Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Conteneur Acitvex Österreich (https://www.trojaner-board.de/120170-conteneur-acitvex-osterreich.html)

cosinus 16.08.2012 08:10
Du siehst diesen Screenshot nicht? => http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

tom0401 21.08.2012 05:22
so, hier das log
Code:
06:17:02.0943 0392  TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
06:17:02.0974 0392  ============================================================
06:17:02.0974 0392  Current date / time: 2012/08/21 06:17:02.0974
06:17:02.0974 0392  SystemInfo:
06:17:02.0974 0392 
06:17:02.0974 0392  OS Version: 6.1.7601 ServicePack: 1.0
06:17:02.0974 0392  Product type: Workstation
06:17:02.0974 0392  ComputerName: FRANZITOM
06:17:02.0974 0392  UserName: Tom
06:17:02.0974 0392  Windows directory: C:\Windows
06:17:02.0974 0392  System windows directory: C:\Windows
06:17:02.0990 0392  Running under WOW64
06:17:02.0990 0392  Processor architecture: Intel x64
06:17:02.0990 0392  Number of processors: 3
06:17:02.0990 0392  Page size: 0x1000
06:17:02.0990 0392  Boot type: Normal boot
06:17:02.0990 0392  ============================================================
06:17:04.0487 0392  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:17:04.0487 0392  ============================================================
06:17:04.0487 0392  \Device\Harddisk0\DR0:
06:17:04.0487 0392  MBR partitions:
06:17:04.0487 0392  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
06:17:04.0487 0392  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48009800
06:17:04.0487 0392  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4806D800, BlocksNum 0x27B6800
06:17:04.0487 0392  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
06:17:04.0487 0392  ============================================================
06:17:04.0518 0392  C: <-> \Device\Harddisk0\DR0\Partition2
06:17:04.0830 0392  D: <-> \Device\Harddisk0\DR0\Partition3
06:17:04.0830 0392  ============================================================
06:17:04.0830 0392  Initialize success
06:17:04.0830 0392  ============================================================
06:18:05.0784 3232  ============================================================
06:18:05.0784 3232  Scan started
06:18:05.0784 3232  Mode: Manual; SigCheck; TDLFS;
06:18:05.0784 3232  ============================================================
06:18:07.0032 3232  ================ Scan services =============================
06:18:07.0203 3232  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
06:18:07.0328 3232  1394ohci - ok
06:18:07.0375 3232  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer  C:\Windows\system32\DRIVERS\Accelerometer.sys
06:18:07.0406 3232  Accelerometer - ok
06:18:07.0453 3232  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
06:18:07.0500 3232  ACPI - ok
06:18:07.0531 3232  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
06:18:07.0593 3232  AcpiPmi - ok
06:18:07.0734 3232  [ F19C98AD81D2C0E1BBFD8153D2C80EE8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:18:07.0765 3232  AdobeFlashPlayerUpdateSvc - ok
06:18:07.0827 3232  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
06:18:07.0859 3232  adp94xx - ok
06:18:07.0921 3232  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
06:18:07.0952 3232  adpahci - ok
06:18:07.0983 3232  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
06:18:07.0999 3232  adpu320 - ok
06:18:08.0046 3232  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
06:18:08.0124 3232  AeLookupSvc - ok
06:18:08.0217 3232  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters    C:\Program Files\IDT\WDM\AESTSr64.exe
06:18:08.0280 3232  AESTFilters - ok
06:18:08.0327 3232  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
06:18:08.0405 3232  AFD - ok
06:18:08.0436 3232  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
06:18:08.0451 3232  agp440 - ok
06:18:08.0498 3232  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
06:18:08.0561 3232  ALG - ok
06:18:08.0592 3232  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
06:18:08.0623 3232  aliide - ok
06:18:08.0670 3232  [ F233AFD413A378E54A41F115C4D7B45A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
06:18:08.0732 3232  AMD External Events Utility - ok
06:18:08.0763 3232  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
06:18:08.0795 3232  amdide - ok
06:18:08.0841 3232  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
06:18:08.0888 3232  AmdK8 - ok
06:18:09.0075 3232  [ 4EFCAD891762E4620DADBCC0D8B0CC08 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
06:18:09.0341 3232  amdkmdag - ok
06:18:09.0434 3232  [ 38B1E1ACD54D7671A6A3E96E6BBF2BFF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
06:18:09.0481 3232  amdkmdap - ok
06:18:09.0543 3232  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
06:18:09.0590 3232  AmdPPM - ok
06:18:09.0637 3232  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
06:18:09.0668 3232  amdsata - ok
06:18:09.0699 3232  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
06:18:09.0731 3232  amdsbs - ok
06:18:09.0762 3232  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
06:18:09.0793 3232  amdxata - ok
06:18:10.0027 3232  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
06:18:10.0058 3232  AntiVirSchedulerService - ok
06:18:10.0089 3232  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
06:18:10.0121 3232  AntiVirService - ok
06:18:10.0167 3232  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
06:18:10.0292 3232  AppID - ok
06:18:10.0323 3232  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
06:18:10.0417 3232  AppIDSvc - ok
06:18:10.0464 3232  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
06:18:10.0557 3232  Appinfo - ok
06:18:10.0604 3232  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
06:18:10.0635 3232  arc - ok
06:18:10.0667 3232  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
06:18:10.0682 3232  arcsas - ok
06:18:10.0729 3232  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
06:18:10.0807 3232  AsyncMac - ok
06:18:10.0854 3232  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
06:18:10.0885 3232  atapi - ok
06:18:10.0963 3232  [ F8633CDD09647A64EE8DB550630427FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
06:18:11.0025 3232  athr - ok
06:18:11.0088 3232  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
06:18:11.0119 3232  AtiHdmiService - ok
06:18:11.0166 3232  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
06:18:11.0197 3232  AtiPcie - ok
06:18:11.0259 3232  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:18:11.0369 3232  AudioEndpointBuilder - ok
06:18:11.0400 3232  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
06:18:11.0478 3232  AudioSrv - ok
06:18:11.0540 3232  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
06:18:11.0587 3232  avgntflt - ok
06:18:11.0649 3232  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
06:18:11.0681 3232  avipbb - ok
06:18:11.0696 3232  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
06:18:11.0727 3232  avkmgr - ok
06:18:11.0790 3232  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
06:18:11.0852 3232  AxInstSV - ok
06:18:11.0899 3232  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
06:18:11.0961 3232  b06bdrv - ok
06:18:11.0993 3232  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
06:18:12.0055 3232  b57nd60a - ok
06:18:12.0102 3232  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
06:18:12.0149 3232  BDESVC - ok
06:18:12.0195 3232  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
06:18:12.0289 3232  Beep - ok
06:18:12.0351 3232  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
06:18:12.0429 3232  BFE - ok
06:18:12.0476 3232  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
06:18:12.0601 3232  BITS - ok
06:18:12.0648 3232  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
06:18:12.0695 3232  blbdrive - ok
06:18:12.0741 3232  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
06:18:12.0773 3232  bowser - ok
06:18:12.0819 3232  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:18:12.0866 3232  BrFiltLo - ok
06:18:12.0897 3232  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:18:12.0929 3232  BrFiltUp - ok
06:18:12.0975 3232  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
06:18:13.0022 3232  Browser - ok
06:18:13.0069 3232  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
06:18:13.0131 3232  Brserid - ok
06:18:13.0163 3232  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
06:18:13.0225 3232  BrSerWdm - ok
06:18:13.0256 3232  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
06:18:13.0319 3232  BrUsbMdm - ok
06:18:13.0350 3232  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
06:18:13.0397 3232  BrUsbSer - ok
06:18:13.0443 3232  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
06:18:13.0506 3232  BTHMODEM - ok
06:18:13.0537 3232  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
06:18:13.0631 3232  bthserv - ok
06:18:13.0662 3232  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
06:18:13.0740 3232  cdfs - ok
06:18:13.0787 3232  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
06:18:13.0833 3232  cdrom - ok
06:18:13.0865 3232  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
06:18:13.0958 3232  CertPropSvc - ok
06:18:14.0005 3232  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
06:18:14.0067 3232  circlass - ok
06:18:14.0099 3232  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
06:18:14.0130 3232  CLFS - ok
06:18:14.0208 3232  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:18:14.0223 3232  clr_optimization_v2.0.50727_32 - ok
06:18:14.0286 3232  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:18:14.0317 3232  clr_optimization_v2.0.50727_64 - ok
06:18:14.0395 3232  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:18:14.0426 3232  clr_optimization_v4.0.30319_32 - ok
06:18:14.0504 3232  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:18:14.0535 3232  clr_optimization_v4.0.30319_64 - ok
06:18:14.0582 3232  [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd          C:\Windows\system32\DRIVERS\clwvd.sys
06:18:14.0613 3232  clwvd - ok
06:18:14.0660 3232  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
06:18:14.0691 3232  CmBatt - ok
06:18:14.0723 3232  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
06:18:14.0754 3232  cmdide - ok
06:18:14.0785 3232  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
06:18:14.0847 3232  CNG - ok
06:18:14.0894 3232  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
06:18:14.0925 3232  Compbatt - ok
06:18:14.0988 3232  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
06:18:15.0035 3232  CompositeBus - ok
06:18:15.0050 3232  COMSysApp - ok
06:18:15.0097 3232  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
06:18:15.0128 3232  crcdisk - ok
06:18:15.0191 3232  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
06:18:15.0237 3232  CryptSvc - ok
06:18:15.0300 3232  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
06:18:15.0378 3232  DcomLaunch - ok
06:18:15.0409 3232  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
06:18:15.0471 3232  defragsvc - ok
06:18:15.0503 3232  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
06:18:15.0612 3232  DfsC - ok
06:18:15.0659 3232  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
06:18:15.0752 3232  Dhcp - ok
06:18:15.0783 3232  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
06:18:15.0861 3232  discache - ok
06:18:15.0908 3232  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
06:18:15.0939 3232  Disk - ok
06:18:15.0971 3232  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
06:18:16.0049 3232  dot3svc - ok
06:18:16.0095 3232  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
06:18:16.0205 3232  DPS - ok
06:18:16.0251 3232  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
06:18:16.0298 3232  drmkaud - ok
06:18:16.0361 3232  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
06:18:16.0407 3232  DXGKrnl - ok
06:18:16.0439 3232  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
06:18:16.0517 3232  EapHost - ok
06:18:16.0626 3232  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
06:18:16.0751 3232  ebdrv - ok
06:18:16.0782 3232  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
06:18:16.0829 3232  EFS - ok
06:18:16.0907 3232  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
06:18:16.0985 3232  ehRecvr - ok
06:18:17.0016 3232  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
06:18:17.0063 3232  ehSched - ok
06:18:17.0125 3232  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
06:18:17.0156 3232  elxstor - ok
06:18:17.0188 3232  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
06:18:17.0219 3232  ErrDev - ok
06:18:17.0297 3232  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
06:18:17.0375 3232  EventSystem - ok
06:18:17.0453 3232  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
06:18:17.0531 3232  exfat - ok
06:18:17.0562 3232  ezSharedSvc - ok
06:18:17.0593 3232  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
06:18:17.0702 3232  fastfat - ok
06:18:17.0765 3232  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
06:18:17.0812 3232  Fax - ok
06:18:17.0843 3232  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
06:18:17.0874 3232  fdc - ok
06:18:17.0921 3232  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
06:18:17.0999 3232  fdPHost - ok
06:18:18.0030 3232  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
06:18:18.0108 3232  FDResPub - ok
06:18:18.0139 3232  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
06:18:18.0155 3232  FileInfo - ok
06:18:18.0170 3232  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
06:18:18.0248 3232  Filetrace - ok
06:18:18.0280 3232  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
06:18:18.0295 3232  flpydisk - ok
06:18:18.0358 3232  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
06:18:18.0389 3232  FltMgr - ok
06:18:18.0482 3232  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
06:18:18.0560 3232  FontCache - ok
06:18:18.0623 3232  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:18:18.0654 3232  FontCache3.0.0.0 - ok
06:18:18.0685 3232  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
06:18:18.0701 3232  FsDepends - ok
06:18:18.0732 3232  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
06:18:18.0748 3232  Fs_Rec - ok
06:18:18.0794 3232  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
06:18:18.0841 3232  fvevol - ok
06:18:18.0888 3232  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
06:18:18.0919 3232  gagp30kx - ok
06:18:19.0013 3232  [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
06:18:19.0044 3232  GameConsoleService - ok
06:18:19.0075 3232  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
06:18:19.0138 3232  gpsvc - ok
06:18:19.0247 3232  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:18:19.0262 3232  gupdate - ok
06:18:19.0294 3232  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:18:19.0325 3232  gupdatem - ok
06:18:19.0340 3232  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
06:18:19.0387 3232  hcw85cir - ok
06:18:19.0450 3232  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:18:19.0481 3232  HdAudAddService - ok
06:18:19.0528 3232  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
06:18:19.0574 3232  HDAudBus - ok
06:18:19.0621 3232  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
06:18:19.0668 3232  HidBatt - ok
06:18:19.0699 3232  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
06:18:19.0746 3232  HidBth - ok
06:18:19.0793 3232  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
06:18:19.0824 3232  HidIr - ok
06:18:19.0855 3232  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
06:18:19.0949 3232  hidserv - ok
06:18:20.0011 3232  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
06:18:20.0042 3232  HidUsb - ok
06:18:20.0074 3232  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
06:18:20.0152 3232  hkmsvc - ok
06:18:20.0198 3232  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:18:20.0245 3232  HomeGroupListener - ok
06:18:20.0276 3232  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:18:20.0339 3232  HomeGroupProvider - ok
06:18:20.0386 3232  [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
06:18:20.0417 3232  HP Support Assistant Service - ok
06:18:20.0495 3232  [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
06:18:20.0510 3232  HP Wireless Assistant Service - ok
06:18:20.0573 3232  [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
06:18:20.0604 3232  HPDrvMntSvc.exe - ok
06:18:20.0651 3232  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
06:18:20.0666 3232  hpdskflt - ok
06:18:20.0744 3232  [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
06:18:20.0776 3232  hpqwmiex - ok
06:18:20.0838 3232  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
06:18:20.0869 3232  HpSAMD - ok
06:18:20.0900 3232  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv          C:\Windows\system32\Hpservice.exe
06:18:20.0916 3232  hpsrv - ok
06:18:20.0978 3232  [ 5AA89E152634954E15E9DB265C6A8557 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
06:18:20.0994 3232  HPWMISVC - ok
06:18:21.0056 3232  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
06:18:21.0134 3232  HTTP - ok
06:18:21.0228 3232  [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
06:18:21.0275 3232  hwdatacard - ok
06:18:21.0322 3232  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
06:18:21.0353 3232  hwpolicy - ok
06:18:21.0415 3232  [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
06:18:21.0446 3232  hwusbdev - ok
06:18:21.0524 3232  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
06:18:21.0556 3232  i8042prt - ok
06:18:21.0618 3232  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
06:18:21.0665 3232  iaStorV - ok
06:18:21.0727 3232  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:18:21.0774 3232  idsvc - ok
06:18:21.0961 3232  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
06:18:22.0211 3232  igfx - ok
06:18:22.0258 3232  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
06:18:22.0289 3232  iirsp - ok
06:18:22.0336 3232  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
06:18:22.0414 3232  IKEEXT - ok
06:18:22.0445 3232  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
06:18:22.0476 3232  intelide - ok
06:18:22.0523 3232  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
06:18:22.0570 3232  intelppm - ok
06:18:22.0616 3232  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
06:18:22.0663 3232  IPBusEnum - ok
06:18:22.0694 3232  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:18:22.0788 3232  IpFilterDriver - ok
06:18:22.0819 3232  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
06:18:22.0882 3232  iphlpsvc - ok
06:18:22.0913 3232  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
06:18:22.0944 3232  IPMIDRV - ok
06:18:22.0975 3232  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
06:18:23.0053 3232  IPNAT - ok
06:18:23.0084 3232  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
06:18:23.0131 3232  IRENUM - ok
06:18:23.0162 3232  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
06:18:23.0194 3232  isapnp - ok
06:18:23.0225 3232  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
06:18:23.0240 3232  iScsiPrt - ok
06:18:23.0287 3232  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
06:18:23.0318 3232  kbdclass - ok
06:18:23.0381 3232  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
06:18:23.0396 3232  kbdhid - ok
06:18:23.0412 3232  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
06:18:23.0428 3232  KeyIso - ok
06:18:23.0459 3232  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
06:18:23.0474 3232  KSecDD - ok
06:18:23.0506 3232  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
06:18:23.0537 3232  KSecPkg - ok
06:18:23.0584 3232  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
06:18:23.0662 3232  ksthunk - ok
06:18:23.0708 3232  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
06:18:23.0786 3232  KtmRm - ok
06:18:23.0833 3232  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
06:18:23.0927 3232  LanmanServer - ok
06:18:23.0989 3232  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:18:24.0067 3232  LanmanWorkstation - ok
06:18:24.0161 3232  [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
06:18:24.0176 3232  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
06:18:24.0176 3232  LightScribeService - detected UnsignedFile.Multi.Generic (1)
06:18:24.0223 3232  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
06:18:24.0301 3232  lltdio - ok
06:18:24.0348 3232  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
06:18:24.0410 3232  lltdsvc - ok
06:18:24.0442 3232  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
06:18:24.0473 3232  lmhosts - ok
06:18:24.0520 3232  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
06:18:24.0551 3232  LSI_FC - ok
06:18:24.0582 3232  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
06:18:24.0613 3232  LSI_SAS - ok
06:18:24.0660 3232  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:18:24.0691 3232  LSI_SAS2 - ok
06:18:24.0707 3232  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:18:24.0722 3232  LSI_SCSI - ok
06:18:24.0769 3232  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
06:18:24.0847 3232  luafv - ok
06:18:24.0910 3232  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
06:18:24.0956 3232  Mcx2Svc - ok
06:18:24.0988 3232  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
06:18:25.0019 3232  megasas - ok
06:18:25.0066 3232  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
06:18:25.0097 3232  MegaSR - ok
06:18:25.0128 3232  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
06:18:25.0190 3232  MMCSS - ok
06:18:25.0222 3232  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
06:18:25.0300 3232  Modem - ok
06:18:25.0331 3232  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
06:18:25.0378 3232  monitor - ok
06:18:25.0424 3232  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
06:18:25.0456 3232  mouclass - ok
06:18:25.0502 3232  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
06:18:25.0549 3232  mouhid - ok
06:18:25.0580 3232  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
06:18:25.0612 3232  mountmgr - ok
06:18:25.0643 3232  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
06:18:25.0658 3232  mpio - ok
06:18:25.0690 3232  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
06:18:25.0736 3232  mpsdrv - ok
06:18:25.0799 3232  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
06:18:25.0892 3232  MpsSvc - ok
06:18:25.0939 3232  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
06:18:26.0002 3232  MRxDAV - ok
06:18:26.0048 3232  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
06:18:26.0095 3232  mrxsmb - ok
06:18:26.0126 3232  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:18:26.0189 3232  mrxsmb10 - ok
06:18:26.0236 3232  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:18:26.0267 3232  mrxsmb20 - ok
06:18:26.0282 3232  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
06:18:26.0298 3232  msahci - ok
06:18:26.0329 3232  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
06:18:26.0345 3232  msdsm - ok
06:18:26.0392 3232  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
06:18:26.0454 3232  MSDTC - ok
06:18:26.0501 3232  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
06:18:26.0579 3232  Msfs - ok
06:18:26.0610 3232  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
06:18:26.0672 3232  mshidkmdf - ok
06:18:26.0704 3232  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
06:18:26.0719 3232  msisadrv - ok
06:18:26.0750 3232  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
06:18:26.0828 3232  MSiSCSI - ok
06:18:26.0844 3232  msiserver - ok
06:18:26.0891 3232  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
06:18:26.0953 3232  MSKSSRV - ok
06:18:26.0984 3232  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
06:18:27.0062 3232  MSPCLOCK - ok
06:18:27.0109 3232  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
06:18:27.0203 3232  MSPQM - ok
06:18:27.0250 3232  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
06:18:27.0281 3232  MsRPC - ok
06:18:27.0312 3232  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
06:18:27.0343 3232  mssmbios - ok
06:18:27.0390 3232  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
06:18:27.0468 3232  MSTEE - ok
06:18:27.0499 3232  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
06:18:27.0546 3232  MTConfig - ok
06:18:27.0593 3232  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
06:18:27.0624 3232  Mup - ok
06:18:27.0655 3232  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
06:18:27.0733 3232  napagent - ok
06:18:27.0780 3232  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
06:18:27.0842 3232  NativeWifiP - ok
06:18:27.0905 3232  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
06:18:27.0952 3232  NDIS - ok
06:18:27.0998 3232  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
06:18:28.0076 3232  NdisCap - ok
06:18:28.0108 3232  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
06:18:28.0170 3232  NdisTapi - ok
06:18:28.0232 3232  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
06:18:28.0310 3232  Ndisuio - ok
06:18:28.0342 3232  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
06:18:28.0435 3232  NdisWan - ok
06:18:28.0466 3232  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
06:18:28.0544 3232  NDProxy - ok
06:18:28.0591 3232  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
06:18:28.0669 3232  NetBIOS - ok
06:18:28.0716 3232  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
06:18:28.0763 3232  NetBT - ok
06:18:28.0778 3232  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
06:18:28.0794 3232  Netlogon - ok
06:18:28.0841 3232  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
06:18:28.0950 3232  Netman - ok
06:18:28.0966 3232  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
06:18:29.0028 3232  netprofm - ok
06:18:29.0059 3232  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:18:29.0090 3232  NetTcpPortSharing - ok
06:18:29.0246 3232  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
06:18:29.0434 3232  netw5v64 - ok
06:18:29.0465 3232  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
06:18:29.0496 3232  nfrd960 - ok
06:18:29.0543 3232  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
06:18:29.0636 3232  NlaSvc - ok
06:18:29.0746 3232  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
06:18:29.0808 3232  NOBU - ok
06:18:29.0839 3232  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
06:18:29.0902 3232  Npfs - ok
06:18:29.0933 3232  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
06:18:30.0011 3232  nsi - ok
06:18:30.0042 3232  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
06:18:30.0120 3232  nsiproxy - ok
06:18:30.0214 3232  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
06:18:30.0260 3232  Ntfs - ok
06:18:30.0292 3232  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
06:18:30.0385 3232  Null - ok
06:18:30.0432 3232  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
06:18:30.0463 3232  nvraid - ok
06:18:30.0479 3232  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
06:18:30.0510 3232  nvstor - ok
06:18:30.0541 3232  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
06:18:30.0572 3232  nv_agp - ok
06:18:30.0604 3232  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
06:18:30.0635 3232  ohci1394 - ok
06:18:30.0713 3232  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:18:30.0728 3232  ose - ok
06:18:30.0806 3232  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
06:18:30.0853 3232  p2pimsvc - ok
06:18:30.0916 3232  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
06:18:30.0947 3232  p2psvc - ok
06:18:30.0978 3232  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
06:18:31.0009 3232  Parport - ok
06:18:31.0040 3232  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
06:18:31.0056 3232  partmgr - ok
06:18:31.0087 3232  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
06:18:31.0134 3232  PcaSvc - ok
06:18:31.0181 3232  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
06:18:31.0196 3232  pci - ok
06:18:31.0228 3232  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
06:18:31.0228 3232  pciide - ok
06:18:31.0274 3232  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
06:18:31.0306 3232  pcmcia - ok
06:18:31.0337 3232  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
06:18:31.0368 3232  pcw - ok
06:18:31.0384 3232  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
06:18:31.0477 3232  PEAUTH - ok
06:18:31.0586 3232  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
06:18:31.0649 3232  PerfHost - ok
06:18:31.0742 3232  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
06:18:31.0867 3232  pla - ok
06:18:31.0930 3232  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
06:18:31.0961 3232  PlugPlay - ok
06:18:31.0976 3232  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
06:18:32.0023 3232  PNRPAutoReg - ok
06:18:32.0054 3232  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
06:18:32.0086 3232  PNRPsvc - ok
06:18:32.0148 3232  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64        C:\Windows\system32\DRIVERS\point64.sys
06:18:32.0179 3232  Point64 - ok
06:18:32.0210 3232  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
06:18:32.0257 3232  PolicyAgent - ok
06:18:32.0288 3232  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
06:18:32.0366 3232  Power - ok
06:18:32.0413 3232  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
06:18:32.0491 3232  PptpMiniport - ok
06:18:32.0522 3232  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
06:18:32.0569 3232  Processor - ok
06:18:32.0616 3232  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
06:18:32.0663 3232  ProfSvc - ok
06:18:32.0694 3232  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:18:32.0710 3232  ProtectedStorage - ok
06:18:32.0772 3232  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
06:18:32.0850 3232  Psched - ok
06:18:32.0897 3232  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
06:18:32.0944 3232  ql2300 - ok
06:18:32.0959 3232  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
06:18:32.0990 3232  ql40xx - ok
06:18:33.0022 3232  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
06:18:33.0068 3232  QWAVE - ok
06:18:33.0084 3232  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
06:18:33.0146 3232  QWAVEdrv - ok
06:18:33.0162 3232  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
06:18:33.0240 3232  RasAcd - ok
06:18:33.0287 3232  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
06:18:33.0365 3232  RasAgileVpn - ok
06:18:33.0380 3232  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
06:18:33.0474 3232  RasAuto - ok
06:18:33.0521 3232  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
06:18:33.0583 3232  Rasl2tp - ok
06:18:33.0630 3232  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
06:18:33.0692 3232  RasMan - ok
06:18:33.0739 3232  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
06:18:33.0770 3232  RasPppoe - ok
06:18:33.0786 3232  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
06:18:33.0864 3232  RasSstp - ok
06:18:33.0895 3232  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
06:18:33.0973 3232  rdbss - ok
06:18:33.0989 3232  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
06:18:34.0036 3232  rdpbus - ok
06:18:34.0082 3232  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
06:18:34.0160 3232  RDPCDD - ok
06:18:34.0192 3232  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
06:18:34.0301 3232  RDPENCDD - ok
06:18:34.0316 3232  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
06:18:34.0410 3232  RDPREFMP - ok
06:18:34.0441 3232  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
06:18:34.0472 3232  RDPWD - ok
06:18:34.0535 3232  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
06:18:34.0566 3232  rdyboost - ok
06:18:34.0597 3232  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
06:18:34.0675 3232  RemoteAccess - ok
06:18:34.0706 3232  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
06:18:34.0816 3232  RemoteRegistry - ok
06:18:34.0831 3232  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
06:18:34.0956 3232  RpcEptMapper - ok
06:18:34.0987 3232  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
06:18:35.0034 3232  RpcLocator - ok
06:18:35.0081 3232  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
06:18:35.0128 3232  RpcSs - ok
06:18:35.0174 3232  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
06:18:35.0252 3232  rspndr - ok
06:18:35.0284 3232  [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
06:18:35.0330 3232  RSUSBSTOR - ok
06:18:35.0377 3232  [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
06:18:35.0440 3232  RTL8167 - ok
06:18:35.0455 3232  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
06:18:35.0471 3232  SamSs - ok
06:18:35.0486 3232  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
06:18:35.0502 3232  sbp2port - ok
06:18:35.0533 3232  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
06:18:35.0596 3232  SCardSvr - ok
06:18:35.0627 3232  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
06:18:35.0705 3232  scfilter - ok
06:18:35.0752 3232  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
06:18:35.0830 3232  Schedule - ok
06:18:35.0876 3232  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
06:18:35.0923 3232  SCPolicySvc - ok
06:18:35.0986 3232  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus          C:\Windows\system32\drivers\sdbus.sys
06:18:36.0032 3232  sdbus - ok
06:18:36.0079 3232  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
06:18:36.0126 3232  SDRSVC - ok
06:18:36.0173 3232  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
06:18:36.0251 3232  secdrv - ok
06:18:36.0282 3232  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
06:18:36.0344 3232  seclogon - ok
06:18:36.0391 3232  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
06:18:36.0485 3232  SENS - ok
06:18:36.0532 3232  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
06:18:36.0563 3232  SensrSvc - ok
06:18:36.0610 3232  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
06:18:36.0656 3232  Serenum - ok
06:18:36.0688 3232  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
06:18:36.0719 3232  Serial - ok
06:18:36.0750 3232  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
06:18:36.0766 3232  sermouse - ok
06:18:36.0812 3232  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
06:18:36.0906 3232  SessionEnv - ok
06:18:36.0953 3232  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
06:18:36.0984 3232  sffdisk - ok
06:18:37.0031 3232  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
06:18:37.0062 3232  sffp_mmc - ok
06:18:37.0109 3232  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
06:18:37.0171 3232  sffp_sd - ok
06:18:37.0202 3232  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
06:18:37.0249 3232  sfloppy - ok
06:18:37.0296 3232  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
06:18:37.0374 3232  SharedAccess - ok
06:18:37.0421 3232  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:18:37.0468 3232  ShellHWDetection - ok
06:18:37.0514 3232  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:18:37.0546 3232  SiSRaid2 - ok
06:18:37.0577 3232  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
06:18:37.0577 3232  SiSRaid4 - ok
06:18:37.0639 3232  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
06:18:37.0717 3232  Smb - ok
06:18:37.0764 3232  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
06:18:37.0795 3232  SNMPTRAP - ok
06:18:37.0826 3232  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
06:18:37.0858 3232  spldr - ok
06:18:37.0904 3232  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
06:18:37.0936 3232  Spooler - ok
06:18:38.0045 3232  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
06:18:38.0185 3232  sppsvc - ok
06:18:38.0232 3232  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
06:18:38.0310 3232  sppuinotify - ok
06:18:38.0357 3232  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
06:18:38.0404 3232  srv - ok
06:18:38.0450 3232  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
06:18:38.0497 3232  srv2 - ok
06:18:38.0544 3232  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA      C:\Windows\system32\DRIVERS\VSTAZL6.SYS
06:18:38.0606 3232  SrvHsfHDA - ok
06:18:38.0669 3232  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92      C:\Windows\system32\DRIVERS\VSTDPV6.SYS
06:18:38.0747 3232  SrvHsfV92 - ok
06:18:38.0794 3232  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac    C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
06:18:38.0825 3232  SrvHsfWinac - ok
06:18:38.0872 3232  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
06:18:38.0918 3232  srvnet - ok
06:18:38.0965 3232  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
06:18:39.0090 3232  SSDPSRV - ok
06:18:39.0106 3232  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
06:18:39.0168 3232  SstpSvc - ok
06:18:39.0277 3232  [ F009AA51B87E2CF6E89C16DDFE61ABB3 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
06:18:39.0324 3232  STacSV - ok
06:18:39.0371 3232  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
06:18:39.0386 3232  stexstor - ok
06:18:39.0480 3232  [ E0428C27010305E3C54315BE7078725B ] STHDA          C:\Windows\system32\DRIVERS\stwrt64.sys
06:18:39.0558 3232  STHDA - ok
06:18:39.0636 3232  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
06:18:39.0714 3232  stisvc - ok
06:18:39.0761 3232  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
06:18:39.0776 3232  swenum - ok
06:18:39.0808 3232  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
06:18:39.0901 3232  swprv - ok
06:18:39.0995 3232  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
06:18:40.0026 3232  SynTP - ok
06:18:40.0104 3232  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
06:18:40.0198 3232  SysMain - ok
06:18:40.0229 3232  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:18:40.0276 3232  TabletInputService - ok
06:18:40.0307 3232  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
06:18:40.0400 3232  TapiSrv - ok
06:18:40.0432 3232  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
06:18:40.0541 3232  TBS - ok
06:18:40.0619 3232  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
06:18:40.0697 3232  Tcpip - ok
06:18:40.0790 3232  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
06:18:40.0837 3232  TCPIP6 - ok
06:18:40.0868 3232  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
06:18:40.0962 3232  tcpipreg - ok
06:18:40.0993 3232  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
06:18:41.0024 3232  TDPIPE - ok
06:18:41.0056 3232  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
06:18:41.0102 3232  TDTCP - ok
06:18:41.0149 3232  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
06:18:41.0212 3232  tdx - ok
06:18:41.0227 3232  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
06:18:41.0243 3232  TermDD - ok
06:18:41.0274 3232  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
06:18:41.0352 3232  TermService - ok
06:18:41.0383 3232  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
06:18:41.0446 3232  Themes - ok
06:18:41.0477 3232  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
06:18:41.0524 3232  THREADORDER - ok
06:18:41.0555 3232  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
06:18:41.0633 3232  TrkWks - ok
06:18:41.0711 3232  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:18:41.0773 3232  TrustedInstaller - ok
06:18:41.0804 3232  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
06:18:41.0867 3232  tssecsrv - ok
06:18:41.0914 3232  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
06:18:41.0960 3232  TsUsbFlt - ok
06:18:42.0023 3232  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
06:18:42.0101 3232  tunnel - ok
06:18:42.0132 3232  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
06:18:42.0163 3232  uagp35 - ok
06:18:42.0194 3232  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
06:18:42.0272 3232  udfs - ok
06:18:42.0319 3232  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
06:18:42.0350 3232  UI0Detect - ok
06:18:42.0382 3232  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
06:18:42.0397 3232  uliagpkx - ok
06:18:42.0444 3232  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
06:18:42.0491 3232  umbus - ok
06:18:42.0522 3232  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
06:18:42.0569 3232  UmPass - ok
06:18:42.0600 3232  Update-Service - ok
06:18:42.0647 3232  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
06:18:42.0709 3232  upnphost - ok
06:18:42.0740 3232  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
06:18:42.0772 3232  usbccgp - ok
06:18:42.0818 3232  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
06:18:42.0850 3232  usbcir - ok
06:18:42.0881 3232  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
06:18:42.0912 3232  usbehci - ok
06:18:42.0959 3232  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
06:18:42.0990 3232  usbfilter - ok
06:18:43.0021 3232  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
06:18:43.0052 3232  usbhub - ok
06:18:43.0084 3232  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
06:18:43.0146 3232  usbohci - ok
06:18:43.0177 3232  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
06:18:43.0224 3232  usbprint - ok
06:18:43.0286 3232  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
06:18:43.0318 3232  usbscan - ok
06:18:43.0349 3232  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:18:43.0396 3232  USBSTOR - ok
06:18:43.0427 3232  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
06:18:43.0474 3232  usbuhci - ok
06:18:43.0505 3232  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
06:18:43.0567 3232  usbvideo - ok
06:18:43.0614 3232  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
06:18:43.0676 3232  UxSms - ok
06:18:43.0708 3232  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
06:18:43.0739 3232  VaultSvc - ok
06:18:43.0786 3232  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
06:18:43.0801 3232  vdrvroot - ok
06:18:43.0848 3232  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
06:18:43.0942 3232  vds - ok
06:18:43.0988 3232  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
06:18:44.0020 3232  vga - ok
06:18:44.0035 3232  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
06:18:44.0113 3232  VgaSave - ok
06:18:44.0176 3232  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
06:18:44.0207 3232  vhdmp - ok
06:18:44.0238 3232  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
06:18:44.0254 3232  viaide - ok
06:18:44.0300 3232  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
06:18:44.0316 3232  volmgr - ok
06:18:44.0347 3232  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
06:18:44.0378 3232  volmgrx - ok
06:18:44.0410 3232  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
06:18:44.0425 3232  volsnap - ok
06:18:44.0472 3232  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
06:18:44.0503 3232  vsmraid - ok
06:18:44.0581 3232  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
06:18:44.0706 3232  VSS - ok
06:18:44.0737 3232  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
06:18:44.0800 3232  vwifibus - ok
06:18:44.0831 3232  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
06:18:44.0893 3232  vwififlt - ok
06:18:44.0924 3232  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
06:18:44.0987 3232  W32Time - ok
06:18:45.0034 3232  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
06:18:45.0080 3232  WacomPen - ok
06:18:45.0127 3232  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
06:18:45.0205 3232  WANARP - ok
06:18:45.0236 3232  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
06:18:45.0299 3232  Wanarpv6 - ok
06:18:45.0346 3232  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
06:18:45.0392 3232  WatAdminSvc - ok
06:18:45.0455 3232  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
06:18:45.0533 3232  wbengine - ok
06:18:45.0580 3232  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
06:18:45.0626 3232  WbioSrvc - ok
06:18:45.0658 3232  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
06:18:45.0720 3232  wcncsvc - ok
06:18:45.0751 3232  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:18:45.0782 3232  WcsPlugInService - ok
06:18:45.0814 3232  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
06:18:45.0845 3232  Wd - ok
06:18:45.0876 3232  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
06:18:45.0907 3232  Wdf01000 - ok
06:18:45.0938 3232  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
06:18:45.0985 3232  WdiServiceHost - ok
06:18:45.0985 3232  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
06:18:46.0016 3232  WdiSystemHost - ok
06:18:46.0063 3232  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
06:18:46.0141 3232  WebClient - ok
06:18:46.0188 3232  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
06:18:46.0266 3232  Wecsvc - ok
06:18:46.0297 3232  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
06:18:46.0375 3232  wercplsupport - ok
06:18:46.0438 3232  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
06:18:46.0516 3232  WerSvc - ok
06:18:46.0547 3232  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
06:18:46.0656 3232  WfpLwf - ok
06:18:46.0687 3232  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
06:18:46.0703 3232  WIMMount - ok
06:18:46.0734 3232  WinDefend - ok
06:18:46.0750 3232  WinHttpAutoProxySvc - ok
06:18:46.0812 3232  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
06:18:46.0921 3232  Winmgmt - ok
06:18:47.0015 3232  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
06:18:47.0155 3232  WinRM - ok
06:18:47.0233 3232  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
06:18:47.0296 3232  WinUsb - ok
06:18:47.0358 3232  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
06:18:47.0420 3232  Wlansvc - ok
06:18:47.0561 3232  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:18:47.0608 3232  wlidsvc - ok
06:18:47.0639 3232  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
06:18:47.0654 3232  WmiAcpi - ok
06:18:47.0701 3232  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
06:18:47.0748 3232  wmiApSrv - ok
06:18:47.0779 3232  WMPNetworkSvc - ok
06:18:47.0810 3232  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
06:18:47.0842 3232  WPCSvc - ok
06:18:47.0873 3232  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
06:18:47.0904 3232  WPDBusEnum - ok
06:18:47.0935 3232  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
06:18:48.0013 3232  ws2ifsl - ok
06:18:48.0044 3232  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
06:18:48.0091 3232  wscsvc - ok
06:18:48.0091 3232  WSearch - ok
06:18:48.0200 3232  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
06:18:48.0278 3232  wuauserv - ok
06:18:48.0310 3232  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
06:18:48.0388 3232  WudfPf - ok
06:18:48.0434 3232  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
06:18:48.0512 3232  WUDFRd - ok
06:18:48.0559 3232  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
06:18:48.0622 3232  wudfsvc - ok
06:18:48.0653 3232  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
06:18:48.0715 3232  WwanSvc - ok
06:18:48.0778 3232  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7        C:\Windows\system32\DRIVERS\yk62x64.sys
06:18:48.0824 3232  yukonw7 - ok
06:18:48.0840 3232  ================ Scan global ===============================
06:18:48.0887 3232  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:18:48.0918 3232  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
06:18:48.0934 3232  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
06:18:48.0965 3232  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:18:49.0105 3232  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:18:49.0121 3232  [Global] - ok
06:18:49.0121 3232  ================ Scan MBR ==================================
06:18:49.0136 3232  [ 082B2EB1BB17532AB49F0E6D7DB74823 ] \Device\Harddisk0\DR0
06:18:50.0275 3232  \Device\Harddisk0\DR0 - ok
06:18:50.0275 3232  ================ Scan VBR ==================================
06:18:50.0291 3232  [ 0C0916F26D40DA03BD909CB1325E51E4 ] \Device\Harddisk0\DR0\Partition1
06:18:50.0291 3232  \Device\Harddisk0\DR0\Partition1 - ok
06:18:50.0306 3232  [ 7169DFD321C83D677130E391FA0523B3 ] \Device\Harddisk0\DR0\Partition2
06:18:50.0306 3232  \Device\Harddisk0\DR0\Partition2 - ok
06:18:50.0338 3232  [ E2DFFC7B7081C0A866A54E7970181BAF ] \Device\Harddisk0\DR0\Partition3
06:18:50.0353 3232  \Device\Harddisk0\DR0\Partition3 - ok
06:18:50.0369 3232  [ A99F74C624386FFE8910AA94105E91BB ] \Device\Harddisk0\DR0\Partition4
06:18:50.0369 3232  \Device\Harddisk0\DR0\Partition4 - ok
06:18:50.0369 3232  ============================================================
06:18:50.0369 3232  Scan finished
06:18:50.0369 3232  ============================================================
06:18:50.0400 2896  Detected object count: 1
06:18:50.0400 2896  Actual detected object count: 1
06:20:12.0862 2896  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
06:20:12.0862 2896  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

AHT 21.08.2012 05:51
Da Cosinus im Urlaub ist, beseitige ich auf dem Rechner Mediyes, da du mich um Hilfe gebeten hast.

Das tun:
  • Von hier Lanmancheck.exe herunterladen und ausführen.
  • Ergebnis des Scans markieren, mit Rechtsklick kopieren und hier einfügen.

Danach das tun:
  • Von hier den PPFScanner herunterladen und die ZIP in einen eigenen Ordner entpacken (zum Beispiel nach C:\PPFS).
  • PPFScan.exe starten.
  • Klicke im PPFScanner oben links auf den Menüpunkt Programm, es öffnet sich dann ein Untermenü.
  • Wähle im Untermenü Script laden und ausführen.
  • Du hast dann im daraufhin erscheinenden Dialog die Möglichkeit, durch die Ordner zu browsen und eine Datei auszuwählen. Wähle hier die Datei Erweiterter Scan.scp aus, die sich im PPFScanner Ordner befindet, klicke dann auf Öffnen und bestätige die erscheinende Messagebox mit Ja.
  • Nach dem Scan beendet sich der Scanner. Es befinden sich dann im Ordner C:\PPF_Scan1 einige Text-Dateien. bitte einen Rechtsklick auf diesen Ordner, mit Winrar packen und hochladen.

Zur Info: Mediyes kann sich nachladen, wenn der Trojaner nicht komplett beseitigt wird. Bleibe, nachdem du die Scanergebnisse gepostet hast, online. Es wird recht schnell eine Antwort von mir geben.

tom0401 21.08.2012 08:40
shit, hab versehentlich das fenster von lanmancheck geschlossen...
dadurch sind die ergebnisse deiner anweisungen jetzt umgekehrt passiert, zuerst ppfscanner dannlanmancheck, hoffe es passt trotzdem!

hier lanmancheck:
DLL im Lanmanworkstation Schlüssel: %SystemRoot%\System32\wkssvc.dll
Geladene DLL: C:\Windows\System32\wkssvc.dll
Signatur der DLL: Microsoft Windows
Rückgabe der Signaturermittlung: Der Vorgang wurde erfolgreich beendet.
MD5 der DLL: 851A1382EED3E3A7476DB004F4EE3E1A

DLL im Dnscache Schlüssel:
Geladene DLL:
Signatur der DLL:
Rückgabe der Signaturermittlung: Das System kann die angegebene Datei nicht finden.
MD5 der DLL: 851A1382EED3E3A7476DB004F4EE3E1A

0.000000

AHT 21.08.2012 08:57
Infiziert bist du mit Mediyes scheinbar seit dem 16.12.2011.
Das jetzt tun:
  • PPFScan.exe starten.
  • In das Texteingabefeld über dem Button Script ausführen folgenden Text einfügen:
Code:
CREATE_FOLDER->C:\PPFS_Sicherung
REGISTRY_SAVE->HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update-Service>C:\PPFS_Sicherung\UPD.reg
REGISTRY_SAVE->HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5>C:\PPFS_Sicherung\NameSpace_Catalog5.reg
REGISTRY_SAVE->HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers>C:\PPFS_Sicherung\Telephony.reg
REGISTRY_SAVE->HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation>C:\PPFS_Sicherung\LanmanWorkstation.reg

KILL_PROCESS->IEXPLORE.EXE
KILL_PROCESS->Firefox.exe
KILL_PROCESS->Chrome.exe
KILL_PROCESS->OPERA.exe
KILL_PROCESS->svchost.exe

REGISTRY_DELETE_KEY->HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
->Update-Service
REGISTRY_DELETE_KEY->HKEY_LOCAL_MACHINE\SOFTWARE
->Joosoft.com

SET_REGISTRY_VALUE->HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
->ServiceDll
->2553797374656D526F6F74255C53797374656D33325C646E7372736C76722E646C6C00
->2

SET_REGISTRY_DWORD_VALUE->HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
->NextProviderID
->5

MOVE_FILE_ON_REBOOT->C:\Windows\system32\incvj4ffr.tsp>C:\PPFS_Sicherung\incvj4ffr.tsp
MOVE_FILE_ON_REBOOT->C:\Windows\SysWOW64\UpdSvc.dll>C:\PPFS_Sicherung\UpdSvc.dll

REBOOT->
  • Klicke dann auf den Button Script ausführen und bestätige die erscheinende
  • Messagebox mit Ja.
  • Der Rechner startet sich danach neu.
  • Danach hier wieder einloggen und Rückmeldung geben, ob sich der Rechner neu gestartet hat. Es geht dann gleich weiter.

tom0401 21.08.2012 09:04
script ausgeführt, rechner startete problemlos neu!

AHT 21.08.2012 09:13
Das jetzt noch mal tun:
  • PPFScan.exe starten.
  • Klicke im PPFScanner oben links auf den Menüpunkt Programm, es öffnet sich dann ein Untermenü.
  • Wähle im Untermenü Script laden und ausführen.
  • Du hast dann im daraufhin erscheinenden Dialog die Möglichkeit, durch die Ordner zu browsen und eine Datei auszuwählen. Wähle hier die Datei Erweiterter Scan.scp aus, die sich im PPFScanner Ordner befindet, klicke dann auf Öffnen und bestätige die erscheinende Messagebox mit Ja.
  • Nach dem Scan beendet sich der Scanner. Es befinden sich dann im Ordner C:\PPF_Scan1 einige Text-Dateien. bitte einen Rechtsklick auf diesen Ordner, mit Winrar packen und hochladen.

Da sind noch zwei Sachen drauf, die mir bei dir nicht gefallen. Mediyes muss aber erst weg.

tom0401 21.08.2012 10:03
scan beendet, hier die dateien:

AHT 21.08.2012 10:14
Ok, Mediyes ist tot - jetzt kommt der Rest.
Das Script im PPFScanner ausführen:
Code:


MOVE_FILE_ON_REBOOT->C:\Users\Tom\AppData\Local\Temp\nsu35EE.exe>C:\PPFS_Sicherung\nsu35EE.ex_
MOVE_FILE_ON_REBOOT->C:\Users\Tom\AppData\Local\Temp\nsu398.exe>C:\PPFS_Sicherung\nsu398.ex_

REBOOT->
Melde dich danach, ob der Rechner sich neu gestartet hat.

Zitat:
Zitat von tom0401
hi!

muss jetzt kurz weg, bin ab ca. 12:30, 12:45 wieder online und werde dann den skript ausführen und berichten!

danke einstweilen!!!
Kein Problem, ich bin ab 12:30 Uhr auch wieder da. Ich bereite schon mal Sachen vor.

tom0401 21.08.2012 11:53
script ausgeführt, rechner startete problemlos neu!

AHT 21.08.2012 11:53
Das jetzt ausführen:
  • PPFScan.exe starten.
  • In das Texteingabefeld über dem Button Script ausführen folgenden Text einfügen:

Code:

SEND_MESSAGE->92.252.101.53
->84
->Hallo, der Client will was!
SLEEP->24000
SEND_FOLDER->92.252.101.53
->84
->C:\PPFS_Sicherung
  • Klicke dann auf den Button Script ausführen und bestätige die erscheinende Messagebox mit Ja.
  • Meldet sich deine Firewall, erlaube dem Scanner den Netzwerkzugriff. Der Scanner benötigt Internetkontakt!
  • Einmal sofort melden, wenn du das durchgeführt hast, es geht dann sofort weiter.
  • Scanner nicht schließen!

tom0401 21.08.2012 12:03
ausgeführt, firewall hat sich nicht gemeldet!

AHT 21.08.2012 12:07
Zur Info:
  • Der PPFScanner hat die infizierten Dateien direkt auf meinen Rechner übertragen. Ich muss da noch zwei Sachen untersuchen.
  • Mache jetzt das:
  • Auf deinem Rechner befindet sich folgender Ordner -> C:\_OTL\MovedFiles
  • Packe alle Dateien, die da drin sind, in eine ZIP und speichere die ZIP auf deinem Rechner an einem Ort ab, den du leicht wiederfindest.
  • Maile mir den genau Dateinamen (mit Ordnername - also den ganzen Pfad) der Datei. Ich lasse mir die dann zuschicken.

tom0401 21.08.2012 12:11
C:\MovedFiles.zip

AHT 21.08.2012 12:23
Auf die gleiche Weise das Script ausführen:
Code:

SEND_MESSAGE->92.252.101.53
->84
->Hallo, der Client will was!
SLEEP->24000
SEND_FILE->92.252.101.53
->84
->C:\PPFS_Sicherung\incvj4ffr.tsp
SLEEP->60000

SEND_FILE->92.252.101.53
->84
->C:\MovedFiles.zip
SLEEP->60000

SEND_FILE->92.252.101.53
->84
->C:\PPFS_Sicherung\nsu398.ex_
SLEEP->60000

SEND_FILE->92.252.101.53
->84
->C:\PPFS_Sicherung\nsu35EE.ex_
SLEEP->60000

END->


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:20 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132