.0616 2728 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:11.0632 2728 ose - ok
13:20:11.0756 2728 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:20:11.0928 2728 osppsvc - ok
13:20:11.0944 2728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:20:11.0975 2728 p2pimsvc - ok
13:20:11.0990 2728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
13:20:12.0006 2728 p2psvc - ok
13:20:12.0037 2728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
13:20:12.0037 2728 Parport - ok
13:20:12.0068 2728 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
13:20:12.0068 2728 partmgr - ok
13:20:12.0146 2728 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:20:12.0162 2728 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
13:20:12.0162 2728 PassThru Service - detected UnsignedFile.Multi.Generic (1)
13:20:12.0178 2728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
13:20:12.0209 2728 PcaSvc - ok
13:20:12.0240 2728 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
13:20:12.0256 2728 pci - ok
13:20:12.0271 2728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
13:20:12.0287 2728 pciide - ok
13:20:12.0287 2728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
13:20:12.0302 2728 pcmcia - ok
13:20:12.0302 2728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
13:20:12.0318 2728 pcw - ok
13:20:12.0349 2728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:20:12.0396 2728 PEAUTH - ok
13:20:12.0458 2728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
13:20:12.0505 2728 PerfHost - ok
13:20:12.0552 2728 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
13:20:12.0614 2728 pla - ok
13:20:12.0646 2728 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:20:12.0677 2728 PlugPlay - ok
13:20:12.0708 2728 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:20:12.0724 2728 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:20:12.0724 2728 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:20:12.0755 2728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:20:12.0770 2728 PNRPAutoReg - ok
13:20:12.0802 2728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:20:12.0802 2728 PNRPsvc - ok
13:20:12.0833 2728 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:20:12.0880 2728 PolicyAgent - ok
13:20:12.0911 2728 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
13:20:12.0958 2728 Power - ok
13:20:12.0989 2728 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:20:13.0020 2728 PptpMiniport - ok
13:20:13.0036 2728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
13:20:13.0067 2728 Processor - ok
13:20:13.0098 2728 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
13:20:13.0129 2728 ProfSvc - ok
13:20:13.0145 2728 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
13:20:13.0160 2728 ProtectedStorage - ok
13:20:13.0176 2728 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:20:13.0223 2728 Psched - ok
13:20:13.0270 2728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
13:20:13.0316 2728 ql2300 - ok
13:20:13.0316 2728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
13:20:13.0316 2728 ql40xx - ok
13:20:13.0348 2728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
13:20:13.0379 2728 QWAVE - ok
13:20:13.0410 2728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:20:13.0441 2728 QWAVEdrv - ok
13:20:13.0457 2728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:20:13.0488 2728 RasAcd - ok
13:20:13.0519 2728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:20:13.0550 2728 RasAgileVpn - ok
13:20:13.0582 2728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
13:20:13.0628 2728 RasAuto - ok
13:20:13.0660 2728 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:20:13.0691 2728 Rasl2tp - ok
13:20:13.0722 2728 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
13:20:13.0769 2728 RasMan - ok
13:20:13.0784 2728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:20:13.0831 2728 RasPppoe - ok
13:20:13.0847 2728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:20:13.0894 2728 RasSstp - ok
13:20:13.0909 2728 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:20:13.0956 2728 rdbss - ok
13:20:13.0972 2728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
13:20:13.0987 2728 rdpbus - ok
13:20:14.0003 2728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:20:14.0034 2728 RDPCDD - ok
13:20:14.0050 2728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:20:14.0096 2728 RDPENCDD - ok
13:20:14.0128 2728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:20:14.0159 2728 RDPREFMP - ok
13:20:14.0174 2728 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:20:14.0206 2728 RDPWD - ok
13:20:14.0237 2728 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:20:14.0252 2728 rdyboost - ok
13:20:14.0299 2728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
13:20:14.0346 2728 RemoteAccess - ok
13:20:14.0362 2728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:20:14.0408 2728 RemoteRegistry - ok
13:20:14.0440 2728 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
13:20:14.0471 2728 RFCOMM - ok
13:20:14.0486 2728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:20:14.0533 2728 RpcEptMapper - ok
13:20:14.0564 2728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
13:20:14.0564 2728 RpcLocator - ok
13:20:14.0580 2728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
13:20:14.0627 2728 RpcSs - ok
13:20:14.0642 2728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:20:14.0674 2728 rspndr - ok
13:20:14.0705 2728 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
13:20:14.0720 2728 RSUSBVSTOR - ok
13:20:14.0767 2728 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
13:20:14.0783 2728 RTL8167 - ok
13:20:14.0876 2728 [ 8E5297D5747A90636D5EFAEC8E466623 ] S6000KNT C:\windows\system32\Drivers\S6000KNT.sys
13:20:14.0986 2728 S6000KNT - ok
13:20:15.0001 2728 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
13:20:15.0001 2728 SamSs - ok
13:20:15.0017 2728 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:20:15.0032 2728 sbp2port - ok
13:20:15.0064 2728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
13:20:15.0110 2728 SCardSvr - ok
13:20:15.0126 2728 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:20:15.0173 2728 scfilter - ok
13:20:15.0220 2728 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
13:20:15.0266 2728 Schedule - ok
13:20:15.0298 2728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
13:20:15.0329 2728 SCPolicySvc - ok
13:20:15.0360 2728 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:20:15.0376 2728 SDRSVC - ok
13:20:15.0422 2728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:20:15.0454 2728 secdrv - ok
13:20:15.0485 2728 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
13:20:15.0516 2728 seclogon - ok
13:20:15.0547 2728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
13:20:15.0594 2728 SENS - ok
13:20:15.0594 2728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
13:20:15.0610 2728 SensrSvc - ok
13:20:15.0641 2728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
13:20:15.0656 2728 Serenum - ok
13:20:15.0688 2728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
13:20:15.0719 2728 Serial - ok
13:20:15.0719 2728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
13:20:15.0734 2728 sermouse - ok
13:20:15.0766 2728 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
13:20:15.0812 2728 SessionEnv - ok
13:20:15.0828 2728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
13:20:15.0844 2728 sffdisk - ok
13:20:15.0859 2728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
13:20:15.0875 2728 sffp_mmc - ok
13:20:15.0875 2728 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
13:20:15.0906 2728 sffp_sd - ok
13:20:15.0906 2728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
13:20:15.0922 2728 sfloppy - ok
13:20:15.0953 2728 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
13:20:16.0000 2728 SharedAccess - ok
13:20:16.0015 2728 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:20:16.0062 2728 ShellHWDetection - ok
13:20:16.0124 2728 [ 83CBB0D52BCE7A2E9A1D8666ED31F540 ] SinforSP C:\Program Files (x86)\Sinfor\SSL\Promote\SinforPromoteService.exe
13:20:16.0124 2728 SinforSP - ok
13:20:16.0156 2728 [ 75D7225AE8FC98E1EBCE753A7DEC9CBF ] SinforVnic C:\windows\system32\DRIVERS\SinforVnic.sys
13:20:16.0156 2728 SinforVnic - ok
13:20:16.0187 2728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
13:20:16.0187 2728 SiSRaid2 - ok
13:20:16.0187 2728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
13:20:16.0202 2728 SiSRaid4 - ok
13:20:16.0343 2728 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:20:16.0468 2728 Skype C2C Service - ok
13:20:16.0499 2728 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:20:16.0514 2728 SkypeUpdate - ok
13:20:16.0546 2728 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
13:20:16.0592 2728 Smb - ok
13:20:16.0608 2728 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:20:16.0639 2728 SNMPTRAP - ok
13:20:16.0702 2728 [ 26285A248DE28435ACDC89E6A7AE0070 ] Solarlogger c:\SolarView\Datenlogger.exe
13:20:16.0717 2728 Solarlogger ( UnsignedFile.Multi.Generic ) - warning
13:20:16.0717 2728 Solarlogger - detected UnsignedFile.Multi.Generic (1)
13:20:16.0717 2728 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
13:20:16.0733 2728 spldr - ok
13:20:16.0764 2728 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
13:20:16.0780 2728 Spooler - ok
13:20:16.0858 2728 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
13:20:16.0982 2728 sppsvc - ok
13:20:16.0998 2728 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
13:20:17.0029 2728 sppuinotify - ok
13:20:17.0060 2728 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
13:20:17.0092 2728 srv - ok
13:20:17.0107 2728 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:20:17.0138 2728 srv2 - ok
13:20:17.0170 2728 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:20:17.0170 2728 srvnet - ok
13:20:17.0201 2728 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:20:17.0232 2728 SSDPSRV - ok
13:20:17.0248 2728 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
13:20:17.0279 2728 SstpSvc - ok
13:20:17.0310 2728 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
13:20:17.0310 2728 stexstor - ok
13:20:17.0341 2728 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
13:20:17.0372 2728 stisvc - ok
13:20:17.0404 2728 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
13:20:17.0419 2728 swenum - ok
13:20:17.0435 2728 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
13:20:17.0482 2728 swprv - ok
13:20:17.0560 2728 [ 08425CD92972C6430F350A9697F4A553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
13:20:17.0575 2728 SynTP - ok
13:20:17.0622 2728 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
13:20:17.0669 2728 SysMain - ok
13:20:17.0684 2728 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
13:20:17.0700 2728 TabletInputService - ok
13:20:17.0731 2728 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
13:20:17.0762 2728 TapiSrv - ok
13:20:17.0762 2728 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
13:20:17.0794 2728 TBS - ok
13:20:17.0872 2728 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:20:17.0903 2728 Tcpip - ok
13:20:17.0950 2728 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:20:17.0981 2728 TCPIP6 - ok
13:20:18.0028 2728 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:20:18.0074 2728 tcpipreg - ok
13:20:18.0090 2728 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:20:18.0106 2728 TDPIPE - ok
13:20:18.0121 2728 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:20:18.0137 2728 TDTCP - ok
13:20:18.0152 2728 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:20:18.0184 2728 tdx - ok
13:20:18.0199 2728 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
13:20:18.0215 2728 TermDD - ok
13:20:18.0262 2728 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
13:20:18.0308 2728 TermService - ok
13:20:18.0340 2728 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
13:20:18.0340 2728 Themes - ok
13:20:18.0355 2728 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
13:20:18.0386 2728 THREADORDER - ok
13:20:18.0402 2728 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
13:20:18.0449 2728 TrkWks - ok
13:20:18.0496 2728 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:20:18.0542 2728 TrustedInstaller - ok
13:20:18.0574 2728 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:20:18.0620 2728 tssecsrv - ok
13:20:18.0652 2728 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:20:18.0667 2728 TsUsbFlt - ok
13:20:18.0667 2728 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
13:20:18.0667 2728 TsUsbGD - ok
13:20:18.0698 2728 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:20:18.0745 2728 tunnel - ok
13:20:18.0761 2728 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
13:20:18.0776 2728 uagp35 - ok
13:20:18.0792 2728 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:20:18.0839 2728 udfs - ok
13:20:18.0854 2728 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
13:20:18.0886 2728 UI0Detect - ok
13:20:18.0901 2728 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:20:18.0901 2728 uliagpkx - ok
13:20:18.0932 2728 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
13:20:18.0964 2728 umbus - ok
13:20:18.0979 2728 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
13:20:18.0995 2728 UmPass - ok
13:20:19.0073 2728 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:20:19.0166 2728 UNS - ok
13:20:19.0198 2728 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
13:20:19.0244 2728 upnphost - ok
13:20:19.0276 2728 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:20:19.0291 2728 usbccgp - ok
13:20:19.0322 2728 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
13:20:19.0322 2728 usbcir - ok
13:20:19.0354 2728 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
13:20:19.0369 2728 usbehci - ok
13:20:19.0400 2728 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:20:19.0432 2728 usbhub - ok
13:20:19.0447 2728 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
13:20:19.0463 2728 usbohci - ok
13:20:19.0494 2728 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:20:19.0510 2728 usbprint - ok
13:20:19.0572 2728 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
13:20:19.0572 2728 usbscan - ok
13:20:19.0603 2728 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:20:19.0634 2728 USBSTOR - ok
13:20:19.0650 2728 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
13:20:19.0666 2728 usbuhci - ok
13:20:19.0697 2728 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
13:20:19.0712 2728 usbvideo - ok
13:20:19.0775 2728 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
13:20:19.0790 2728 usb_rndisx - ok
13:20:19.0822 2728 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
13:20:19.0853 2728 UxSms - ok
13:20:19.0868 2728 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
13:20:19.0868 2728 VaultSvc - ok
13:20:19.0884 2728 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:20:19.0900 2728 vdrvroot - ok
13:20:19.0931 2728 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
13:20:19.0978 2728 vds - ok
13:20:19.0993 2728 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:20:20.0009 2728 vga - ok
13:20:20.0009 2728 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
13:20:20.0056 2728 VgaSave - ok
13:20:20.0071 2728 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
13:20:20.0087 2728 vhdmp - ok
13:20:20.0087 2728 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
13:20:20.0102 2728 viaide - ok
13:20:20.0118 2728 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:20:20.0118 2728 volmgr - ok
13:20:20.0149 2728 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:20:20.0165 2728 volmgrx - ok
13:20:20.0180 2728 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
13:20:20.0180 2728 volsnap - ok
13:20:20.0227 2728 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
13:20:20.0243 2728 vsmraid - ok
13:20:20.0290 2728 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
13:20:20.0352 2728 VSS - ok
13:20:20.0368 2728 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:20:20.0383 2728 vwifibus - ok
13:20:20.0399 2728 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:20:20.0430 2728 vwififlt - ok
13:20:20.0461 2728 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:20:20.0492 2728 vwifimp - ok
13:20:20.0524 2728 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
13:20:20.0555 2728 W32Time - ok
13:20:20.0617 2728 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\windows\system32\inetsrv\iisw3adm.dll
13:20:20.0633 2728 W3SVC - ok
13:20:20.0633 2728 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
13:20:20.0664 2728 WacomPen - ok
13:20:20.0711 2728 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:20:20.0742 2728 WANARP - ok
13:20:20.0742 2728 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:20:20.0773 2728 Wanarpv6 - ok
13:20:20.0804 2728 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
13:20:20.0820 2728 WAS - ok
13:20:20.0867 2728 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
13:20:20.0914 2728 wbengine - ok
13:20:20.0929 2728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:20:20.0945 2728 WbioSrvc - ok
13:20:20.0960 2728 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
13:20:20.0992 2728 wcncsvc - ok
13:20:21.0007 2728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:20:21.0038 2728 WcsPlugInService - ok
13:20:21.0070 2728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
13:20:21.0070 2728 Wd - ok
13:20:21.0101 2728 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:20:21.0116 2728 Wdf01000 - ok
13:20:21.0148 2728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
13:20:21.0179 2728 WdiServiceHost - ok
13:20:21.0179 2728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
13:20:21.0194 2728 WdiSystemHost - ok
13:20:21.0210 2728 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
13:20:21.0241 2728 WebClient - ok
13:20:21.0272 2728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
13:20:21.0319 2728 Wecsvc - ok
13:20:21.0335 2728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
13:20:21.0382 2728 wercplsupport - ok
13:20:21.0413 2728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
13:20:21.0444 2728 WerSvc - ok
13:20:21.0475 2728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:20:21.0506 2728 WfpLwf - ok
13:20:21.0553 2728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:20:21.0553 2728 WIMMount - ok
13:20:21.0584 2728 WinDefend - ok
13:20:21.0584 2728 WinHttpAutoProxySvc - ok
13:20:21.0647 2728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:20:21.0678 2728 Winmgmt - ok
13:20:21.0725 2728 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
13:20:21.0787 2728 WinRM - ok
13:20:21.0818 2728 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
13:20:21.0834 2728 WinUsb - ok
13:20:21.0865 2728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
13:20:21.0912 2728 Wlansvc - ok
13:20:21.0928 2728 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:20:21.0943 2728 wlcrasvc - ok
13:20:22.0052 2728 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:20:22.0099 2728 wlidsvc - ok
13:20:22.0115 2728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
13:20:22.0130 2728 WmiAcpi - ok
13:20:22.0162 2728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:20:22.0193 2728 wmiApSrv - ok
13:20:22.0224 2728 WMPNetworkSvc - ok
13:20:22.0240 2728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
13:20:22.0255 2728 WPCSvc - ok
13:20:22.0271 2728 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:20:22.0286 2728 WPDBusEnum - ok
13:20:22.0318 2728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:20:22.0349 2728 ws2ifsl - ok
13:20:22.0380 2728 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
13:20:22.0411 2728 wscsvc - ok
13:20:22.0427 2728 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
13:20:22.0442 2728 WSDPrintDevice - ok
13:20:22.0442 2728 WSearch - ok
13:20:22.0474 2728 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
13:20:22.0489 2728 wsvd - ok
13:20:22.0536 2728 [ C07FFEAB4E6CE0ED2808417D1336063F ] WTGService C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
13:20:22.0552 2728 WTGService - ok
13:20:22.0630 2728 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
13:20:22.0676 2728 wuauserv - ok
13:20:22.0692 2728 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:20:22.0723 2728 WudfPf - ok
13:20:22.0739 2728 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:20:22.0786 2728 WUDFRd - ok
13:20:22.0801 2728 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:20:22.0832 2728 wudfsvc - ok
13:20:22.0848 2728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
13:20:22.0879 2728 WwanSvc - ok
13:20:22.0910 2728 ================ Scan global ===============================
13:20:22.0942 2728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
13:20:22.0973 2728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
13:20:22.0973 2728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
13:20:23.0004 2728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
13:20:23.0020 2728 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
13:20:23.0035 2728 [Global] - ok
13:20:23.0035 2728 ================ Scan MBR ==================================
13:20:23.0051 2728 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:20:23.0347 2728 \Device\Harddisk0\DR0 - ok
13:20:23.0347 2728 ================ Scan VBR ==================================
13:20:23.0363 2728 [ D37FEA94DC2CBD6EE0147BC23ECB2274 ] \Device\Harddisk0\DR0\Partition1
13:20:23.0363 2728 \Device\Harddisk0\DR0\Partition1 - ok
13:20:23.0378 2728 [ 04915B7E6DEF0D327443C05C5E8818AC ] \Device\Harddisk0\DR0\Partition2
13:20:23.0378 2728 \Device\Harddisk0\DR0\Partition2 - ok
13:20:23.0410 2728 [ 15FD58406257AA30A1DC797A9ED6F57F ] \Device\Harddisk0\DR0\Partition3
13:20:23.0410 2728 \Device\Harddisk0\DR0\Partition3 - ok
13:20:23.0410 2728 ============================================================
13:20:23.0410 2728 Scan finished
13:20:23.0410 2728 ============================================================
13:20:23.0425 2432 Detected object count: 7
13:20:23.0425 2432 Actual detected object count: 7
13:20:37.0668 2432 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:37.0668 2432 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:20:37.0668 2432 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:37.0668 2432 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:20:37.0668 2432 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:37.0668 2432 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:20:37.0684 2432 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:37.0684 2432 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:20:37.0684 2432 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:37.0684 2432 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:20:37.0684 2432 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:37.0684 2432 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:20:37.0684 2432 Solarlogger ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:37.0684 2432 Solarlogger ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.10.2012, 12:51
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.bot auf Windows-7 Home Premium (x64) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2012, 17:09
| #23 |
| | Backdoor.bot auf Windows-7 Home Premium (x64) Hallo Cosinus, ESET lässt sich im abgesicherten Modus nicht schließen, da man gar nicht auf die Konsole kommt. Bei den Diensten erscheint ESET auch nicht, daher Combofix mit ESET. Das sieht dann so aus: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-30.03 - Ralf 01.10.2012 17:53:56.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.3293 [GMT 2:00]
ausgeführt von:: c:\users\Ralf\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\gt.exe
c:\windows\s.bat
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\version.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-01 bis 2012-10-01 ))))))))))))))))))))))))))))))
.
.
2012-10-01 15:58 . 2012-10-01 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 15:07 . 2012-09-28 15:07 -------- d-----w- C:\_OTL
2012-09-26 17:58 . 2012-09-26 17:58 -------- d-----w- c:\program files (x86)\ESET
2012-09-21 11:09 . 2012-09-26 17:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-21 11:09 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 07:08 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0174621-F3FD-474C-A3F3-CED2562B6C4C}\mpengine.dll
2012-09-17 08:17 . 2012-09-17 08:17 -------- d-----w- c:\users\Ralf\AppData\Local\Vitalwerks
2012-09-17 08:15 . 2012-09-17 08:15 -------- d-----w- c:\program files (x86)\No-IP
2012-09-17 07:21 . 2012-09-17 12:16 -------- d-----w- c:\users\Ralf\SolarAnalyzer
2012-09-12 06:35 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 06:35 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 06:35 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 06:35 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:35 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 06:35 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:35 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 06:35 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-06 12:56 . 2012-09-06 12:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-06 12:56 . 2012-09-06 12:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-06 12:55 . 2012-09-06 12:55 -------- d-----w- c:\program files (x86)\Java
2012-09-06 07:35 . 2012-09-06 07:35 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-09-06 07:35 . 2012-09-06 07:35 -------- d-----w- c:\windows\system32\BestPractices
2012-09-06 07:35 . 2012-09-06 07:35 -------- d-----w- C:\inetpub
2012-09-06 07:26 . 2012-10-01 14:25 -------- d-----w- C:\SolarView
2012-09-06 07:26 . 2012-09-06 07:26 -------- d-----w- C:\web
2012-09-06 07:07 . 2012-09-06 07:21 -------- d-----w- c:\program files (x86)\SolarView
2012-09-04 15:02 . 2012-09-04 15:03 -------- d-----w- c:\users\Ralf\Ubuntu
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 06:36 . 2011-11-04 11:34 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-06 12:55 . 2012-06-05 11:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-06 12:55 . 2011-12-11 13:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 06:38 . 2012-04-13 05:29 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-24 06:38 . 2011-11-09 13:53 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 08:26 . 2012-10-01 16:03 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E10A5113-2312-4F84-A121-0416B0094CDB}\mpengine.dll
2012-07-18 18:15 . 2012-08-15 06:22 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-15 07:49 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 06:22 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 06:22 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 06:22 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 06:22 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E39B98A8-34A7-4D92-A979-920C48814216}]
2010-07-27 07:54 144064 ----a-w- c:\program files (x86)\Sinfor\SSL\ClientComponent\SSOClientPrj.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FFD2FD1F-C991-4A2F-8557-CDB11E274215}]
2010-07-30 13:48 123656 ----a-w- c:\program files (x86)\Sinfor\SSL\ClientComponent\SinforBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-24 13408]
R1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys [2011-08-24 55880]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-24 22912]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-24 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-24 62584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-10-31 35952]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
R2 SinforSP;SinforSP;c:\program files (x86)\Sinfor\SSL\Promote\SinforPromoteService.exe [2010-04-22 131872]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Solarlogger;Solarlogger;c:\solarview\Datenlogger.exe [2012-07-31 499712]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2011-12-09 329168]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 250568]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [2011-12-07 112896]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2011-12-07 116224]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-14 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [2010-12-23 3293272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-24 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-24 39008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-24 29792]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SinforVnic;SINFOR SSL VPN CS Support System VNIC;c:\windows\system32\DRIVERS\SinforVnic.sys [2010-09-03 36960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 06:38]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:17]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-24 114688]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}: NameServer = 192.168.2.1
TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}\343555E4: NameServer = 192.168.2.1
TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}\3544747457563747: NameServer = 192.168.2.1
TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}\77F6D656E6: NameServer = 192.168.2.1
TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}\94E4455425E45445: NameServer = 192.168.2.1
TCP: Interfaces\{C36D3CF8-62DE-4341-9A03-C3258837C8B8}: NameServer = 202.102.24.35,218.2.135.1
DPF: {250587D2-6704-4479-8718-3C7E163B4216} - hxxps://222.190.124.165:6443/com/CSClientManagerPrj.CAB
FF - ProfilePath - c:\users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-RunOnce- Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-01 18:06:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-01 16:06
.
Vor Suchlauf: 13 Verzeichnis(se), 106.672.181.248 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 106.330.537.984 Bytes frei
.
- - End Of File - - AF5F1CCCF69896747162C87943B66490
|
|
02.10.2012, 13:11
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.bot auf Windows-7 Home Premium (x64) Funktioniert der normale Modus wieder?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 14:55
| #25 |
| | Backdoor.bot auf Windows-7 Home Premium (x64) Leider nein. Die Maschine fährt zur Abfrage des Benutzerpasswortes hoch, nach dessen Eingabe bekomme ich jetzt allerdings keinen blauen Lenovo-Bildschirm mehr sondern einen mit dem Zeichen von ESET NOD Antivirus 5. Dann allerdings hängt er sich wieder hin. |
|
02.10.2012, 14:58
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.bot auf Windows-7 Home Premium (x64) Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 16:53
| #27 |
| | Backdoor.bot auf Windows-7 Home Premium (x64) Hallo Cosinus, hier die Logfiles GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-02 17:23:29
Windows 6.1.7601 Service Pack 1
Running: 5logimck.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9cc954b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9cc954b (not active ControlSet)
---- EOF - GMER 1.0.15 --
--- --- ---
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:32:09 on 02.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Google Inc. Google Chrome 21.0.1180.89 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "BPntDrv" (BPntDrv) - "Lenovo" - C:\windows\System32\drivers\BPntDrv.sys "btwampfl" (BTWAMPFL) - "Broadcom Corporation." - C:\windows\System32\DRIVERS\btwampfl.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "fbfmon" (fbfmon) - "Lenovo" - C:\windows\System32\drivers\fbfmon.sys "LHDmgr" (LHDmgr) - "Lenovo." - C:\windows\System32\DRIVERS\LhdX64.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys "SINFOR SSL VPN CS Support System VNIC" (SinforVnic) - "SINFOR, Corp. CHINA" - C:\windows\System32\DRIVERS\SinforVnic.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} "QVPPlugProt Class" - "QlikTech AB" - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {250587D2-6704-4479-8718-3C7E163B4216} "CSClientManager Class" - ? - C:\Windows\Downloaded Program Files\CSClientManagerPrj.dll / https://222.190.124.165:6443/com/CSClientManagerPrj.CAB {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "Senden an Bluetooth" - ? - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} "EgisPBIE Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL {FFD2FD1F-C991-4A2F-8557-CDB11E274215} "SinforIEBHO Class" - ? - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\SinforBHO.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {E39B98A8-34A7-4D92-A979-920C48814216} "SSOClientBHO Class" - ? - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\SSOClientPrj.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe "EgisTec Service" (EgisTec Service) - "Egis Technology Inc. " - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe "EgisTec Service Help" (EgisTec Service Help) - "Egis Technology Inc. " - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe "EgisTec Ticket Service" (EgisTec Ticket Service) - "Egis Technology Inc. " - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe "ESET Service" (ekrn) - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Internet Pass-Through Service" (PassThru Service) - ? - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SinforSP" (SinforSP) - ? - C:\Program Files (x86)\Sinfor\SSL\Promote\SinforPromoteService.exe "Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Solarlogger" (Solarlogger) - "Manfred Richter" - c:\SolarView\Datenlogger.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WTGService" (WTGService) - ? - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "Sangfor SSL Name Space Provider" - "Sangfor" - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll "Sangfor SSL Name Space Provider" - "Sangfor" - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "SinforLSP" - "SINFORS" - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll ===[ Logfile end ]=========================================[ Logfile end ]=== und aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 17:44:13
-----------------------------
17:44:13.236 OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:13.236 Number of processors: 4 586 0x2A07
17:44:13.236 ComputerName: RALF-PC UserName: Ralf
17:44:14.156 Initialize success
17:44:20.459 AVAST engine defs: 12100200
17:44:30.178 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:44:30.178 Disk 0 Vendor: HITACHI_ JE3Z Size: 476940MB BusType: 3
17:44:30.209 Disk 0 MBR read successfully
17:44:30.209 Disk 0 MBR scan
17:44:30.224 Disk 0 Windows 7 default MBR code
17:44:30.224 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
17:44:30.224 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
17:44:30.240 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
17:44:30.256 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
17:44:30.287 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
17:44:30.334 Disk 0 scanning C:\windows\system32\drivers
17:44:38.461 Service scanning
17:45:04.420 Modules scanning
17:45:04.420 Disk 0 trace - called modules:
17:45:04.451 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:45:04.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800555d060]
17:45:04.466 3 CLASSPNP.SYS[fffff88001a6b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471b050]
17:45:04.466 Scan finished successfully
17:46:37.162 Disk 0 MBR has been saved successfully to "C:\Users\Ralf\Desktop\MBR.dat"
17:46:37.177 The log file has been saved successfully to "C:\Users\Ralf\Desktop\aswMBR.txt"
|
|
02.10.2012, 20:05
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.bot auf Windows-7 Home Premium (x64) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 20:48
| #29 |
| | Backdoor.bot auf Windows-7 Home Premium (x64) Hier die beiden Log-files: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.03.07 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Ralf :: RALF-PC [Administrator] 03.10.2012 18:14:33 mbam-log-2012-10-03 (18-14-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 374007 Laufzeit: 42 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) SuperAntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/03/2012 at 09:44 PM
Application Version : 5.5.1022
Core Rules Database Version : 9333
Trace Rules Database Version: 7145
Scan type : Complete Scan
Total Scan Time : 02:39:48
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 408
Memory threats detected : 0
Registry items scanned : 67401
Registry threats detected : 0
File items scanned : 177400
File threats detected : 38
Adware.Tracking Cookie
C:\USERS\RALF\AppData\Roaming\Microsoft\Windows\Cookies\Low\CSUERBH2.txt [ Cookie:ralf@specificclick.net/ ]
C:\USERS\RALF\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWN0YILP.txt [ Cookie:ralf@doubleclick.net/ ]
.doubleclick.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.beamer-discount.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediathek.daserste.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.ardmediathek.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pulse-analytics-beacon.reutersmedia.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
traffic.brand-wall.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.mobile.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.account.dyn.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracker.softgarden.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracker.vinsight.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]
mediathek.daserste.de [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]
|
|
03.10.2012, 21:22
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.bot auf Windows-7 Home Premium (x64) Sieht aber eigentlich soweit alles ok aus, nur Cookies wurden gefunden Kannst du mal im abgesicherten Modus mit Netzwerktreibern einen neuen Windows-Benutzer anlegen und versuchen dich damit im normalen Modus einzuloggen? Vllt klappt das ja
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Backdoor.bot auf Windows-7 Home Premium (x64) |
| administrator, anti-malware, antivirus, autostart, backdoor.bot, dateien, digital, ergebnis, eset, eset nod32, explorer, files, folge, folgende, forum, help, home, malwarebytes, microsoft, nod32, player, scan, service, software, speicher, version |
Linear-Darstellung
