Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2" (https://www.trojaner-board.de/120517-tag-neue-viren-trojaner-heute-tr-agent-1712-2-a.html)

cosinus 04.08.2012 17:47
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=rYr4iRqPYrzD9-DDVx6rSQwn8Hk?q={searchTerms}
FF - user.js - File not found
O3 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Gogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:157E1AD3
:Files
C:\Users\Gogi\AppData\Roaming\mIRC\downloads
C:\Users\Gogi\AppData\Roaming\hwzypv.dat
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

SandraZangl 04.08.2012 20:51
Erledigt! :o

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
File C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe not found.
File C:\Users\Gogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Ausfüllformulare\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Unable to delete ADS C:\ProgramData\Temp:157E1AD3 .
========== FILES ==========
File\Folder C:\Users\Gogi\AppData\Roaming\mIRC\downloads not found.
File\Folder C:\Users\Gogi\AppData\Roaming\hwzypv.dat not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gogi
->Temp folder emptied: 3113110087 bytes
->Temporary Internet Files folder emptied: 1862962555 bytes
->Java cache emptied: 104553 bytes
->FireFox cache emptied: 621368403 bytes
->Google Chrome cache emptied: 468910833 bytes
->Apple Safari cache emptied: 170294272 bytes
->Opera cache emptied: 2118076 bytes
->Flash cache emptied: 463136 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 293570871 bytes
RecycleBin emptied: 514044603 bytes
 
Total Files Cleaned = 6.720,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gogi
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 08042012_212852

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 05.08.2012 13:58
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

SandraZangl 05.08.2012 19:30
OK, hab alles geskippt. Hier das Log:

Code:
20:25:12.0752 6056        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:25:12.0939 6056        ============================================================
20:25:12.0939 6056        Current date / time: 2012/08/05 20:25:12.0939
20:25:12.0939 6056        SystemInfo:
20:25:12.0939 6056       
20:25:12.0939 6056        OS Version: 6.0.6002 ServicePack: 2.0
20:25:12.0939 6056        Product type: Workstation
20:25:12.0939 6056        ComputerName: GOGI-PC
20:25:12.0939 6056        UserName: Gogi
20:25:12.0939 6056        Windows directory: C:\Windows
20:25:12.0939 6056        System windows directory: C:\Windows
20:25:12.0939 6056        Processor architecture: Intel x86
20:25:12.0939 6056        Number of processors: 4
20:25:12.0939 6056        Page size: 0x1000
20:25:12.0939 6056        Boot type: Normal boot
20:25:12.0939 6056        ============================================================
20:25:14.0702 6056        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:25:14.0796 6056        ============================================================
20:25:14.0796 6056        \Device\Harddisk0\DR0:
20:25:14.0796 6056        MBR partitions:
20:25:14.0796 6056        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x18A31800
20:25:14.0796 6056        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19BC6000, BlocksNum 0x30C91AB0
20:25:14.0796 6056        ============================================================
20:25:14.0921 6056        C: <-> \Device\Harddisk0\DR0\Partition0
20:25:14.0983 6056        D: <-> \Device\Harddisk0\DR0\Partition1
20:25:15.0014 6056        ============================================================
20:25:15.0014 6056        Initialize success
20:25:15.0014 6056        ============================================================
20:26:14.0453 6788        ============================================================
20:26:14.0453 6788        Scan started
20:26:14.0453 6788        Mode: Manual; SigCheck; TDLFS;
20:26:14.0453 6788        ============================================================
20:26:17.0635 6788        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:26:17.0791 6788        ACPI - ok
20:26:17.0979 6788        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:26:18.0010 6788        AdobeARMservice - ok
20:26:18.0696 6788        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:18.0712 6788        AdobeFlashPlayerUpdateSvc - ok
20:26:18.0774 6788        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:26:18.0806 6788        adp94xx - ok
20:26:18.0868 6788        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:26:18.0899 6788        adpahci - ok
20:26:18.0915 6788        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:26:18.0930 6788        adpu160m - ok
20:26:18.0962 6788        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:26:18.0977 6788        adpu320 - ok
20:26:19.0008 6788        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:26:19.0071 6788        AeLookupSvc - ok
20:26:19.0133 6788        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:26:19.0196 6788        AFD - ok
20:26:19.0258 6788        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:26:19.0274 6788        agp440 - ok
20:26:19.0383 6788        ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
20:26:19.0398 6788        ahcix86s - ok
20:26:19.0445 6788        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:26:19.0461 6788        aic78xx - ok
20:26:19.0476 6788        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:26:19.0586 6788        ALG - ok
20:26:19.0601 6788        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:26:19.0617 6788        aliide - ok
20:26:19.0648 6788        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:26:19.0664 6788        amdagp - ok
20:26:19.0679 6788        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:26:19.0679 6788        amdide - ok
20:26:19.0710 6788        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:26:19.0757 6788        AmdK7 - ok
20:26:19.0773 6788        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:26:19.0820 6788        AmdK8 - ok
20:26:20.0007 6788        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:26:20.0038 6788        AntiVirSchedulerService - ok
20:26:20.0085 6788        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:26:20.0101 6788        AntiVirService - ok
20:26:20.0147 6788        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:26:20.0194 6788        Appinfo - ok
20:26:20.0288 6788        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:20.0303 6788        Apple Mobile Device - ok
20:26:20.0366 6788        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:26:20.0381 6788        arc - ok
20:26:20.0444 6788        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:26:20.0459 6788        arcsas - ok
20:26:20.0569 6788        aspnet_state    (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:26:20.0584 6788        aspnet_state - ok
20:26:20.0600 6788        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:20.0647 6788        AsyncMac - ok
20:26:20.0678 6788        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:26:20.0693 6788        atapi - ok
20:26:20.0787 6788        Ati External Event Utility (86fb6b8ddbcb6e025ce8a90f77af1ff1) C:\Windows\system32\Ati2evxx.exe
20:26:20.0896 6788        Ati External Event Utility - ok
20:26:22.0722 6788        atikmdag        (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
20:26:22.0909 6788        atikmdag - ok
20:26:23.0580 6788        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:26:23.0627 6788        AudioEndpointBuilder - ok
20:26:23.0627 6788        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:26:23.0658 6788        Audiosrv - ok
20:26:23.0751 6788        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:26:23.0751 6788        avgntflt - ok
20:26:23.0814 6788        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:26:23.0829 6788        avipbb - ok
20:26:23.0861 6788        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:26:23.0876 6788        avkmgr - ok
20:26:23.0954 6788        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:26:24.0017 6788        Beep - ok
20:26:24.0064 6788        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:26:24.0142 6788        BFE - ok
20:26:24.0360 6788        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:26:24.0469 6788        BITS - ok
20:26:24.0532 6788        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:26:24.0547 6788        blbdrive - ok
20:26:25.0218 6788        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:26:25.0249 6788        Bonjour Service - ok
20:26:25.0281 6788        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:26:25.0327 6788        bowser - ok
20:26:25.0359 6788        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:26:25.0405 6788        BrFiltLo - ok
20:26:25.0421 6788        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:26:25.0468 6788        BrFiltUp - ok
20:26:25.0561 6788        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:26:25.0593 6788        Browser - ok
20:26:25.0639 6788        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:26:25.0780 6788        Brserid - ok
20:26:25.0795 6788        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:26:25.0858 6788        BrSerWdm - ok
20:26:25.0873 6788        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:26:25.0936 6788        BrUsbMdm - ok
20:26:25.0951 6788        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:26:26.0014 6788        BrUsbSer - ok
20:26:26.0045 6788        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:26:26.0107 6788        BTHMODEM - ok
20:26:26.0217 6788        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:26:26.0248 6788        cdfs - ok
20:26:26.0295 6788        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:26:26.0326 6788        cdrom - ok
20:26:26.0388 6788        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:26:26.0419 6788        CertPropSvc - ok
20:26:26.0451 6788        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:26:26.0497 6788        circlass - ok
20:26:26.0747 6788        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:26:26.0763 6788        CLFS - ok
20:26:26.0841 6788        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:26.0856 6788        clr_optimization_v2.0.50727_32 - ok
20:26:27.0168 6788        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:27.0184 6788        clr_optimization_v4.0.30319_32 - ok
20:26:27.0231 6788        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:26:27.0246 6788        cmdide - ok
20:26:27.0278 6788        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:26:27.0278 6788        Compbatt - ok
20:26:27.0309 6788        COMSysApp - ok
20:26:27.0324 6788        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:26:27.0340 6788        crcdisk - ok
20:26:27.0356 6788        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:26:27.0402 6788        Crusoe - ok
20:26:27.0449 6788        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:26:27.0496 6788        CryptSvc - ok
20:26:27.0590 6788        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:26:27.0652 6788        DcomLaunch - ok
20:26:27.0668 6788        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:26:27.0714 6788        DfsC - ok
20:26:29.0134 6788        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:26:29.0322 6788        DFSR - ok
20:26:29.0446 6788        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:26:29.0509 6788        Dhcp - ok
20:26:29.0587 6788        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:26:29.0602 6788        disk - ok
20:26:29.0618 6788        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:26:29.0651 6788        Dnscache - ok
20:26:29.0706 6788        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:26:29.0742 6788        dot3svc - ok
20:26:29.0811 6788        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:26:29.0850 6788        DPS - ok
20:26:29.0913 6788        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:26:29.0955 6788        drmkaud - ok
20:26:30.0348 6788        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:26:30.0527 6788        DXGKrnl - ok
20:26:30.0635 6788        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:26:30.0772 6788        E1G60 - ok
20:26:30.0928 6788        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:26:30.0975 6788        EapHost - ok
20:26:31.0178 6788        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:26:31.0193 6788        Ecache - ok
20:26:31.0318 6788        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:26:31.0365 6788        ehRecvr - ok
20:26:31.0381 6788        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:26:31.0427 6788        ehSched - ok
20:26:31.0443 6788        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:26:31.0459 6788        ehstart - ok
20:26:31.0521 6788        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:26:31.0583 6788        elxstor - ok
20:26:31.0818 6788        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:26:31.0864 6788        EMDMgmt - ok
20:26:31.0927 6788        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:26:31.0958 6788        ErrDev - ok
20:26:32.0145 6788        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:26:32.0192 6788        EventSystem - ok
20:26:32.0239 6788        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:26:32.0286 6788        exfat - ok
20:26:32.0332 6788        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:26:32.0348 6788        fastfat - ok
20:26:32.0379 6788        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:26:32.0410 6788        fdc - ok
20:26:32.0442 6788        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:26:32.0473 6788        fdPHost - ok
20:26:32.0473 6788        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:26:32.0535 6788        FDResPub - ok
20:26:32.0566 6788        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:26:32.0582 6788        FileInfo - ok
20:26:32.0598 6788        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:26:32.0629 6788        Filetrace - ok
20:26:32.0644 6788        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:32.0691 6788        flpydisk - ok
20:26:32.0722 6788        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:26:32.0754 6788        FltMgr - ok
20:26:32.0832 6788        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:26:32.0894 6788        FontCache - ok
20:26:33.0035 6788        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:26:33.0050 6788        FontCache3.0.0.0 - ok
20:26:33.0050 6788        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:26:33.0097 6788        Fs_Rec - ok
20:26:33.0113 6788        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:26:33.0128 6788        gagp30kx - ok
20:26:33.0144 6788        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:26:33.0159 6788        GEARAspiWDM - ok
20:26:33.0269 6788        GoogleDesktopManager-110309-193829 (f0187e45268e86aaaa932cbd9087bea8) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:26:33.0284 6788        GoogleDesktopManager-110309-193829 - ok
20:26:33.0315 6788        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:26:33.0409 6788        gpsvc - ok
20:26:33.0487 6788        gupdate1ca08a3ac5dc7e8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:26:33.0503 6788        gupdate1ca08a3ac5dc7e8 - ok
20:26:33.0518 6788        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:26:33.0534 6788        gupdatem - ok
20:26:33.0581 6788        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:26:33.0643 6788        HdAudAddService - ok
20:26:33.0705 6788        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:26:33.0768 6788        HDAudBus - ok
20:26:33.0830 6788        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:26:33.0877 6788        HidBth - ok
20:26:33.0908 6788        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:26:33.0955 6788        HidIr - ok
20:26:33.0986 6788        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:26:34.0033 6788        hidserv - ok
20:26:34.0049 6788        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:26:34.0064 6788        HidUsb - ok
20:26:34.0080 6788        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:26:34.0111 6788        hkmsvc - ok
20:26:34.0142 6788        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:26:34.0142 6788        HpCISSs - ok
20:26:34.0205 6788        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:26:34.0283 6788        HTTP - ok
20:26:34.0314 6788        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:26:34.0330 6788        i2omp - ok
20:26:34.0361 6788        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:26:34.0392 6788        i8042prt - ok
20:26:34.0439 6788        iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
20:26:34.0454 6788        iaStor - ok
20:26:34.0657 6788        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:26:34.0673 6788        iaStorV - ok
20:26:34.0876 6788        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:26:34.0922 6788        idsvc - ok
20:26:34.0938 6788        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:26:34.0938 6788        iirsp - ok
20:26:35.0000 6788        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:26:35.0063 6788        IKEEXT - ok
20:26:35.0843 6788        IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
20:26:36.0015 6788        IntcAzAudAddService - ok
20:26:37.0403 6788        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:26:37.0419 6788        intelide - ok
20:26:37.0466 6788        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:26:37.0512 6788        intelppm - ok
20:26:37.0590 6788        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:26:37.0637 6788        IPBusEnum - ok
20:26:37.0668 6788        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:26:37.0700 6788        IpFilterDriver - ok
20:26:37.0762 6788        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:26:37.0809 6788        iphlpsvc - ok
20:26:37.0809 6788        IpInIp - ok
20:26:37.0824 6788        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:26:37.0871 6788        IPMIDRV - ok
20:26:37.0887 6788        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:26:37.0918 6788        IPNAT - ok
20:26:38.0948 6788        iPod Service    (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:26:39.0010 6788        iPod Service - ok
20:26:39.0026 6788        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:26:39.0057 6788        IRENUM - ok
20:26:39.0088 6788        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:26:39.0104 6788        isapnp - ok
20:26:39.0151 6788        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:26:39.0182 6788        iScsiPrt - ok
20:26:39.0213 6788        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:26:39.0229 6788        iteatapi - ok
20:26:39.0260 6788        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:26:39.0275 6788        iteraid - ok
20:26:39.0307 6788        JRAID          (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
20:26:39.0431 6788        JRAID - ok
20:26:39.0447 6788        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:26:39.0463 6788        kbdclass - ok
20:26:39.0494 6788        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:26:39.0541 6788        kbdhid - ok
20:26:39.0572 6788        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:39.0619 6788        KeyIso - ok
20:26:40.0321 6788        KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
20:26:40.0352 6788        KSecDD - ok
20:26:40.0399 6788        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:26:40.0477 6788        KtmRm - ok
20:26:40.0726 6788        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:26:40.0789 6788        LanmanServer - ok
20:26:40.0836 6788        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:26:40.0898 6788        LanmanWorkstation - ok
20:26:40.0960 6788        Lbd - ok
20:26:40.0992 6788        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:26:41.0023 6788        lltdio - ok
20:26:41.0054 6788        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:26:41.0101 6788        lltdsvc - ok
20:26:41.0117 6788        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:26:41.0163 6788        lmhosts - ok
20:26:41.0210 6788        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:26:41.0226 6788        LSI_FC - ok
20:26:41.0257 6788        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:26:41.0273 6788        LSI_SAS - ok
20:26:41.0304 6788        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:26:41.0304 6788        LSI_SCSI - ok
20:26:41.0335 6788        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:26:41.0382 6788        luafv - ok
20:26:41.0413 6788        MBAMProtector  (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
20:26:41.0429 6788        MBAMProtector - ok
20:26:41.0959 6788        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:26:42.0021 6788        MBAMService - ok
20:26:42.0053 6788        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:26:42.0084 6788        Mcx2Svc - ok
20:26:42.0162 6788        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:26:42.0162 6788        megasas - ok
20:26:42.0224 6788        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:26:42.0240 6788        MegaSR - ok
20:26:42.0333 6788        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:26:42.0380 6788        MMCSS - ok
20:26:42.0411 6788        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:26:42.0443 6788        Modem - ok
20:26:42.0474 6788        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:26:42.0505 6788        monitor - ok
20:26:42.0536 6788        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:26:42.0552 6788        mouclass - ok
20:26:42.0583 6788        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:26:42.0630 6788        mouhid - ok
20:26:42.0724 6788        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:26:42.0739 6788        MountMgr - ok
20:26:42.0942 6788        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:26:42.0958 6788        MozillaMaintenance - ok
20:26:42.0973 6788        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:26:42.0989 6788        mpio - ok
20:26:43.0004 6788        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:26:43.0051 6788        mpsdrv - ok
20:26:43.0098 6788        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:26:43.0160 6788        MpsSvc - ok
20:26:43.0176 6788        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:26:43.0192 6788        Mraid35x - ok
20:26:43.0207 6788        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:26:43.0238 6788        MRxDAV - ok
20:26:43.0270 6788        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:26:43.0316 6788        mrxsmb - ok
20:26:43.0332 6788        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:26:43.0394 6788        mrxsmb10 - ok
20:26:43.0410 6788        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:26:43.0441 6788        mrxsmb20 - ok
20:26:43.0457 6788        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:26:43.0472 6788        msahci - ok
20:26:43.0488 6788        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:26:43.0504 6788        msdsm - ok
20:26:43.0535 6788        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:26:43.0582 6788        MSDTC - ok
20:26:43.0628 6788        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:26:43.0660 6788        Msfs - ok
20:26:43.0675 6788        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:26:43.0691 6788        msisadrv - ok
20:26:43.0738 6788        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:26:43.0784 6788        MSiSCSI - ok
20:26:43.0800 6788        msiserver - ok
20:26:43.0816 6788        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:26:43.0847 6788        MSKSSRV - ok
20:26:43.0878 6788        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:26:43.0909 6788        MSPCLOCK - ok
20:26:43.0941 6788        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:26:43.0972 6788        MSPQM - ok
20:26:44.0003 6788        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:26:44.0019 6788        MsRPC - ok
20:26:44.0034 6788        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:26:44.0050 6788        mssmbios - ok
20:26:44.0050 6788        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:26:44.0081 6788        MSTEE - ok
20:26:44.0112 6788        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:26:44.0128 6788        Mup - ok
20:26:44.0159 6788        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:26:44.0206 6788        napagent - ok
20:26:44.0268 6788        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:26:44.0299 6788        NativeWifiP - ok
20:26:44.0549 6788        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:26:44.0565 6788        NDIS - ok
20:26:44.0596 6788        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:26:44.0627 6788        NdisTapi - ok
20:26:44.0658 6788        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:26:44.0674 6788        Ndisuio - ok
20:26:44.0721 6788        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:26:44.0752 6788        NdisWan - ok
20:26:44.0752 6788        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:26:44.0783 6788        NDProxy - ok
20:26:44.0783 6788        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:26:44.0830 6788        NetBIOS - ok
20:26:44.0861 6788        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:26:44.0923 6788        netbt - ok
20:26:44.0939 6788        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:44.0955 6788        Netlogon - ok
20:26:45.0001 6788        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:26:45.0048 6788        Netman - ok
20:26:45.0079 6788        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:26:45.0111 6788        netprofm - ok
20:26:45.0173 6788        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:26:45.0189 6788        NetTcpPortSharing - ok
20:26:45.0220 6788        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:26:45.0236 6788        nfrd960 - ok
20:26:45.0267 6788        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:26:45.0314 6788        NlaSvc - ok
20:26:45.0376 6788        NPF            (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
20:26:45.0376 6788        NPF - ok
20:26:45.0392 6788        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:26:45.0438 6788        Npfs - ok
20:26:45.0470 6788        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:26:45.0501 6788        nsi - ok
20:26:45.0532 6788        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:26:45.0563 6788        nsiproxy - ok
20:26:47.0077 6788        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:26:47.0170 6788        Ntfs - ok
20:26:47.0248 6788        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:26:47.0279 6788        ntrigdigi - ok
20:26:47.0311 6788        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:26:47.0342 6788        Null - ok
20:26:47.0389 6788        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:26:47.0404 6788        nvraid - ok
20:26:47.0420 6788        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:26:47.0435 6788        nvstor - ok
20:26:47.0467 6788        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:26:47.0482 6788        nv_agp - ok
20:26:47.0482 6788        NwlnkFlt - ok
20:26:47.0482 6788        NwlnkFwd - ok
20:26:47.0545 6788        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:26:47.0576 6788        ohci1394 - ok
20:26:47.0669 6788        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:26:47.0685 6788        ose - ok
20:26:47.0747 6788        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:47.0857 6788        p2pimsvc - ok
20:26:47.0872 6788        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:47.0935 6788        p2psvc - ok
20:26:47.0997 6788        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
20:26:48.0028 6788        Parport - ok
20:26:48.0138 6788        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:26:48.0169 6788        partmgr - ok
20:26:48.0200 6788        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
20:26:48.0231 6788        Parvdm - ok
20:26:48.0278 6788        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:26:48.0340 6788        PcaSvc - ok
20:26:48.0356 6788        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:26:48.0387 6788        pci - ok
20:26:48.0403 6788        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:26:48.0403 6788        pciide - ok
20:26:48.0450 6788        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:26:48.0465 6788        pcmcia - ok
20:26:48.0559 6788        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:26:48.0637 6788        PEAUTH - ok
20:26:49.0589 6788        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:26:49.0698 6788        pla - ok
20:26:50.0197 6788        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:26:50.0244 6788        PlugPlay - ok
20:26:50.0291 6788        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:50.0337 6788        PNRPAutoReg - ok
20:26:50.0353 6788        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:50.0400 6788        PNRPsvc - ok
20:26:50.0962 6788        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:26:51.0024 6788        PolicyAgent - ok
20:26:51.0164 6788        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:26:51.0211 6788        PptpMiniport - ok
20:26:51.0242 6788        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:26:51.0274 6788        Processor - ok
20:26:51.0445 6788        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:26:51.0492 6788        ProfSvc - ok
20:26:51.0508 6788        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:51.0523 6788        ProtectedStorage - ok
20:26:51.0648 6788        ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
20:26:51.0664 6788        ProtexisLicensing - ok
20:26:51.0695 6788        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:26:51.0742 6788        PSched - ok
20:26:51.0804 6788        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:26:51.0804 6788        PxHelp20 - ok
20:26:51.0913 6788        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:26:51.0976 6788        ql2300 - ok
20:26:52.0054 6788        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:26:52.0054 6788        ql40xx - ok
20:26:52.0101 6788        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:26:52.0132 6788        QWAVE - ok
20:26:52.0147 6788        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:26:52.0163 6788        QWAVEdrv - ok
20:26:52.0194 6788        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:26:52.0241 6788        RasAcd - ok
20:26:52.0272 6788        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:26:52.0319 6788        RasAuto - ok
20:26:52.0444 6788        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:52.0491 6788        Rasl2tp - ok
20:26:52.0522 6788        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:26:52.0569 6788        RasMan - ok
20:26:52.0662 6788        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:52.0693 6788        RasPppoe - ok
20:26:52.0725 6788        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:26:52.0740 6788        RasSstp - ok
20:26:52.0771 6788        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:26:52.0834 6788        rdbss - ok
20:26:52.0865 6788        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:52.0896 6788        RDPCDD - ok
20:26:52.0927 6788        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:26:52.0959 6788        rdpdr - ok
20:26:52.0959 6788        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:26:52.0990 6788        RDPENCDD - ok
20:26:53.0021 6788        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:26:53.0068 6788        RDPWD - ok
20:26:53.0115 6788        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:26:53.0161 6788        RemoteAccess - ok
20:26:53.0208 6788        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:26:53.0239 6788        RemoteRegistry - ok
20:26:53.0474 6788        rpcapd          (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
20:26:53.0489 6788        rpcapd - ok
20:26:53.0520 6788        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:26:53.0552 6788        RpcLocator - ok
20:26:53.0598 6788        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:26:53.0630 6788        RpcSs - ok
20:26:53.0661 6788        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:26:53.0708 6788        rspndr - ok
20:26:53.0770 6788        RTHDMIAzAudService (1aa29238d4b14f4a20b2c4aaea6e0f6e) C:\Windows\system32\drivers\RtHDMIV.sys
20:26:53.0786 6788        RTHDMIAzAudService - ok
20:26:53.0848 6788        RTL8169        (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:26:53.0879 6788        RTL8169 - ok
20:26:53.0879 6788        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:53.0895 6788        SamSs - ok
20:26:53.0910 6788        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:26:53.0926 6788        sbp2port - ok
20:26:53.0957 6788        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:26:53.0973 6788        SCardSvr - ok
20:26:54.0020 6788        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:26:54.0098 6788        Schedule - ok
20:26:54.0144 6788        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:26:54.0160 6788        SCPolicySvc - ok
20:26:54.0347 6788        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:26:54.0394 6788        SDRSVC - ok
20:26:54.0410 6788        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:26:54.0472 6788        secdrv - ok
20:26:54.0503 6788        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:26:54.0534 6788        seclogon - ok
20:26:54.0550 6788        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:26:54.0597 6788        SENS - ok
20:26:54.0628 6788        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:26:54.0659 6788        Serenum - ok
20:26:54.0706 6788        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:26:54.0753 6788        Serial - ok
20:26:54.0769 6788        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:26:54.0800 6788        sermouse - ok
20:26:54.0831 6788        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:26:54.0878 6788        SessionEnv - ok
20:26:54.0893 6788        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:26:54.0909 6788        sffdisk - ok
20:26:54.0925 6788        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:26:54.0956 6788        sffp_mmc - ok
20:26:54.0971 6788        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:26:55.0003 6788        sffp_sd - ok
20:26:55.0018 6788        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:26:55.0081 6788        sfloppy - ok
20:26:55.0533 6788        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:26:55.0564 6788        SharedAccess - ok
20:26:56.0017 6788        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:26:56.0064 6788        ShellHWDetection - ok
20:26:56.0079 6788        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:26:56.0095 6788        sisagp - ok
20:26:56.0126 6788        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:26:56.0142 6788        SiSRaid2 - ok
20:26:56.0157 6788        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:26:56.0173 6788        SiSRaid4 - ok
20:26:57.0312 6788        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:26:57.0468 6788        slsvc - ok
20:26:57.0764 6788        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:26:57.0795 6788        SLUINotify - ok
20:26:57.0842 6788        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:26:57.0873 6788        Smb - ok
20:26:57.0920 6788        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:26:57.0936 6788        SNMPTRAP - ok
20:26:57.0967 6788        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:26:57.0983 6788        spldr - ok
20:26:57.0998 6788        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:26:58.0061 6788        Spooler - ok
20:26:58.0092 6788        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:26:58.0139 6788        srv - ok
20:26:58.0170 6788        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:26:58.0185 6788        srv2 - ok
20:26:58.0217 6788        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:26:58.0232 6788        srvnet - ok
20:26:58.0248 6788        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:26:58.0295 6788        SSDPSRV - ok
20:26:58.0341 6788        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:26:58.0357 6788        ssmdrv - ok
20:26:58.0388 6788        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:26:58.0419 6788        SstpSvc - ok
20:26:58.0466 6788        ss_bus          (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
20:26:58.0482 6788        ss_bus - ok
20:26:58.0544 6788        ss_mdfl        (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
20:26:58.0544 6788        ss_mdfl - ok
20:26:58.0575 6788        ss_mdm          (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
20:26:58.0591 6788        ss_mdm - ok
20:26:58.0622 6788        StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
20:26:58.0653 6788        StarOpen ( UnsignedFile.Multi.Generic ) - warning
20:26:58.0653 6788        StarOpen - detected UnsignedFile.Multi.Generic (1)
20:26:58.0700 6788        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:26:58.0763 6788        stisvc - ok
20:26:58.0794 6788        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:26:58.0794 6788        swenum - ok
20:26:58.0856 6788        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:26:58.0888 6788        swprv - ok
20:26:58.0919 6788        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:26:58.0934 6788        Symc8xx - ok
20:26:58.0950 6788        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:26:58.0966 6788        Sym_hi - ok
20:26:58.0997 6788        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:26:59.0012 6788        Sym_u3 - ok
20:26:59.0044 6788        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:26:59.0106 6788        SysMain - ok
20:26:59.0278 6788        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:26:59.0324 6788        TabletInputService - ok
20:26:59.0356 6788        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:26:59.0387 6788        TapiSrv - ok
20:26:59.0418 6788        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:26:59.0449 6788        TBS - ok
20:27:00.0105 6788        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:27:00.0167 6788        Tcpip - ok
20:27:00.0167 6788        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:27:00.0261 6788        Tcpip6 - ok
20:27:00.0307 6788        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:27:00.0339 6788        tcpipreg - ok
20:27:00.0354 6788        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:27:00.0385 6788        TDPIPE - ok
20:27:00.0401 6788        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:27:00.0417 6788        TDTCP - ok
20:27:00.0463 6788        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:27:00.0510 6788        tdx - ok
20:27:00.0541 6788        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:27:00.0557 6788        TermDD - ok
20:27:00.0619 6788        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:27:00.0666 6788        TermService - ok
20:27:01.0197 6788        TestHandler    (250b9120c7c103afdc0c6643f9691055) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
20:27:01.0243 6788        TestHandler ( UnsignedFile.Multi.Generic ) - warning
20:27:01.0243 6788        TestHandler - detected UnsignedFile.Multi.Generic (1)
20:27:01.0275 6788        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:27:01.0290 6788        Themes - ok
20:27:01.0321 6788        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:27:01.0337 6788        THREADORDER - ok
20:27:01.0384 6788        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:27:01.0431 6788        TrkWks - ok
20:27:01.0556 6788        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:27:01.0602 6788        TrustedInstaller - ok
20:27:01.0634 6788        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:01.0665 6788        tssecsrv - ok
20:27:01.0696 6788        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:27:01.0727 6788        tunmp - ok
20:27:01.0758 6788        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:27:01.0774 6788        tunnel - ok
20:27:01.0852 6788        U6000ALL        (8d05125fe197ce6e2440e82e433da4cc) C:\Windows\system32\DRIVERS\U6000ALL.sys
20:27:01.0946 6788        U6000ALL - ok
20:27:01.0961 6788        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:27:01.0977 6788        uagp35 - ok
20:27:02.0008 6788        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:27:02.0039 6788        udfs - ok
20:27:02.0117 6788        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:27:02.0180 6788        UI0Detect - ok
20:27:02.0180 6788        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:27:02.0195 6788        uliagpkx - ok
20:27:02.0226 6788        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:27:02.0258 6788        uliahci - ok
20:27:02.0273 6788        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:27:02.0304 6788        UlSata - ok
20:27:02.0336 6788        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:27:02.0351 6788        ulsata2 - ok
20:27:02.0367 6788        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:27:02.0398 6788        umbus - ok
20:27:02.0429 6788        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:27:02.0476 6788        upnphost - ok
20:27:02.0819 6788        UPnPService    (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:27:02.0897 6788        UPnPService ( UnsignedFile.Multi.Generic ) - warning
20:27:02.0897 6788        UPnPService - detected UnsignedFile.Multi.Generic (1)
20:27:02.0944 6788        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:27:02.0960 6788        USBAAPL - ok
20:27:03.0038 6788        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:27:03.0069 6788        usbaudio - ok
20:27:03.0147 6788        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:03.0163 6788        usbccgp - ok
20:27:03.0194 6788        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:27:03.0256 6788        usbcir - ok
20:27:03.0287 6788        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:27:03.0334 6788        usbehci - ok
20:27:03.0350 6788        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:27:03.0397 6788        usbhub - ok
20:27:03.0412 6788        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:27:03.0443 6788        usbohci - ok
20:27:03.0475 6788        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:27:03.0521 6788        usbprint - ok
20:27:03.0553 6788        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:27:03.0584 6788        usbscan - ok
20:27:03.0615 6788        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:03.0631 6788        USBSTOR - ok
20:27:03.0631 6788        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:27:03.0677 6788        usbuhci - ok
20:27:03.0693 6788        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:27:03.0724 6788        UxSms - ok
20:27:03.0771 6788        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:27:03.0833 6788        vds - ok
20:27:03.0833 6788        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:03.0865 6788        vga - ok
20:27:03.0880 6788        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:27:03.0927 6788        VgaSave - ok
20:27:03.0943 6788        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:27:03.0958 6788        viaagp - ok
20:27:03.0974 6788        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:27:04.0005 6788        ViaC7 - ok
20:27:04.0052 6788        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:27:04.0067 6788        viaide - ok
20:27:04.0067 6788        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:27:04.0083 6788        volmgr - ok
20:27:04.0114 6788        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:27:04.0161 6788        volmgrx - ok
20:27:04.0192 6788        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:27:04.0208 6788        volsnap - ok
20:27:04.0255 6788        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:27:04.0255 6788        vsmraid - ok
20:27:04.0348 6788        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:27:04.0473 6788        VSS - ok
20:27:04.0504 6788        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:27:04.0536 6788        W32Time - ok
20:27:04.0567 6788        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:27:04.0614 6788        WacomPen - ok
20:27:04.0629 6788        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:04.0660 6788        Wanarp - ok
20:27:04.0660 6788        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:04.0676 6788        Wanarpv6 - ok
20:27:04.0707 6788        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:27:04.0738 6788        wcncsvc - ok
20:27:04.0801 6788        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:27:04.0832 6788        WcsPlugInService - ok
20:27:04.0848 6788        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:27:04.0863 6788        Wd - ok
20:27:05.0378 6788        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:27:05.0409 6788        Wdf01000 - ok
20:27:05.0456 6788        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:27:05.0503 6788        WdiServiceHost - ok
20:27:05.0503 6788        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:27:05.0534 6788        WdiSystemHost - ok
20:27:05.0550 6788        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:27:05.0597 6788        WebClient - ok
20:27:05.0628 6788        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:27:05.0721 6788        Wecsvc - ok
20:27:05.0799 6788        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:27:05.0846 6788        wercplsupport - ok
20:27:05.0862 6788        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:27:05.0893 6788        WerSvc - ok
20:27:06.0283 6788        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:27:06.0299 6788        WinDefend - ok
20:27:06.0299 6788        WinHttpAutoProxySvc - ok
20:27:06.0751 6788        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:27:06.0782 6788        Winmgmt - ok
20:27:07.0828 6788        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:27:07.0921 6788        WinRM - ok
20:27:08.0296 6788        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:27:08.0374 6788        Wlansvc - ok
20:27:09.0872 6788        wlidsvc        (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:27:09.0950 6788        wlidsvc - ok
20:27:10.0168 6788        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:27:10.0199 6788        WmiAcpi - ok
20:27:10.0262 6788        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:27:10.0293 6788        wmiApSrv - ok
20:27:10.0480 6788        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:27:10.0558 6788        WMPNetworkSvc - ok
20:27:10.0589 6788        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:27:10.0652 6788        WPCSvc - ok
20:27:10.0667 6788        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:27:10.0698 6788        WPDBusEnum - ok
20:27:10.0823 6788        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:27:10.0839 6788        WpdUsb - ok
20:27:11.0057 6788        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:27:11.0135 6788        WPFFontCache_v0400 - ok
20:27:11.0182 6788        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:27:11.0213 6788        ws2ifsl - ok
20:27:11.0260 6788        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:27:11.0307 6788        wscsvc - ok
20:27:11.0307 6788        WSearch - ok
20:27:12.0852 6788        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:27:12.0930 6788        wuauserv - ok
20:27:13.0273 6788        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:13.0304 6788        WUDFRd - ok
20:27:13.0320 6788        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:27:13.0382 6788        wudfsvc - ok
20:27:13.0398 6788        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:27:15.0800 6788        \Device\Harddisk0\DR0 - ok
20:27:15.0847 6788        Boot (0x1200)  (bc6fe28d5945db40d385f44ed9b4e835) \Device\Harddisk0\DR0\Partition0
20:27:15.0863 6788        \Device\Harddisk0\DR0\Partition0 - ok
20:27:15.0878 6788        Boot (0x1200)  (9cc4818abe260c4037ea3dbd870f6038) \Device\Harddisk0\DR0\Partition1
20:27:15.0910 6788        \Device\Harddisk0\DR0\Partition1 - ok
20:27:15.0910 6788        ============================================================
20:27:15.0910 6788        Scan finished
20:27:15.0910 6788        ============================================================
20:27:15.0910 7800        Detected object count: 3
20:27:15.0910 7800        Actual detected object count: 3
20:28:22.0879 7800        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0879 7800        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:22.0881 7800        TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0881 7800        TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:22.0882 7800        UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0883 7800        UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 05.08.2012 19:35
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

SandraZangl 06.08.2012 20:13
Die Combofix-Auswertung:

Code:
ComboFix 12-08-05.02 - Gogi 06.08.2012  20:54:55.3.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3327.2381 [GMT 2:00]
ausgeführt von:: c:\users\Gogi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\EBD1821E4F.sys
c:\users\Gogi\AppData\Roaming\mIRC\logs\status.log
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))
.
.
2012-08-06 19:03 . 2012-08-06 19:03        --------        d-----w-        c:\users\Gogi\AppData\Local\temp
2012-08-06 19:03 . 2012-08-06 19:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-06 17:15 . 2012-08-06 17:15        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB90D36-6782-45AE-9B82-A43CD699C07A}\offreg.dll
2012-08-04 19:20 . 2012-08-04 19:20        --------        d-----w-        C:\_OTL
2012-08-03 13:51 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB90D36-6782-45AE-9B82-A43CD699C07A}\mpengine.dll
2012-07-31 18:34 . 2012-07-31 18:34        --------        d-----w-        c:\program files\ESET
2012-07-23 21:50 . 2012-07-23 21:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-23 21:50 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-23 21:31 . 2012-07-23 21:31        --------        d-----w-        c:\users\Gogi\AppData\Roaming\Malwarebytes
2012-07-23 21:31 . 2012-07-23 21:31        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-14 20:46 . 2012-07-14 20:45        476976        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-07-11 23:44 . 2012-06-13 13:40        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 21:33 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 21:33 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 21:33 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-11 21:33 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-11 21:33 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-07-11 21:33 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:09 . 2012-05-22 15:28        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 17:09 . 2012-05-22 15:28        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-14 20:45 . 2012-02-19 12:53        472880        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 05:42        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:42        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:42        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:42        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:42        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:42        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:42        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:42        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:42        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-02 18:59        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-08 20:04 . 2012-04-08 10:26        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 20:04 . 2012-04-08 10:26        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-07-24 17:28 . 2012-02-26 03:26        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-17 21:46 . 2009-11-17 21:46        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Spotify Web Helper"="c:\users\Gogi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-19 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-17 21:46        30192        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40        20480        ----a-w-        c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 08:27        136176        ----atw-        c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00        49152        ----a-w-        c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17        61440        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 17:09]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 19:03]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 19:03]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2546707314-2983746973-2447176769-1000Core.job
- c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16 08:27]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2546707314-2983746973-2447176769-1000UA.job
- c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16 08:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 83.169.184.161 83.169.184.225
FF - ProfilePath - c:\users\Gogi\AppData\Roaming\Mozilla\Firefox\Profiles\q40g44d4.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared files\brs.exe
MSConfigStartUp-LifeChat - c:\program files\Microsoft LifeChat\LifeChat.exe
MSConfigStartUp-RemoteControl10 - c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
AddRemove-Sprill - c:\progra~3\PURPLE~1\Sprill\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-06 21:03
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Gogi\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-06  21:05:34
ComboFix-quarantined-files.txt  2012-08-06 19:05
.
Vor Suchlauf: 20 Verzeichnis(se), 111.306.338.304 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 110.734.389.248 Bytes frei
.
- - End Of File - - 2812919A7020623DD495BB042018765B

cosinus 07.08.2012 14:42
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:21 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58