| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|LoadWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.10.2012, 20:33
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
F3 - HKU\S-1-5-21-488982243-929877786-3048713109-1000 WinNT: Load - (C:\Users\Jan\LOCALS~1\Temp\msjdqxi.com) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.05.27 13:12:48 | 000,000,693 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
:Files
C:\Users\Jan\AppData\Roaming\gema
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.10.2012, 16:19
| #17 |
 | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load jap, Computer hat sich neu gestartet, dann ist dieser Log erschienen:
__________________Code:
ATTFilter < ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jan
->Temp folder emptied: 554592974 bytes
->Temporary Internet Files folder emptied: 316760346 bytes
->Java cache emptied: 1 bytes
->Opera cache emptied: 21956451 bytes
->Flash cache emptied: 105494 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41464857 bytes
RecycleBin emptied: 235750 bytes
Total Files Cleaned = 892,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_170417
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.12.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jan :: JAN-PC [Administrator] Schutz: Aktiviert 13.10.2012 17:42:43 mbam-log-2012-10-13 (17-42-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191130 Laufzeit: 33 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von Slowmotion (13.10.2012 um 17:19 Uhr) |
|
13.10.2012, 18:51
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Das Fixlog ist leider unvollständig
__________________
__________________ |
|
13.10.2012, 19:20
| #19 |
| | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Oh, weist du zufällig, wo der Fixlog gesperichert wird, kann ihn nicht finden.. |
|
13.10.2012, 21:42
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Innerhalb von C:\_OTL
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.10.2012, 22:00
| #21 |
| | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Ok, jetzt der ganze Log^^ Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-488982243-929877786-3048713109-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Jan\LOCALS~1\Temp\msjdqxi.com deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\Jan\AppData\Roaming\gema folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jan
->Temp folder emptied: 554592974 bytes
->Temporary Internet Files folder emptied: 316760346 bytes
->Java cache emptied: 1 bytes
->Opera cache emptied: 21956451 bytes
->Flash cache emptied: 105494 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41464857 bytes
RecycleBin emptied: 235750 bytes
Total Files Cleaned = 892,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_170417
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
14.10.2012, 15:53
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.10.2012, 17:36
| #23 |
| | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Ok, habs über den Channel hochgeladen |
|
14.10.2012, 19:59
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load ok, danke! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.10.2012, 20:23
| #25 |
| | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Bitte: Code:
ATTFilter 21:16:43.0014 2836 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:16:44.0686 2836 ============================================================
21:16:44.0686 2836 Current date / time: 2012/10/14 21:16:44.0686
21:16:44.0686 2836 SystemInfo:
21:16:44.0686 2836
21:16:44.0686 2836 OS Version: 6.1.7601 ServicePack: 1.0
21:16:44.0686 2836 Product type: Workstation
21:16:44.0686 2836 ComputerName: JAN-PC
21:16:44.0686 2836 UserName: Jan
21:16:44.0686 2836 Windows directory: C:\Windows
21:16:44.0686 2836 System windows directory: C:\Windows
21:16:44.0686 2836 Processor architecture: Intel x86
21:16:44.0686 2836 Number of processors: 2
21:16:44.0686 2836 Page size: 0x1000
21:16:44.0686 2836 Boot type: Normal boot
21:16:44.0686 2836 ============================================================
21:16:48.0279 2836 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:16:48.0654 2836 ============================================================
21:16:48.0654 2836 \Device\Harddisk0\DR0:
21:16:48.0654 2836 MBR partitions:
21:16:48.0654 2836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:16:48.0654 2836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x10BA0000
21:16:48.0654 2836 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x10BD2909, BlocksNum 0x1E461B8
21:16:48.0654 2836 ============================================================
21:16:48.0920 2836 C: <-> \Device\Harddisk0\DR0\Partition2
21:16:48.0998 2836 D: <-> \Device\Harddisk0\DR0\Partition3
21:16:49.0217 2836 H: <-> \Device\Harddisk0\DR0\Partition1
21:16:49.0639 2836 ============================================================
21:16:49.0639 2836 Initialize success
21:16:49.0639 2836 ============================================================
21:17:43.0514 3492 ============================================================
21:17:43.0514 3492 Scan started
21:17:43.0514 3492 Mode: Manual; SigCheck; TDLFS;
21:17:43.0514 3492 ============================================================
21:17:46.0326 3492 ================ Scan system memory ========================
21:17:46.0326 3492 System memory - ok
21:17:46.0342 3492 ================ Scan services =============================
21:17:46.0576 3492 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:17:47.0154 3492 1394ohci - ok
21:17:47.0201 3492 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:17:47.0264 3492 ACPI - ok
21:17:47.0311 3492 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:17:47.0576 3492 AcpiPmi - ok
21:17:47.0701 3492 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:17:47.0748 3492 AdobeARMservice - ok
21:17:47.0811 3492 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:17:47.0889 3492 adp94xx - ok
21:17:47.0920 3492 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:17:47.0967 3492 adpahci - ok
21:17:47.0998 3492 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:17:48.0045 3492 adpu320 - ok
21:17:48.0107 3492 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:17:48.0295 3492 AeLookupSvc - ok
21:17:48.0373 3492 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:17:48.0498 3492 AFD - ok
21:17:48.0545 3492 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:17:48.0576 3492 agp440 - ok
21:17:48.0639 3492 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:17:48.0670 3492 aic78xx - ok
21:17:48.0732 3492 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:17:48.0873 3492 ALG - ok
21:17:48.0889 3492 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:17:48.0936 3492 aliide - ok
21:17:48.0967 3492 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:17:48.0998 3492 amdagp - ok
21:17:49.0029 3492 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:17:49.0061 3492 amdide - ok
21:17:49.0123 3492 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:17:49.0248 3492 AmdK8 - ok
21:17:49.0279 3492 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:17:49.0357 3492 AmdPPM - ok
21:17:49.0404 3492 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:17:49.0436 3492 amdsata - ok
21:17:49.0467 3492 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:17:49.0514 3492 amdsbs - ok
21:17:49.0545 3492 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:17:49.0576 3492 amdxata - ok
21:17:49.0654 3492 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:17:49.0717 3492 AntiVirSchedulerService - ok
21:17:49.0764 3492 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:17:49.0795 3492 AntiVirService - ok
21:17:49.0842 3492 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:17:50.0029 3492 AppID - ok
21:17:50.0076 3492 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:17:50.0170 3492 AppIDSvc - ok
21:17:50.0201 3492 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:17:50.0357 3492 Appinfo - ok
21:17:50.0420 3492 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
21:17:50.0576 3492 AppMgmt - ok
21:17:50.0639 3492 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:17:50.0686 3492 arc - ok
21:17:50.0717 3492 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:17:50.0748 3492 arcsas - ok
21:17:50.0873 3492 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:17:50.0998 3492 aspnet_state - ok
21:17:51.0045 3492 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:17:51.0264 3492 AsyncMac - ok
21:17:51.0311 3492 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:17:51.0342 3492 atapi - ok
21:17:51.0404 3492 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:17:51.0498 3492 AudioEndpointBuilder - ok
21:17:51.0529 3492 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:17:51.0607 3492 Audiosrv - ok
21:17:51.0701 3492 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:17:51.0764 3492 avgntflt - ok
21:17:51.0826 3492 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:17:51.0873 3492 avipbb - ok
21:17:51.0889 3492 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:17:51.0920 3492 avkmgr - ok
21:17:51.0982 3492 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:17:52.0154 3492 AxInstSV - ok
21:17:52.0217 3492 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:17:52.0326 3492 b06bdrv - ok
21:17:52.0404 3492 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:17:52.0498 3492 b57nd60x - ok
21:17:52.0904 3492 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:17:53.0076 3492 BDESVC - ok
21:17:53.0139 3492 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:17:53.0264 3492 Beep - ok
21:17:53.0342 3492 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:17:53.0451 3492 BFE - ok
21:17:53.0498 3492 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:17:53.0795 3492 BITS - ok
21:17:53.0857 3492 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:17:53.0920 3492 blbdrive - ok
21:17:53.0967 3492 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:17:54.0029 3492 bowser - ok
21:17:54.0061 3492 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:17:54.0279 3492 BrFiltLo - ok
21:17:54.0342 3492 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:17:54.0404 3492 BrFiltUp - ok
21:17:54.0467 3492 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:17:54.0592 3492 Browser - ok
21:17:54.0607 3492 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:17:54.0779 3492 Brserid - ok
21:17:54.0811 3492 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:17:54.0873 3492 BrSerWdm - ok
21:17:54.0904 3492 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:17:55.0014 3492 BrUsbMdm - ok
21:17:55.0045 3492 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:17:55.0107 3492 BrUsbSer - ok
21:17:55.0170 3492 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:17:55.0482 3492 BthEnum - ok
21:17:55.0498 3492 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:17:55.0623 3492 BTHMODEM - ok
21:17:55.0654 3492 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:17:55.0717 3492 BthPan - ok
21:17:55.0779 3492 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:17:55.0842 3492 BTHPORT - ok
21:17:55.0904 3492 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:17:55.0998 3492 bthserv - ok
21:17:56.0045 3492 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:17:56.0092 3492 BTHUSB - ok
21:17:56.0154 3492 [ FD785638D097A4BED11953FFC8E22755 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
21:17:56.0279 3492 btwampfl - ok
21:17:56.0326 3492 [ A7C9E9B312036EC0EAF2CED52C7FC66F ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:17:56.0357 3492 btwaudio - ok
21:17:56.0404 3492 [ C8D1ADEFD6D5FEAF95C6C7A2CC6B4B97 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:17:56.0436 3492 btwavdt - ok
21:17:56.0545 3492 [ C0C4CC503702AD3922FCE6A393A5BAAB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:17:56.0639 3492 btwdins - ok
21:17:56.0670 3492 [ E26610D44609574E13BAAD367AB34967 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:17:56.0701 3492 btwl2cap - ok
21:17:56.0732 3492 [ C49CC9B5E06FBDC87137BA24018B6EDE ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:17:56.0779 3492 btwrchid - ok
21:17:56.0842 3492 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:17:56.0951 3492 cdfs - ok
21:17:56.0998 3492 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:17:57.0061 3492 cdrom - ok
21:17:57.0107 3492 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:17:57.0186 3492 CertPropSvc - ok
21:17:57.0217 3492 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:17:57.0248 3492 circlass - ok
21:17:57.0311 3492 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:17:57.0389 3492 CLFS - ok
21:17:57.0514 3492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:57.0561 3492 clr_optimization_v2.0.50727_32 - ok
21:17:57.0592 3492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:57.0748 3492 clr_optimization_v4.0.30319_32 - ok
21:17:57.0811 3492 [ 125C828BF3673406DFD642D7BEE8434F ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
21:17:57.0842 3492 clwvd - ok
21:17:57.0873 3492 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:17:57.0920 3492 CmBatt - ok
21:17:57.0951 3492 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:17:57.0982 3492 cmdide - ok
21:17:58.0045 3492 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:17:58.0123 3492 CNG - ok
21:17:58.0170 3492 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:17:58.0201 3492 Compbatt - ok
21:17:58.0248 3492 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:17:58.0311 3492 CompositeBus - ok
21:17:58.0342 3492 COMSysApp - ok
21:17:58.0373 3492 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:17:58.0404 3492 crcdisk - ok
21:17:58.0482 3492 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:17:58.0561 3492 CryptSvc - ok
21:17:58.0623 3492 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
21:17:58.0732 3492 CSC - ok
21:17:58.0779 3492 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
21:17:58.0904 3492 CscService - ok
21:17:58.0951 3492 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:17:59.0076 3492 DcomLaunch - ok
21:17:59.0123 3492 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:17:59.0232 3492 defragsvc - ok
21:17:59.0264 3492 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:17:59.0373 3492 DfsC - ok
21:17:59.0436 3492 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:17:59.0545 3492 Dhcp - ok
21:17:59.0592 3492 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:17:59.0686 3492 discache - ok
21:17:59.0717 3492 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:17:59.0764 3492 Disk - ok
21:17:59.0795 3492 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:17:59.0857 3492 Dnscache - ok
21:17:59.0904 3492 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:17:59.0998 3492 dot3svc - ok
21:18:00.0029 3492 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:18:00.0123 3492 DPS - ok
21:18:00.0170 3492 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:18:00.0217 3492 drmkaud - ok
21:18:00.0279 3492 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:18:00.0420 3492 DXGKrnl - ok
21:18:00.0467 3492 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:18:00.0592 3492 E1G60 - ok
21:18:00.0639 3492 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:18:00.0717 3492 EapHost - ok
21:18:00.0842 3492 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:18:01.0029 3492 ebdrv - ok
21:18:01.0061 3492 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:18:01.0186 3492 EFS - ok
21:18:01.0279 3492 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:18:01.0436 3492 ehRecvr - ok
21:18:01.0482 3492 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:18:01.0576 3492 ehSched - ok
21:18:01.0686 3492 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:18:01.0732 3492 elxstor - ok
21:18:01.0764 3492 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:18:01.0811 3492 ErrDev - ok
21:18:01.0889 3492 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:18:01.0982 3492 EventSystem - ok
21:18:02.0014 3492 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:18:02.0107 3492 exfat - ok
21:18:02.0154 3492 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:18:02.0248 3492 fastfat - ok
21:18:02.0311 3492 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:18:02.0436 3492 Fax - ok
21:18:02.0467 3492 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:18:02.0514 3492 fdc - ok
21:18:02.0561 3492 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:18:02.0654 3492 fdPHost - ok
21:18:02.0670 3492 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:18:02.0764 3492 FDResPub - ok
21:18:02.0826 3492 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:18:02.0857 3492 FileInfo - ok
21:18:02.0873 3492 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:18:02.0951 3492 Filetrace - ok
21:18:02.0982 3492 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:18:03.0045 3492 flpydisk - ok
21:18:03.0076 3492 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:18:03.0123 3492 FltMgr - ok
21:18:03.0170 3492 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:18:03.0311 3492 FontCache - ok
21:18:03.0451 3492 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:18:03.0498 3492 FontCache3.0.0.0 - ok
21:18:03.0576 3492 [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
21:18:03.0592 3492 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
21:18:03.0592 3492 FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
21:18:03.0639 3492 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:18:03.0670 3492 FsDepends - ok
21:18:03.0701 3492 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:18:03.0732 3492 Fs_Rec - ok
21:18:03.0811 3492 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:18:03.0857 3492 fvevol - ok
21:18:03.0920 3492 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:18:03.0951 3492 gagp30kx - ok
21:18:03.0998 3492 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
21:18:04.0029 3492 ggflt - ok
21:18:04.0076 3492 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
21:18:04.0139 3492 ggsemc - ok
21:18:04.0201 3492 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:18:04.0326 3492 gpsvc - ok
21:18:04.0373 3492 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:18:04.0482 3492 hcw85cir - ok
21:18:04.0529 3492 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:18:04.0607 3492 HdAudAddService - ok
21:18:04.0639 3492 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:18:04.0701 3492 HDAudBus - ok
21:18:04.0732 3492 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:18:04.0795 3492 HidBatt - ok
21:18:04.0811 3492 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:18:04.0873 3492 HidBth - ok
21:18:04.0904 3492 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:18:04.0951 3492 HidIr - ok
21:18:04.0998 3492 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:18:05.0092 3492 hidserv - ok
21:18:05.0139 3492 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:18:05.0232 3492 HidUsb - ok
21:18:05.0279 3492 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:18:05.0373 3492 hkmsvc - ok
21:18:05.0436 3492 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:18:05.0545 3492 HomeGroupListener - ok
21:18:05.0592 3492 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:18:05.0670 3492 HomeGroupProvider - ok
21:18:05.0717 3492 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:18:05.0748 3492 HpSAMD - ok
21:18:05.0811 3492 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:18:05.0889 3492 HTTP - ok
21:18:05.0920 3492 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:18:05.0967 3492 hwpolicy - ok
21:18:05.0998 3492 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:18:06.0076 3492 i8042prt - ok
21:18:06.0123 3492 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:18:06.0170 3492 iaStorV - ok
21:18:06.0248 3492 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:18:06.0326 3492 idsvc - ok
21:18:06.0529 3492 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:18:06.0857 3492 igfx - ok
21:18:06.0920 3492 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:18:06.0951 3492 iirsp - ok
21:18:07.0029 3492 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:18:07.0186 3492 IKEEXT - ok
21:18:07.0232 3492 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:18:07.0264 3492 intelide - ok
21:18:07.0311 3492 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:18:07.0357 3492 intelppm - ok
21:18:07.0404 3492 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:18:07.0498 3492 IPBusEnum - ok
21:18:07.0529 3492 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:18:07.0607 3492 IpFilterDriver - ok
21:18:07.0686 3492 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:18:07.0779 3492 iphlpsvc - ok
21:18:07.0811 3492 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:18:07.0936 3492 IPMIDRV - ok
21:18:07.0982 3492 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:18:08.0076 3492 IPNAT - ok
21:18:08.0123 3492 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:18:08.0201 3492 IRENUM - ok
21:18:08.0232 3492 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:18:08.0279 3492 isapnp - ok
21:18:08.0326 3492 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:18:08.0357 3492 iScsiPrt - ok
21:18:08.0404 3492 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:18:08.0451 3492 kbdclass - ok
21:18:08.0467 3492 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:18:08.0529 3492 kbdhid - ok
21:18:08.0561 3492 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:18:08.0607 3492 KeyIso - ok
21:18:08.0717 3492 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:18:08.0764 3492 KSecDD - ok
21:18:08.0811 3492 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:18:08.0857 3492 KSecPkg - ok
21:18:08.0904 3492 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:18:09.0014 3492 KtmRm - ok
21:18:09.0061 3492 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:18:09.0186 3492 LanmanServer - ok
21:18:09.0217 3492 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:18:09.0357 3492 LanmanWorkstation - ok
21:18:09.0420 3492 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:18:09.0514 3492 lltdio - ok
21:18:09.0561 3492 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:18:09.0654 3492 lltdsvc - ok
21:18:09.0670 3492 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:18:09.0748 3492 lmhosts - ok
21:18:09.0779 3492 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:18:09.0826 3492 LSI_FC - ok
21:18:09.0857 3492 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:18:09.0889 3492 LSI_SAS - ok
21:18:09.0920 3492 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:18:09.0967 3492 LSI_SAS2 - ok
21:18:09.0998 3492 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:18:10.0029 3492 LSI_SCSI - ok
21:18:10.0061 3492 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:18:10.0139 3492 luafv - ok
21:18:10.0232 3492 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:18:10.0264 3492 MBAMProtector - ok
21:18:10.0389 3492 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:18:10.0436 3492 MBAMScheduler - ok
21:18:10.0498 3492 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:18:10.0576 3492 MBAMService - ok
21:18:10.0623 3492 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:18:10.0670 3492 Mcx2Svc - ok
21:18:10.0717 3492 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:18:10.0748 3492 megasas - ok
21:18:10.0779 3492 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:18:10.0842 3492 MegaSR - ok
21:18:10.0936 3492 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:18:10.0967 3492 Microsoft Office Groove Audit Service - ok
21:18:11.0014 3492 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:18:11.0123 3492 MMCSS - ok
21:18:11.0186 3492 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:18:11.0264 3492 Modem - ok
21:18:11.0311 3492 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:18:11.0373 3492 monitor - ok
21:18:11.0404 3492 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:18:11.0451 3492 mouclass - ok
21:18:11.0498 3492 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:18:11.0561 3492 mouhid - ok
21:18:11.0607 3492 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:18:11.0639 3492 mountmgr - ok
21:18:11.0686 3492 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:18:11.0732 3492 mpio - ok
21:18:11.0748 3492 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:18:11.0889 3492 mpsdrv - ok
21:18:11.0936 3492 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:18:12.0076 3492 MpsSvc - ok
21:18:12.0123 3492 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:18:12.0170 3492 MRxDAV - ok
21:18:12.0217 3492 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:18:12.0311 3492 mrxsmb - ok
21:18:12.0357 3492 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:18:12.0420 3492 mrxsmb10 - ok
21:18:12.0436 3492 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:18:12.0467 3492 mrxsmb20 - ok
21:18:12.0498 3492 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:18:12.0545 3492 msahci - ok
21:18:12.0576 3492 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:18:12.0623 3492 msdsm - ok
21:18:12.0639 3492 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:18:12.0701 3492 MSDTC - ok
21:18:12.0748 3492 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:18:12.0826 3492 Msfs - ok
21:18:12.0857 3492 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:18:12.0951 3492 mshidkmdf - ok
21:18:12.0982 3492 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:18:13.0014 3492 msisadrv - ok
21:18:13.0076 3492 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:18:13.0154 3492 MSiSCSI - ok
21:18:13.0170 3492 msiserver - ok
21:18:13.0217 3492 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:18:13.0357 3492 MSKSSRV - ok
21:18:13.0420 3492 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:18:13.0498 3492 MSPCLOCK - ok
21:18:13.0529 3492 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:18:13.0623 3492 MSPQM - ok
21:18:13.0654 3492 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:18:13.0701 3492 MsRPC - ok
21:18:13.0748 3492 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:18:13.0779 3492 mssmbios - ok
21:18:13.0811 3492 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:18:13.0889 3492 MSTEE - ok
21:18:13.0904 3492 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:18:13.0967 3492 MTConfig - ok
21:18:13.0982 3492 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:18:14.0029 3492 Mup - ok
21:18:14.0076 3492 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:18:14.0170 3492 napagent - ok
21:18:14.0217 3492 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:18:14.0279 3492 NativeWifiP - ok
21:18:14.0342 3492 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:18:14.0436 3492 NDIS - ok
21:18:14.0451 3492 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:18:14.0545 3492 NdisCap - ok
21:18:14.0576 3492 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:18:14.0654 3492 NdisTapi - ok
21:18:14.0701 3492 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:18:14.0795 3492 Ndisuio - ok
21:18:14.0826 3492 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:18:14.0904 3492 NdisWan - ok
21:18:14.0936 3492 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:18:14.0998 3492 NDProxy - ok
21:18:15.0061 3492 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:18:15.0139 3492 NetBIOS - ok
21:18:15.0186 3492 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:18:15.0279 3492 NetBT - ok
21:18:15.0311 3492 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:18:15.0342 3492 Netlogon - ok
21:18:15.0420 3492 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:18:15.0529 3492 Netman - ok
21:18:15.0561 3492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:18:15.0623 3492 NetMsmqActivator - ok
21:18:15.0670 3492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:18:15.0701 3492 NetPipeActivator - ok
21:18:15.0732 3492 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:18:15.0842 3492 netprofm - ok
21:18:15.0920 3492 [ 652881F65B35564575255A0E05E23C55 ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
21:18:15.0982 3492 netr28 - ok
21:18:16.0014 3492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:18:16.0045 3492 NetTcpActivator - ok
21:18:16.0061 3492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:18:16.0092 3492 NetTcpPortSharing - ok
21:18:16.0170 3492 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:18:16.0201 3492 nfrd960 - ok
21:18:16.0248 3492 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:18:16.0342 3492 NlaSvc - ok
21:18:16.0404 3492 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf C:\Windows\system32\drivers\npf.sys
21:18:16.0436 3492 npf - ok
21:18:16.0451 3492 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:18:16.0529 3492 Npfs - ok
21:18:16.0561 3492 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:18:16.0639 3492 nsi - ok
21:18:16.0670 3492 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:18:16.0764 3492 nsiproxy - ok
21:18:16.0842 3492 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:18:16.0967 3492 Ntfs - ok
21:18:17.0014 3492 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:18:17.0092 3492 Null - ok
21:18:17.0139 3492 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:18:17.0170 3492 nvraid - ok
21:18:17.0217 3492 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:18:17.0248 3492 nvstor - ok
21:18:17.0279 3492 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:18:17.0326 3492 nv_agp - ok
21:18:17.0404 3492 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:18:17.0467 3492 odserv - ok
21:18:17.0498 3492 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:18:17.0561 3492 ohci1394 - ok
21:18:17.0607 3492 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:18:17.0639 3492 ose - ok
21:18:17.0717 3492 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:18:17.0826 3492 p2pimsvc - ok
21:18:17.0889 3492 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:18:17.0967 3492 p2psvc - ok
21:18:18.0014 3492 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:18:18.0061 3492 Parport - ok
21:18:18.0107 3492 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:18:18.0186 3492 partmgr - ok
21:18:18.0232 3492 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:18:18.0295 3492 Parvdm - ok
21:18:18.0342 3492 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:18:18.0389 3492 PcaSvc - ok
21:18:18.0420 3492 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:18:18.0451 3492 pci - ok
21:18:18.0482 3492 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:18:18.0529 3492 pciide - ok
21:18:18.0561 3492 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:18:18.0607 3492 pcmcia - ok
21:18:18.0623 3492 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:18:18.0670 3492 pcw - ok
21:18:18.0701 3492 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:18:18.0826 3492 PEAUTH - ok
21:18:18.0920 3492 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:18:19.0076 3492 PeerDistSvc - ok
21:18:19.0201 3492 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:18:19.0373 3492 pla - ok
21:18:19.0404 3492 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:18:19.0498 3492 PlugPlay - ok
21:18:19.0529 3492 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:18:19.0592 3492 PNRPAutoReg - ok
21:18:19.0623 3492 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:18:19.0670 3492 PNRPsvc - ok
21:18:19.0701 3492 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:18:19.0811 3492 PolicyAgent - ok
21:18:19.0873 3492 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:18:19.0951 3492 Power - ok
21:18:20.0014 3492 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:18:20.0107 3492 PptpMiniport - ok
21:18:20.0139 3492 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:18:20.0186 3492 Processor - ok
21:18:20.0232 3492 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:18:20.0311 3492 ProfSvc - ok
21:18:20.0342 3492 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:18:20.0389 3492 ProtectedStorage - ok
21:18:20.0451 3492 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:18:20.0545 3492 Psched - ok
21:18:20.0623 3492 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:18:20.0764 3492 ql2300 - ok
21:18:20.0811 3492 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:18:20.0842 3492 ql40xx - ok
21:18:20.0889 3492 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:18:20.0967 3492 QWAVE - ok
21:18:20.0998 3492 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:18:21.0045 3492 QWAVEdrv - ok
21:18:21.0061 3492 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:18:21.0139 3492 RasAcd - ok
21:18:21.0201 3492 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:18:21.0295 3492 RasAgileVpn - ok
21:18:21.0326 3492 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:18:21.0404 3492 RasAuto - ok
21:18:21.0420 3492 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:18:21.0498 3492 Rasl2tp - ok
21:18:21.0561 3492 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:18:21.0670 3492 RasMan - ok
21:18:21.0701 3492 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:18:21.0779 3492 RasPppoe - ok
21:18:21.0811 3492 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:18:21.0889 3492 RasSstp - ok
21:18:21.0951 3492 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:18:22.0045 3492 rdbss - ok
21:18:22.0061 3492 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:18:22.0107 3492 rdpbus - ok
21:18:22.0154 3492 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:18:22.0248 3492 RDPCDD - ok
21:18:22.0295 3492 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:18:22.0373 3492 RDPDR - ok
21:18:22.0389 3492 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:18:22.0467 3492 RDPENCDD - ok
21:18:22.0514 3492 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:18:22.0592 3492 RDPREFMP - ok
21:18:22.0670 3492 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:18:22.0857 3492 RdpVideoMiniport - ok
21:18:22.0904 3492 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:18:22.0967 3492 RDPWD - ok
21:18:23.0029 3492 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:18:23.0076 3492 rdyboost - ok
21:18:23.0123 3492 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:18:23.0217 3492 RemoteAccess - ok
21:18:23.0279 3492 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:18:23.0373 3492 RemoteRegistry - ok
21:18:23.0420 3492 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:18:23.0545 3492 RFCOMM - ok
21:18:23.0576 3492 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:18:23.0670 3492 RpcEptMapper - ok
21:18:23.0717 3492 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:18:23.0779 3492 RpcLocator - ok
21:18:23.0811 3492 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:18:23.0904 3492 RpcSs - ok
21:18:23.0951 3492 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:18:24.0061 3492 rspndr - ok
21:18:24.0107 3492 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
21:18:24.0154 3492 RTL8167 - ok
21:18:24.0186 3492 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:18:24.0295 3492 s3cap - ok
21:18:24.0326 3492 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:18:24.0357 3492 SamSs - ok
21:18:24.0404 3492 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:18:24.0451 3492 sbp2port - ok
21:18:24.0514 3492 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:18:24.0623 3492 SCardSvr - ok
21:18:24.0639 3492 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:18:24.0717 3492 scfilter - ok
21:18:24.0779 3492 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:18:24.0904 3492 Schedule - ok
21:18:24.0936 3492 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:18:24.0998 3492 SCPolicySvc - ok
21:18:25.0029 3492 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:18:25.0139 3492 SDRSVC - ok
21:18:25.0201 3492 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:18:25.0295 3492 secdrv - ok
21:18:25.0342 3492 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:18:25.0436 3492 seclogon - ok
21:18:25.0482 3492 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:18:25.0576 3492 SENS - ok
21:18:25.0607 3492 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:18:25.0732 3492 SensrSvc - ok
21:18:25.0764 3492 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:18:25.0811 3492 Serenum - ok
21:18:25.0857 3492 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:18:25.0920 3492 Serial - ok
21:18:25.0951 3492 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:18:25.0998 3492 sermouse - ok
21:18:26.0076 3492 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:18:26.0154 3492 SessionEnv - ok
21:18:26.0201 3492 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:18:26.0264 3492 sffdisk - ok
21:18:26.0279 3492 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:18:26.0326 3492 sffp_mmc - ok
21:18:26.0357 3492 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:18:26.0404 3492 sffp_sd - ok
21:18:26.0451 3492 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:18:26.0482 3492 sfloppy - ok
21:18:26.0545 3492 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:18:26.0639 3492 SharedAccess - ok
21:18:26.0670 3492 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:18:26.0764 3492 ShellHWDetection - ok
21:18:26.0795 3492 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:18:26.0826 3492 sisagp - ok
21:18:26.0889 3492 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:18:26.0920 3492 SiSRaid2 - ok
21:18:26.0936 3492 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:18:26.0982 3492 SiSRaid4 - ok
21:18:27.0061 3492 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:18:27.0107 3492 SkypeUpdate - ok
21:18:27.0139 3492 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:18:27.0201 3492 Smb - ok
21:18:27.0279 3492 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:18:27.0326 3492 SNMPTRAP - ok
21:18:27.0389 3492 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
21:18:27.0436 3492 Sony Ericsson PCCompanion - ok
21:18:27.0498 3492 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:18:27.0529 3492 spldr - ok
21:18:27.0592 3492 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:18:27.0748 3492 Spooler - ok
21:18:27.0904 3492 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:18:28.0139 3492 sppsvc - ok
21:18:28.0170 3492 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:18:28.0264 3492 sppuinotify - ok
21:18:28.0311 3492 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:18:28.0404 3492 srv - ok
21:18:28.0451 3492 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:18:28.0545 3492 srv2 - ok
21:18:28.0592 3492 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:18:28.0623 3492 srvnet - ok
21:18:28.0686 3492 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:18:28.0795 3492 SSDPSRV - ok
21:18:28.0842 3492 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:18:28.0873 3492 ssmdrv - ok
21:18:28.0889 3492 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:18:28.0967 3492 SstpSvc - ok
21:18:29.0029 3492 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:18:29.0061 3492 stexstor - ok
21:18:29.0123 3492 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:18:29.0201 3492 StiSvc - ok
21:18:29.0232 3492 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:18:29.0279 3492 storflt - ok
21:18:29.0311 3492 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:18:29.0342 3492 storvsc - ok
21:18:29.0373 3492 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:18:29.0404 3492 swenum - ok
21:18:29.0451 3492 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:18:29.0561 3492 swprv - ok
21:18:29.0592 3492 Synth3dVsc - ok
21:18:29.0686 3492 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:18:29.0795 3492 SysMain - ok
21:18:29.0826 3492 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:18:29.0904 3492 TabletInputService - ok
21:18:29.0951 3492 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:18:30.0045 3492 TapiSrv - ok
21:18:30.0107 3492 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:18:30.0201 3492 TBS - ok
21:18:30.0311 3492 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:18:30.0482 3492 Tcpip - ok
21:18:30.0592 3492 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:18:30.0670 3492 TCPIP6 - ok
21:18:30.0732 3492 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:18:30.0842 3492 tcpipreg - ok
21:18:30.0889 3492 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:18:30.0982 3492 TDPIPE - ok
21:18:31.0014 3492 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:18:31.0061 3492 TDTCP - ok
21:18:31.0107 3492 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:18:31.0186 3492 tdx - ok
21:18:31.0217 3492 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:18:31.0248 3492 TermDD - ok
21:18:31.0311 3492 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:18:31.0420 3492 TermService - ok
21:18:31.0482 3492 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:18:31.0545 3492 Themes - ok
21:18:31.0576 3492 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:18:31.0654 3492 THREADORDER - ok
21:18:31.0717 3492 Tosrfcom - ok
21:18:31.0748 3492 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:18:31.0842 3492 TrkWks - ok
21:18:31.0904 3492 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:18:31.0982 3492 TrustedInstaller - ok
21:18:32.0029 3492 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:18:32.0107 3492 tssecsrv - ok
21:18:32.0139 3492 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:18:32.0217 3492 TsUsbFlt - ok
21:18:32.0232 3492 tsusbhub - ok
21:18:32.0279 3492 TuneUp.UtilitiesSvc - ok
21:18:32.0326 3492 TuneUpUtilitiesDrv - ok
21:18:32.0357 3492 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:18:32.0451 3492 tunnel - ok
21:18:32.0482 3492 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:18:32.0529 3492 uagp35 - ok
21:18:32.0576 3492 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:18:32.0670 3492 udfs - ok
21:18:32.0732 3492 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:18:32.0795 3492 UI0Detect - ok
21:18:32.0842 3492 [ DE1B2980484AAF20A1DD8B743F96284B ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys
21:18:32.0873 3492 UimBus - ok
21:18:32.0904 3492 [ E40D444BC1D1FBC2CADFBCC99551BAE0 ] Uim_IM C:\Windows\system32\Drivers\Uim_IM.sys
21:18:32.0951 3492 Uim_IM - ok
21:18:32.0998 3492 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:18:33.0029 3492 uliagpkx - ok
21:18:33.0092 3492 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:18:33.0139 3492 umbus - ok
21:18:33.0186 3492 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:18:33.0232 3492 UmPass - ok
21:18:33.0295 3492 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:18:33.0389 3492 UmRdpService - ok
21:18:33.0436 3492 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:18:33.0545 3492 upnphost - ok
21:18:33.0592 3492 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:18:33.0670 3492 usbccgp - ok
21:18:33.0717 3492 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:18:33.0779 3492 usbcir - ok
21:18:33.0811 3492 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:18:33.0857 3492 usbehci - ok
21:18:33.0889 3492 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:18:33.0951 3492 usbhub - ok
21:18:33.0998 3492 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:18:34.0045 3492 usbohci - ok
21:18:34.0076 3492 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:18:34.0123 3492 usbprint - ok
21:18:34.0170 3492 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:18:34.0201 3492 usbscan - ok
21:18:34.0232 3492 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:18:34.0326 3492 USBSTOR - ok
21:18:34.0373 3492 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:18:34.0404 3492 usbuhci - ok
21:18:34.0451 3492 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:18:34.0514 3492 usbvideo - ok
21:18:34.0561 3492 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:18:34.0639 3492 UxSms - ok
21:18:34.0654 3492 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:18:34.0701 3492 VaultSvc - ok
21:18:34.0732 3492 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:18:34.0764 3492 vdrvroot - ok
21:18:34.0811 3492 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:18:34.0920 3492 vds - ok
21:18:34.0982 3492 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:18:35.0029 3492 vga - ok
21:18:35.0061 3492 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:18:35.0139 3492 VgaSave - ok
21:18:35.0154 3492 VGPU - ok
21:18:35.0201 3492 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:18:35.0248 3492 vhdmp - ok
21:18:35.0295 3492 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:18:35.0326 3492 viaagp - ok
21:18:35.0357 3492 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:18:35.0404 3492 ViaC7 - ok
21:18:35.0436 3492 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:18:35.0467 3492 viaide - ok
21:18:35.0498 3492 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:18:35.0545 3492 vmbus - ok
21:18:35.0576 3492 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:18:35.0686 3492 VMBusHID - ok
21:18:35.0701 3492 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:18:35.0732 3492 volmgr - ok
21:18:35.0795 3492 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:18:35.0857 3492 volmgrx - ok
21:18:35.0873 3492 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:18:35.0936 3492 volsnap - ok
21:18:35.0982 3492 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:18:36.0014 3492 vsmraid - ok
21:18:36.0092 3492 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:18:36.0232 3492 VSS - ok
21:18:36.0248 3492 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:18:36.0311 3492 vwifibus - ok
21:18:36.0342 3492 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:18:36.0389 3492 vwififlt - ok
21:18:36.0451 3492 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:18:36.0498 3492 vwifimp - ok
21:18:36.0561 3492 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:18:36.0654 3492 W32Time - ok
21:18:36.0686 3492 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:18:36.0732 3492 WacomPen - ok
21:18:36.0779 3492 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:18:36.0889 3492 WANARP - ok
21:18:36.0889 3492 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:18:36.0967 3492 Wanarpv6 - ok
21:18:37.0045 3492 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:18:37.0186 3492 wbengine - ok
21:18:37.0232 3492 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:18:37.0311 3492 WbioSrvc - ok
21:18:37.0357 3492 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:18:37.0451 3492 wcncsvc - ok
21:18:37.0482 3492 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:18:37.0607 3492 WcsPlugInService - ok
21:18:37.0654 3492 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:18:37.0686 3492 Wd - ok
21:18:37.0717 3492 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:18:37.0779 3492 Wdf01000 - ok
21:18:37.0811 3492 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:18:38.0014 3492 WdiServiceHost - ok
21:18:38.0029 3492 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:18:38.0092 3492 WdiSystemHost - ok
21:18:38.0123 3492 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:18:38.0186 3492 WebClient - ok
21:18:38.0217 3492 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:18:38.0326 3492 Wecsvc - ok
21:18:38.0342 3492 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:18:38.0451 3492 wercplsupport - ok
21:18:38.0482 3492 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:18:38.0576 3492 WerSvc - ok
21:18:38.0639 3492 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:18:38.0701 3492 WfpLwf - ok
21:18:38.0764 3492 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:18:38.0795 3492 WIMMount - ok
21:18:38.0920 3492 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:18:39.0014 3492 WinDefend - ok
21:18:39.0029 3492 WinHttpAutoProxySvc - ok
21:18:39.0139 3492 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:18:39.0217 3492 Winmgmt - ok
21:18:39.0295 3492 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:18:39.0451 3492 WinRM - ok
21:18:39.0529 3492 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:18:39.0576 3492 WinUsb - ok
21:18:39.0654 3492 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:18:39.0764 3492 Wlansvc - ok
21:18:39.0857 3492 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:18:39.0998 3492 wlidsvc - ok
21:18:40.0045 3492 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:18:40.0076 3492 WmiAcpi - ok
21:18:40.0139 3492 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:18:40.0201 3492 wmiApSrv - ok
21:18:40.0279 3492 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:18:40.0436 3492 WMPNetworkSvc - ok
21:18:40.0498 3492 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:18:40.0592 3492 WPCSvc - ok
21:18:40.0623 3492 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:18:40.0686 3492 WPDBusEnum - ok
21:18:40.0748 3492 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:18:40.0842 3492 ws2ifsl - ok
21:18:40.0873 3492 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:18:40.0936 3492 wscsvc - ok
21:18:40.0951 3492 WSearch - ok
21:18:41.0092 3492 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:18:41.0232 3492 wuauserv - ok
21:18:41.0264 3492 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:18:41.0342 3492 WudfPf - ok
21:18:41.0420 3492 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:18:41.0498 3492 WUDFRd - ok
21:18:41.0561 3492 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:18:41.0654 3492 wudfsvc - ok
21:18:41.0701 3492 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:18:41.0764 3492 WwanSvc - ok
21:18:41.0826 3492 ================ Scan global ===============================
21:18:41.0857 3492 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:18:41.0904 3492 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:18:41.0936 3492 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:18:41.0982 3492 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:18:42.0045 3492 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:18:42.0061 3492 [Global] - ok
21:18:42.0061 3492 ================ Scan MBR ==================================
21:18:42.0092 3492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:18:43.0373 3492 \Device\Harddisk0\DR0 - ok
21:18:43.0389 3492 ================ Scan VBR ==================================
21:18:43.0389 3492 [ 6A6C9D6472015E418C82681F4CEA3AC2 ] \Device\Harddisk0\DR0\Partition1
21:18:43.0404 3492 \Device\Harddisk0\DR0\Partition1 - ok
21:18:43.0467 3492 [ 3598D1CCC532E600E83ADF36DEB246BA ] \Device\Harddisk0\DR0\Partition2
21:18:43.0482 3492 \Device\Harddisk0\DR0\Partition2 - ok
21:18:43.0529 3492 [ DF544C3DDCD9E1984B0C5E9EF8583288 ] \Device\Harddisk0\DR0\Partition3
21:18:43.0529 3492 \Device\Harddisk0\DR0\Partition3 - ok
21:18:43.0529 3492 ============================================================
21:18:43.0529 3492 Scan finished
21:18:43.0529 3492 ============================================================
21:18:43.0982 0196 Detected object count: 1
21:18:43.0982 0196 Actual detected object count: 1
21:19:20.0498 0196 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:20.0498 0196 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
15.10.2012, 10:26
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 18:45
| #27 |
| | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|LoadCode:
ATTFilter ComboFix 12-10-14.03 - Jan 15.10.2012 17:58:11.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.1013.292 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gema
c:\users\Jan\AppData\Roaming\Help\coredb\storage
C:\Washer2.rar
c:\washer2.rar\0BC347246285FE3
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-15 bis 2012-10-15 ))))))))))))))))))))))))))))))
.
.
2012-10-15 16:13 . 2012-10-15 16:13 -------- d-----w- c:\users\Jan\AppData\Local\temp
2012-10-15 16:13 . 2012-10-15 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 16:01 . 2012-10-15 16:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{541EA6B7-91A9-4BCD-B678-A1708239D4EC}\offreg.dll
2012-10-14 09:27 . 2012-10-14 09:27 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-13 15:04 . 2012-10-14 16:34 -------- d-----w- C:\_OTL
2012-10-12 13:23 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{541EA6B7-91A9-4BCD-B678-A1708239D4EC}\mpengine.dll
2012-10-10 23:31 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 23:31 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 23:31 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 23:31 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 23:31 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 23:31 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 23:31 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 20:52 . 2012-10-09 20:52 -------- d-----w- c:\program files\ESET
2012-10-06 22:04 . 2012-10-06 22:04 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-26 15:14 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-17 16:50 . 2012-09-17 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 16:50 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 22:04 . 2012-01-29 21:55 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-06 22:04 . 2011-07-19 22:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-18 15:34 . 2012-04-08 08:30 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-18 15:34 . 2011-07-19 19:38 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 13:58 . 2012-05-24 20:22 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-22 17:16 . 2012-09-12 19:29 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 19:29 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 19:29 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 19:29 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-12 19:29 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:47 . 2012-08-15 20:24 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Jan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe"
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCamTray.exe" /s
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\tuneupportable\App\TuneUp\TuneUpUtilitiesService32.exe [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\tuneupportable\App\TuneUp\TuneUpUtilitiesDriver32.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 netr28;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files\Stardock\ObjectDockFree\ODMenu.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-15 18:18:42
ComboFix-quarantined-files.txt 2012-10-15 16:18
.
Vor Suchlauf: 11 Verzeichnis(se), 15.973.400.576 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 15.885.115.392 Bytes frei
.
- - End Of File - - 431537EBCC0B0A9EDFC2E5ED01C6B1B7
|
|
15.10.2012, 20:39
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 21:30
| #29 |
| | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load hi, alle Programme haben ohne Probleme funktioniert GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-20 02:41:55
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160310AS rev.SD03
Running: 8txnpprs.exe; Driver: C:\Users\Jan\AppData\Local\Temp\uwldypow.sys
---- System - GMER 1.0.15 ----
SSDT 8A10879E ZwCreateSection
SSDT 8A1087A8 ZwRequestWaitReplyPort
SSDT 8A1087A3 ZwSetContextThread
SSDT 8A1087AD ZwSetSecurityObject
SSDT 8A1087B2 ZwSystemDebugControl
SSDT 8A10873F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C8CA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CC64D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81CCD62C 4 Bytes [9E, 87, 10, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81CCD988 4 Bytes [A8, 87, 10, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81CCD9CC 4 Bytes [A3, 87, 10, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81CCDA48 4 Bytes [AD, 87, 10, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81CCDA9C 4 Bytes [B2, 87, 10, 8A]
.text ...
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a89f015
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a89f015@001e7c02147a 0x3A 0x71 0x48 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a89f015 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a89f015@001e7c02147a 0x3A 0x71 0x48 0xBE ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 03:08:34 on 20.10.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Opera Software Opera Internet Browser 12.02 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Jan\AppData\Local\Temp\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NetGroup Packet Filter Driver" (npf) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) "Tosrfcom" (Tosrfcom) - ? - C:\Windows\system32\drivers\Tosrfcom.sys (File not found) "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - ? - E:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys (File not found) "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe {1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.7.0_07" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_265.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "LIDIL hpzlllhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpzlllhn.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "FreemakeVideoCapture" (FreemakeVideoCapture) - "Microsoft" - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - ? - "E:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe" (File not found) "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-20 03:11:39
-----------------------------
03:11:39.572 OS Version: Windows 6.1.7601 Service Pack 1
03:11:39.572 Number of processors: 2 586 0x1C02
03:11:39.572 ComputerName: JAN-PC UserName: Jan
03:12:32.056 Initialize success
03:14:39.859 AVAST engine defs: 12101901
03:15:06.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:15:06.187 Disk 0 Vendor: ST9160310AS SD03 Size: 152627MB BusType: 11
03:15:06.250 Disk 0 MBR read successfully
03:15:06.250 Disk 0 MBR scan
03:15:06.265 Disk 0 Windows 7 default MBR code
03:15:06.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
03:15:06.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 137024 MB offset 206848
03:15:06.359 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 15500 MB offset 280832265
03:15:06.390 Disk 0 scanning sectors +312576705
03:15:06.500 Disk 0 scanning C:\Windows\system32\drivers
03:15:25.656 Service scanning
03:16:04.953 Modules scanning
03:16:13.437 Disk 0 trace - called modules:
03:16:13.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys dxgmms1.sys
03:16:13.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84310aa0]
03:16:13.515 3 CLASSPNP.SYS[8679d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8423d030]
03:16:14.406 AVAST engine scan C:\Windows
03:16:18.343 AVAST engine scan C:\Windows\system32
03:22:13.796 AVAST engine scan C:\Windows\system32\drivers
03:22:36.546 AVAST engine scan C:\Users\Jan
03:30:22.812 AVAST engine scan C:\ProgramData
03:31:32.984 Scan finished successfully
03:41:21.953 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
03:41:21.968 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
|
|
22.10.2012, 11:22
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load |
| 0xc0000006, antivir, autorun, avira, bho, browser, converter, downloader, error, festplatte, firefox, flash player, helper, iexplore.exe, jdownloader, logfile, mp3, nicht möglich, object, plug-in, problem, registry, registry value, scan, security, senden, software, svchost.exe, taskhost.exe, trojaner, windows, wrapper |
