| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Update TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.07.2012, 14:23
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows Update Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-540894877-694316282-3225767269-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-540894877-694316282-3225767269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-540894877-694316282-3225767269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.04 03:27:16 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010.09.20 09:59:24 | 000,000,062 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{109efde8-fda1-11e0-b055-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{109efde8-fda1-11e0-b055-806e6f6e6963}\Shell\AutoRun\command - "" = D:\cdstart.exe -- [2010.10.04 03:14:24 | 001,419,984 | R--- | M] ()
[2012.06.03 18:32:54 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325
[2012.06.03 18:32:54 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324
[2012.06.03 18:32:54 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323
[2012.06.03 18:32:54 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322
[2012.06.03 18:32:54 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321
[2012.06.03 18:32:54 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320
[1601.02.13 10:28:18 | 000,017,408 | ---- | C] () -- C:\Users\Marco\AppData\Local\ArTtLerofJsfjX
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.07.2012, 15:32
| #17 |
 | Windows Update Trojaner Dies ist dabei rausgekommen.
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-540894877-694316282-3225767269-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-540894877-694316282-3225767269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-540894877-694316282-3225767269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
F:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{109efde8-fda1-11e0-b055-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{109efde8-fda1-11e0-b055-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{109efde8-fda1-11e0-b055-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{109efde8-fda1-11e0-b055-806e6f6e6963}\ not found.
File move failed. D:\cdstart.exe scheduled to be moved on reboot.
C:\Windows\SysWOW64\winsh325 moved successfully.
C:\Windows\SysWOW64\winsh324 moved successfully.
C:\Windows\SysWOW64\winsh323 moved successfully.
C:\Windows\SysWOW64\winsh322 moved successfully.
C:\Windows\SysWOW64\winsh321 moved successfully.
C:\Windows\SysWOW64\winsh320 moved successfully.
C:\Users\Marco\AppData\Local\ArTtLerofJsfjX moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marco
->Temp folder emptied: 1020186114 bytes
->Temporary Internet Files folder emptied: 74556709 bytes
->Java cache emptied: 76201 bytes
->FireFox cache emptied: 121875952 bytes
->Flash cache emptied: 90281 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 849547840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 729963035 bytes
Total Files Cleaned = 2.667,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Marco
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.0 log created on 07012012_162825
Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\cdstart.exe scheduled to be moved on reboot.
C:\Users\Marco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2010.09.20 09:59:24 | 000,000,062 | R--- | M] () D:\autorun.inf : MD5=11D8C839E7F7C332D098B741805864CE
[2010.10.04 03:14:24 | 001,419,984 | R--- | M] () D:\cdstart.exe : MD5=4F632C0823836218A9C2985C90901A6D
File C:\Users\Marco\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
01.07.2012, 16:28
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
08.07.2012, 14:14
| #19 |
| | Windows Update Trojaner Hier ist der Report er hat auch was gefunden. Code:
ATTFilter 15:11:16.0194 3132 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
15:11:16.0437 3132 ============================================================
15:11:16.0437 3132 Current date / time: 2012/07/08 15:11:16.0437
15:11:16.0437 3132 SystemInfo:
15:11:16.0437 3132
15:11:16.0437 3132 OS Version: 6.1.7601 ServicePack: 1.0
15:11:16.0437 3132 Product type: Workstation
15:11:16.0437 3132 ComputerName: PC-MARCO
15:11:16.0437 3132 UserName: Marco
15:11:16.0437 3132 Windows directory: C:\Windows
15:11:16.0437 3132 System windows directory: C:\Windows
15:11:16.0437 3132 Running under WOW64
15:11:16.0437 3132 Processor architecture: Intel x64
15:11:16.0437 3132 Number of processors: 2
15:11:16.0437 3132 Page size: 0x1000
15:11:16.0437 3132 Boot type: Normal boot
15:11:16.0437 3132 ============================================================
15:11:16.0880 3132 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:16.0888 3132 Drive \Device\Harddisk1\DR1 - Size: 0x1315637E00 (76.33 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:16.0889 3132 Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:16.0894 3132 ============================================================
15:11:16.0894 3132 \Device\Harddisk0\DR0:
15:11:16.0894 3132 MBR partitions:
15:11:16.0894 3132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
15:11:16.0894 3132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E034800
15:11:16.0894 3132 \Device\Harddisk1\DR1:
15:11:16.0894 3132 MBR partitions:
15:11:16.0894 3132 \Device\Harddisk2\DR2:
15:11:16.0894 3132 MBR partitions:
15:11:16.0894 3132 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:11:16.0894 3132 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
15:11:16.0894 3132 ============================================================
15:11:16.0895 3132 C: <-> \Device\Harddisk2\DR2\Partition1
15:11:16.0915 3132 F: <-> \Device\Harddisk0\DR0\Partition0
15:11:16.0956 3132 H: <-> \Device\Harddisk0\DR0\Partition1
15:11:16.0957 3132 ============================================================
15:11:16.0957 3132 Initialize success
15:11:16.0957 3132 ============================================================
15:12:17.0855 4872 ============================================================
15:12:17.0855 4872 Scan started
15:12:17.0855 4872 Mode: Manual; SigCheck; TDLFS;
15:12:17.0855 4872 ============================================================
15:12:17.0988 4872 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:12:18.0113 4872 1394ohci - ok
15:12:18.0129 4872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:12:18.0144 4872 ACPI - ok
15:12:18.0148 4872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:12:18.0170 4872 AcpiPmi - ok
15:12:18.0176 4872 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:12:18.0186 4872 AdobeARMservice - ok
15:12:18.0213 4872 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:12:18.0227 4872 AdobeFlashPlayerUpdateSvc - ok
15:12:18.0246 4872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:12:18.0266 4872 adp94xx - ok
15:12:18.0282 4872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:12:18.0299 4872 adpahci - ok
15:12:18.0309 4872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:12:18.0323 4872 adpu320 - ok
15:12:18.0331 4872 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:12:18.0393 4872 AeLookupSvc - ok
15:12:18.0413 4872 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:12:18.0432 4872 AFD - ok
15:12:18.0440 4872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:12:18.0451 4872 agp440 - ok
15:12:18.0457 4872 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:12:18.0478 4872 ALG - ok
15:12:18.0482 4872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:12:18.0492 4872 aliide - ok
15:12:18.0497 4872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:12:18.0507 4872 amdide - ok
15:12:18.0513 4872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:12:18.0527 4872 AmdK8 - ok
15:12:18.0532 4872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:12:18.0553 4872 AmdPPM - ok
15:12:18.0561 4872 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:12:18.0580 4872 amdsata - ok
15:12:18.0590 4872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:12:18.0604 4872 amdsbs - ok
15:12:18.0608 4872 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:12:18.0619 4872 amdxata - ok
15:12:18.0625 4872 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:12:18.0687 4872 AppID - ok
15:12:18.0691 4872 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:12:18.0724 4872 AppIDSvc - ok
15:12:18.0729 4872 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:12:18.0762 4872 Appinfo - ok
15:12:18.0773 4872 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:12:18.0788 4872 AppMgmt - ok
15:12:18.0794 4872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:12:18.0805 4872 arc - ok
15:12:18.0812 4872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:12:18.0824 4872 arcsas - ok
15:12:18.0843 4872 AsIO (68726474c69b738eac3a62e06b33addc) C:\Windows\syswow64\drivers\AsIO.sys
15:12:19.0145 4872 AsIO - ok
15:12:19.0149 4872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:12:19.0184 4872 AsyncMac - ok
15:12:19.0189 4872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:12:19.0199 4872 atapi - ok
15:12:19.0224 4872 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:12:19.0265 4872 AudioEndpointBuilder - ok
15:12:19.0273 4872 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:12:19.0312 4872 AudioSrv - ok
15:12:19.0319 4872 avmaudio (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
15:12:19.0331 4872 avmaudio - ok
15:12:19.0344 4872 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
15:12:19.0358 4872 AVP - ok
15:12:19.0368 4872 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:12:19.0388 4872 AxInstSV - ok
15:12:19.0408 4872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:12:19.0429 4872 b06bdrv - ok
15:12:19.0441 4872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:12:19.0457 4872 b57nd60a - ok
15:12:19.0467 4872 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:12:19.0481 4872 BDESVC - ok
15:12:19.0484 4872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:12:19.0517 4872 Beep - ok
15:12:19.0547 4872 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:12:19.0604 4872 BFE - ok
15:12:19.0641 4872 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:12:19.0685 4872 BITS - ok
15:12:19.0692 4872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:12:19.0705 4872 blbdrive - ok
15:12:19.0712 4872 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:12:19.0728 4872 bowser - ok
15:12:19.0732 4872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:12:19.0747 4872 BrFiltLo - ok
15:12:19.0751 4872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:12:19.0768 4872 BrFiltUp - ok
15:12:19.0776 4872 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:12:19.0808 4872 Browser - ok
15:12:19.0820 4872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:12:19.0838 4872 Brserid - ok
15:12:19.0843 4872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:12:19.0858 4872 BrSerWdm - ok
15:12:19.0863 4872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:12:19.0878 4872 BrUsbMdm - ok
15:12:19.0882 4872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:12:19.0896 4872 BrUsbSer - ok
15:12:19.0902 4872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:12:19.0917 4872 BTHMODEM - ok
15:12:19.0927 4872 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:12:19.0960 4872 bthserv - ok
15:12:19.0966 4872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:12:19.0999 4872 cdfs - ok
15:12:20.0008 4872 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:12:20.0021 4872 cdrom - ok
15:12:20.0028 4872 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:12:20.0060 4872 CertPropSvc - ok
15:12:20.0065 4872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:12:20.0081 4872 circlass - ok
15:12:20.0097 4872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:12:20.0113 4872 CLFS - ok
15:12:20.0123 4872 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:12:20.0135 4872 clr_optimization_v2.0.50727_32 - ok
15:12:20.0143 4872 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:12:20.0155 4872 clr_optimization_v2.0.50727_64 - ok
15:12:20.0165 4872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:12:20.0180 4872 clr_optimization_v4.0.30319_32 - ok
15:12:20.0188 4872 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:12:20.0199 4872 clr_optimization_v4.0.30319_64 - ok
15:12:20.0204 4872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:12:20.0218 4872 CmBatt - ok
15:12:20.0223 4872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:12:20.0233 4872 cmdide - ok
15:12:20.0253 4872 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:12:20.0278 4872 CNG - ok
15:12:20.0285 4872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:12:20.0296 4872 Compbatt - ok
15:12:20.0300 4872 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:12:20.0317 4872 CompositeBus - ok
15:12:20.0321 4872 COMSysApp - ok
15:12:20.0327 4872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:12:20.0339 4872 crcdisk - ok
15:12:20.0351 4872 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:12:20.0366 4872 CryptSvc - ok
15:12:20.0386 4872 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:12:20.0406 4872 CSC - ok
15:12:20.0429 4872 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:12:20.0450 4872 CscService - ok
15:12:20.0474 4872 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:12:20.0514 4872 DcomLaunch - ok
15:12:20.0528 4872 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:12:20.0565 4872 defragsvc - ok
15:12:20.0578 4872 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:12:20.0610 4872 DfsC - ok
15:12:20.0624 4872 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:12:20.0661 4872 Dhcp - ok
15:12:20.0666 4872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:12:20.0700 4872 discache - ok
15:12:20.0706 4872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:12:20.0719 4872 Disk - ok
15:12:20.0725 4872 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:12:20.0739 4872 dmvsc - ok
15:12:20.0749 4872 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:12:20.0764 4872 Dnscache - ok
15:12:20.0778 4872 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:12:20.0813 4872 dot3svc - ok
15:12:20.0822 4872 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:12:20.0854 4872 DPS - ok
15:12:20.0858 4872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:12:20.0872 4872 drmkaud - ok
15:12:20.0908 4872 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:12:20.0930 4872 DXGKrnl - ok
15:12:20.0938 4872 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:12:20.0973 4872 EapHost - ok
15:12:21.0071 4872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:12:21.0126 4872 ebdrv - ok
15:12:21.0150 4872 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:12:21.0163 4872 EFS - ok
15:12:21.0188 4872 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:12:21.0211 4872 ehRecvr - ok
15:12:21.0219 4872 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:12:21.0234 4872 ehSched - ok
15:12:21.0258 4872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:12:21.0277 4872 elxstor - ok
15:12:21.0284 4872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:12:21.0297 4872 ErrDev - ok
15:12:21.0320 4872 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:12:21.0358 4872 EventSystem - ok
15:12:21.0368 4872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:12:21.0403 4872 exfat - ok
15:12:21.0413 4872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:12:21.0448 4872 fastfat - ok
15:12:21.0476 4872 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:12:21.0498 4872 Fax - ok
15:12:21.0503 4872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:12:21.0515 4872 fdc - ok
15:12:21.0519 4872 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:12:21.0555 4872 fdPHost - ok
15:12:21.0559 4872 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:12:21.0591 4872 FDResPub - ok
15:12:21.0596 4872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:12:21.0608 4872 FileInfo - ok
15:12:21.0613 4872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:12:21.0646 4872 Filetrace - ok
15:12:21.0650 4872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:12:21.0663 4872 flpydisk - ok
15:12:21.0676 4872 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:12:21.0691 4872 FltMgr - ok
15:12:21.0730 4872 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:12:21.0759 4872 FontCache - ok
15:12:21.0764 4872 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:12:21.0774 4872 FontCache3.0.0.0 - ok
15:12:21.0801 4872 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
15:12:21.0818 4872 ForceWare Intelligent Application Manager (IAM) - ok
15:12:21.0844 4872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:12:21.0855 4872 FsDepends - ok
15:12:21.0859 4872 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:12:21.0870 4872 Fs_Rec - ok
15:12:21.0881 4872 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:12:21.0898 4872 fvevol - ok
15:12:21.0904 4872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:12:21.0915 4872 gagp30kx - ok
15:12:21.0943 4872 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:12:21.0985 4872 gpsvc - ok
15:12:21.0990 4872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:12:22.0003 4872 hcw85cir - ok
15:12:22.0018 4872 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:12:22.0039 4872 HdAudAddService - ok
15:12:22.0046 4872 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:12:22.0062 4872 HDAudBus - ok
15:12:22.0066 4872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:12:22.0078 4872 HidBatt - ok
15:12:22.0085 4872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:12:22.0101 4872 HidBth - ok
15:12:22.0106 4872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:12:22.0120 4872 HidIr - ok
15:12:22.0125 4872 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:12:22.0158 4872 hidserv - ok
15:12:22.0163 4872 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:12:22.0176 4872 HidUsb - ok
15:12:22.0182 4872 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:12:22.0215 4872 hkmsvc - ok
15:12:22.0227 4872 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:12:22.0243 4872 HomeGroupListener - ok
15:12:22.0253 4872 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:12:22.0269 4872 HomeGroupProvider - ok
15:12:22.0276 4872 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:12:22.0288 4872 HpSAMD - ok
15:12:22.0315 4872 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:12:22.0355 4872 HTTP - ok
15:12:22.0359 4872 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:12:22.0369 4872 hwpolicy - ok
15:12:22.0377 4872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:12:22.0390 4872 i8042prt - ok
15:12:22.0408 4872 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:12:22.0426 4872 iaStorV - ok
15:12:22.0462 4872 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:12:22.0485 4872 idsvc - ok
15:12:22.0491 4872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:12:22.0502 4872 iirsp - ok
15:12:22.0534 4872 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:12:22.0578 4872 IKEEXT - ok
15:12:22.0585 4872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:12:22.0595 4872 intelide - ok
15:12:22.0600 4872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:12:22.0614 4872 intelppm - ok
15:12:22.0621 4872 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:12:22.0655 4872 IPBusEnum - ok
15:12:22.0661 4872 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:12:22.0693 4872 IpFilterDriver - ok
15:12:22.0713 4872 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:12:22.0753 4872 iphlpsvc - ok
15:12:22.0759 4872 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:12:22.0772 4872 IPMIDRV - ok
15:12:22.0780 4872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:12:22.0813 4872 IPNAT - ok
15:12:22.0817 4872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:12:22.0833 4872 IRENUM - ok
15:12:22.0837 4872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:12:22.0849 4872 isapnp - ok
15:12:22.0862 4872 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:12:22.0877 4872 iScsiPrt - ok
15:12:22.0883 4872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:12:22.0893 4872 kbdclass - ok
15:12:22.0898 4872 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:12:22.0915 4872 kbdhid - ok
15:12:22.0919 4872 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:12:22.0932 4872 KeyIso - ok
15:12:22.0951 4872 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
15:12:22.0969 4872 KL1 - ok
15:12:22.0973 4872 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
15:12:22.0981 4872 kl2 - ok
15:12:23.0005 4872 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
15:12:23.0027 4872 KLIF - ok
15:12:23.0032 4872 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
15:12:23.0041 4872 KLIM6 - ok
15:12:23.0045 4872 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
15:12:23.0054 4872 klmouflt - ok
15:12:23.0062 4872 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:12:23.0074 4872 KSecDD - ok
15:12:23.0082 4872 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:12:23.0095 4872 KSecPkg - ok
15:12:23.0100 4872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:12:23.0134 4872 ksthunk - ok
15:12:23.0149 4872 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:12:23.0191 4872 KtmRm - ok
15:12:23.0205 4872 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:12:23.0241 4872 LanmanServer - ok
15:12:23.0248 4872 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:12:23.0283 4872 LanmanWorkstation - ok
15:12:23.0290 4872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:12:23.0323 4872 lltdio - ok
15:12:23.0337 4872 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:12:23.0374 4872 lltdsvc - ok
15:12:23.0378 4872 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:12:23.0411 4872 lmhosts - ok
15:12:23.0422 4872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:12:23.0434 4872 LSI_FC - ok
15:12:23.0441 4872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:12:23.0454 4872 LSI_SAS - ok
15:12:23.0460 4872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:12:23.0472 4872 LSI_SAS2 - ok
15:12:23.0483 4872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:12:23.0495 4872 LSI_SCSI - ok
15:12:23.0502 4872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:12:23.0539 4872 luafv - ok
15:12:23.0545 4872 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:12:23.0556 4872 MBAMProtector - ok
15:12:23.0581 4872 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:12:23.0598 4872 MBAMService - ok
15:12:23.0605 4872 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:12:23.0619 4872 Mcx2Svc - ok
15:12:23.0633 4872 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:12:23.0642 4872 MDM ( UnsignedFile.Multi.Generic ) - warning
15:12:23.0642 4872 MDM - detected UnsignedFile.Multi.Generic (1)
15:12:23.0647 4872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:12:23.0659 4872 megasas - ok
15:12:23.0671 4872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:12:23.0686 4872 MegaSR - ok
15:12:23.0696 4872 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:12:23.0707 4872 Microsoft Office Groove Audit Service - ok
15:12:23.0713 4872 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:12:23.0746 4872 MMCSS - ok
15:12:23.0751 4872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:12:23.0784 4872 Modem - ok
15:12:23.0788 4872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:12:23.0802 4872 monitor - ok
15:12:23.0808 4872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:12:23.0818 4872 mouclass - ok
15:12:23.0822 4872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:12:23.0835 4872 mouhid - ok
15:12:23.0842 4872 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:12:23.0853 4872 mountmgr - ok
15:12:23.0861 4872 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:12:23.0873 4872 MozillaMaintenance - ok
15:12:23.0883 4872 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:12:23.0896 4872 mpio - ok
15:12:23.0907 4872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:12:23.0941 4872 mpsdrv - ok
15:12:23.0972 4872 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:12:24.0015 4872 MpsSvc - ok
15:12:24.0028 4872 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:12:24.0048 4872 MRxDAV - ok
15:12:24.0059 4872 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:12:24.0074 4872 mrxsmb - ok
15:12:24.0087 4872 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:12:24.0103 4872 mrxsmb10 - ok
15:12:24.0111 4872 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:12:24.0125 4872 mrxsmb20 - ok
15:12:24.0129 4872 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:12:24.0140 4872 msahci - ok
15:12:24.0149 4872 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:12:24.0162 4872 msdsm - ok
15:12:24.0171 4872 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:12:24.0195 4872 MSDTC - ok
15:12:24.0204 4872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:12:24.0236 4872 Msfs - ok
15:12:24.0240 4872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:12:24.0271 4872 mshidkmdf - ok
15:12:24.0276 4872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:12:24.0287 4872 msisadrv - ok
15:12:24.0296 4872 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:12:24.0332 4872 MSiSCSI - ok
15:12:24.0341 4872 msiserver - ok
15:12:24.0348 4872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:12:24.0395 4872 MSKSSRV - ok
15:12:24.0398 4872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:12:24.0452 4872 MSPCLOCK - ok
15:12:24.0456 4872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:12:24.0491 4872 MSPQM - ok
15:12:24.0506 4872 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:12:24.0524 4872 MsRPC - ok
15:12:24.0531 4872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:12:24.0541 4872 mssmbios - ok
15:12:24.0545 4872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:12:24.0576 4872 MSTEE - ok
15:12:24.0580 4872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:12:24.0593 4872 MTConfig - ok
15:12:24.0597 4872 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
15:12:24.0605 4872 MTsensor - ok
15:12:24.0611 4872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:12:24.0625 4872 Mup - ok
15:12:24.0645 4872 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:12:24.0684 4872 napagent - ok
15:12:24.0699 4872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:12:24.0720 4872 NativeWifiP - ok
15:12:24.0755 4872 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:12:24.0781 4872 NDIS - ok
15:12:24.0786 4872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:12:24.0818 4872 NdisCap - ok
15:12:24.0822 4872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:12:24.0853 4872 NdisTapi - ok
15:12:24.0859 4872 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:12:24.0892 4872 Ndisuio - ok
15:12:24.0900 4872 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:12:24.0934 4872 NdisWan - ok
15:12:24.0939 4872 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:12:24.0971 4872 NDProxy - ok
15:12:24.0976 4872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:12:25.0008 4872 NetBIOS - ok
15:12:25.0020 4872 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:12:25.0056 4872 NetBT - ok
15:12:25.0061 4872 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:12:25.0073 4872 Netlogon - ok
15:12:25.0089 4872 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:12:25.0127 4872 Netman - ok
15:12:25.0147 4872 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:12:25.0187 4872 netprofm - ok
15:12:25.0195 4872 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:12:25.0205 4872 NetTcpPortSharing - ok
15:12:25.0213 4872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:12:25.0226 4872 nfrd960 - ok
15:12:25.0241 4872 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:12:25.0277 4872 NlaSvc - ok
15:12:25.0282 4872 nmwcd (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
15:12:25.0309 4872 nmwcd - ok
15:12:25.0313 4872 nmwcdc (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
15:12:25.0338 4872 nmwcdc - ok
15:12:25.0342 4872 nmwcdnsucx64 (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:12:25.0369 4872 nmwcdnsucx64 - ok
15:12:25.0379 4872 nmwcdnsux64 (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
15:12:25.0405 4872 nmwcdnsux64 - ok
15:12:25.0412 4872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:12:25.0448 4872 Npfs - ok
15:12:25.0452 4872 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:12:25.0486 4872 nsi - ok
15:12:25.0490 4872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:12:25.0525 4872 nsiproxy - ok
15:12:25.0536 4872 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
15:12:25.0548 4872 nSvcIp - ok
15:12:25.0606 4872 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:12:25.0644 4872 Ntfs - ok
15:12:25.0669 4872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:12:25.0702 4872 Null - ok
15:12:25.0721 4872 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:12:25.0740 4872 NVENETFD - ok
15:12:26.0085 4872 nvlddmkm (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:12:26.0240 4872 nvlddmkm - ok
15:12:26.0277 4872 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
15:12:26.0291 4872 NVNET - ok
15:12:26.0302 4872 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:12:26.0315 4872 nvraid - ok
15:12:26.0320 4872 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
15:12:26.0329 4872 nvsmu - ok
15:12:26.0338 4872 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:12:26.0352 4872 nvstor - ok
15:12:26.0362 4872 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
15:12:26.0374 4872 nvstor64 - ok
15:12:26.0390 4872 nvsvc (57d0d222a9f22113fe3b55488dbfd761) C:\Windows\system32\nvvsvc.exe
15:12:26.0405 4872 nvsvc - ok
15:12:26.0478 4872 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:12:26.0514 4872 nvUpdatusService - ok
15:12:26.0542 4872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:12:26.0554 4872 nv_agp - ok
15:12:26.0574 4872 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:12:26.0591 4872 odserv - ok
15:12:26.0598 4872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:12:26.0611 4872 ohci1394 - ok
15:12:26.0620 4872 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:12:26.0632 4872 ose - ok
15:12:26.0650 4872 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:12:26.0668 4872 p2pimsvc - ok
15:12:26.0687 4872 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:12:26.0706 4872 p2psvc - ok
15:12:26.0713 4872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:12:26.0727 4872 Parport - ok
15:12:26.0733 4872 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:12:26.0745 4872 partmgr - ok
15:12:26.0754 4872 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:12:26.0775 4872 PcaSvc - ok
15:12:26.0780 4872 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:12:26.0790 4872 pccsmcfd - ok
15:12:26.0800 4872 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:12:26.0814 4872 pci - ok
15:12:26.0818 4872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:12:26.0829 4872 pciide - ok
15:12:26.0839 4872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:12:26.0854 4872 pcmcia - ok
15:12:26.0859 4872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:12:26.0870 4872 pcw - ok
15:12:26.0897 4872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:12:26.0941 4872 PEAUTH - ok
15:12:26.0987 4872 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:12:27.0018 4872 PeerDistSvc - ok
15:12:27.0039 4872 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:12:27.0052 4872 PerfHost - ok
15:12:27.0130 4872 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:12:27.0183 4872 pla - ok
15:12:27.0206 4872 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:12:27.0225 4872 PlugPlay - ok
15:12:27.0230 4872 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:12:27.0243 4872 PNRPAutoReg - ok
15:12:27.0257 4872 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:12:27.0273 4872 PNRPsvc - ok
15:12:27.0293 4872 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:12:27.0332 4872 PolicyAgent - ok
15:12:27.0344 4872 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:12:27.0380 4872 Power - ok
15:12:27.0390 4872 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:12:27.0423 4872 PptpMiniport - ok
15:12:27.0428 4872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:12:27.0445 4872 Processor - ok
15:12:27.0455 4872 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:12:27.0471 4872 ProfSvc - ok
15:12:27.0475 4872 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:12:27.0487 4872 ProtectedStorage - ok
15:12:27.0495 4872 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:12:27.0534 4872 Psched - ok
15:12:27.0589 4872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:12:27.0625 4872 ql2300 - ok
15:12:27.0653 4872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:12:27.0666 4872 ql40xx - ok
15:12:27.0680 4872 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:12:27.0706 4872 QWAVE - ok
15:12:27.0712 4872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:12:27.0729 4872 QWAVEdrv - ok
15:12:27.0733 4872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:12:27.0766 4872 RasAcd - ok
15:12:27.0773 4872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:12:27.0809 4872 RasAgileVpn - ok
15:12:27.0816 4872 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:12:27.0850 4872 RasAuto - ok
15:12:27.0858 4872 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:12:27.0890 4872 Rasl2tp - ok
15:12:27.0905 4872 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:12:27.0941 4872 RasMan - ok
15:12:27.0948 4872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:12:27.0985 4872 RasPppoe - ok
15:12:27.0991 4872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:12:28.0027 4872 RasSstp - ok
15:12:28.0041 4872 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:12:28.0080 4872 rdbss - ok
15:12:28.0086 4872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:12:28.0107 4872 rdpbus - ok
15:12:28.0111 4872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:12:28.0146 4872 RDPCDD - ok
15:12:28.0158 4872 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:12:28.0174 4872 RDPDR - ok
15:12:28.0179 4872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:12:28.0212 4872 RDPENCDD - ok
15:12:28.0218 4872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:12:28.0249 4872 RDPREFMP - ok
15:12:28.0259 4872 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:12:28.0275 4872 RDPWD - ok
15:12:28.0286 4872 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:12:28.0300 4872 rdyboost - ok
15:12:28.0310 4872 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:12:28.0344 4872 RemoteAccess - ok
15:12:28.0353 4872 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:12:28.0389 4872 RemoteRegistry - ok
15:12:28.0396 4872 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:12:28.0432 4872 RpcEptMapper - ok
15:12:28.0438 4872 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:12:28.0457 4872 RpcLocator - ok
15:12:28.0477 4872 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:12:28.0514 4872 RpcSs - ok
15:12:28.0521 4872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:12:28.0555 4872 rspndr - ok
15:12:28.0559 4872 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:12:28.0570 4872 s3cap - ok
15:12:28.0575 4872 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:12:28.0587 4872 SamSs - ok
15:12:28.0594 4872 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:12:28.0606 4872 sbp2port - ok
15:12:28.0617 4872 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:12:28.0652 4872 SCardSvr - ok
15:12:28.0656 4872 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:12:28.0689 4872 scfilter - ok
15:12:28.0729 4872 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:12:28.0776 4872 Schedule - ok
15:12:28.0782 4872 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:12:28.0815 4872 SCPolicySvc - ok
15:12:28.0824 4872 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:12:28.0840 4872 SDRSVC - ok
15:12:28.0847 4872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:12:28.0879 4872 secdrv - ok
15:12:28.0884 4872 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:12:28.0915 4872 seclogon - ok
15:12:28.0921 4872 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:12:28.0958 4872 SENS - ok
15:12:28.0962 4872 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:12:28.0976 4872 SensrSvc - ok
15:12:28.0981 4872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:12:28.0994 4872 Serenum - ok
15:12:29.0001 4872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:12:29.0014 4872 Serial - ok
15:12:29.0018 4872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:12:29.0030 4872 sermouse - ok
15:12:29.0057 4872 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:12:29.0077 4872 ServiceLayer - ok
15:12:29.0093 4872 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:12:29.0127 4872 SessionEnv - ok
15:12:29.0131 4872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:12:29.0146 4872 sffdisk - ok
15:12:29.0149 4872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:12:29.0164 4872 sffp_mmc - ok
15:12:29.0168 4872 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:12:29.0182 4872 sffp_sd - ok
15:12:29.0186 4872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:12:29.0199 4872 sfloppy - ok
15:12:29.0219 4872 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:12:29.0257 4872 SharedAccess - ok
15:12:29.0275 4872 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:12:29.0312 4872 ShellHWDetection - ok
15:12:29.0318 4872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:12:29.0329 4872 SiSRaid2 - ok
15:12:29.0335 4872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:12:29.0348 4872 SiSRaid4 - ok
15:12:29.0354 4872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:12:29.0388 4872 Smb - ok
15:12:29.0397 4872 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:12:29.0412 4872 SNMPTRAP - ok
15:12:29.0416 4872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:12:29.0427 4872 spldr - ok
15:12:29.0449 4872 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:12:29.0486 4872 Spooler - ok
15:12:29.0612 4872 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:12:29.0680 4872 sppsvc - ok
15:12:29.0705 4872 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:12:29.0739 4872 sppuinotify - ok
15:12:29.0761 4872 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:12:29.0782 4872 srv - ok
15:12:29.0799 4872 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:12:29.0816 4872 srv2 - ok
15:12:29.0826 4872 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:12:29.0839 4872 srvnet - ok
15:12:29.0850 4872 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:12:29.0886 4872 SSDPSRV - ok
15:12:29.0893 4872 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:12:29.0927 4872 SstpSvc - ok
15:12:29.0940 4872 Stereo Service (f9506327bb18c51ed720cb9e83bbab66) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:12:29.0951 4872 Stereo Service - ok
15:12:29.0956 4872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:12:29.0967 4872 stexstor - ok
15:12:29.0990 4872 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:12:30.0016 4872 stisvc - ok
15:12:30.0021 4872 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:12:30.0033 4872 storflt - ok
15:12:30.0037 4872 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:12:30.0051 4872 StorSvc - ok
15:12:30.0056 4872 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:12:30.0067 4872 storvsc - ok
15:12:30.0071 4872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:12:30.0081 4872 swenum - ok
15:12:30.0101 4872 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:12:30.0141 4872 swprv - ok
15:12:30.0204 4872 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:12:30.0247 4872 SysMain - ok
15:12:30.0276 4872 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:12:30.0295 4872 TabletInputService - ok
15:12:30.0309 4872 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:12:30.0347 4872 TapiSrv - ok
15:12:30.0353 4872 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:12:30.0386 4872 TBS - ok
15:12:30.0454 4872 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:12:30.0497 4872 Tcpip - ok
15:12:30.0582 4872 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:12:30.0616 4872 TCPIP6 - ok
15:12:30.0644 4872 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:12:30.0675 4872 tcpipreg - ok
15:12:30.0682 4872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:12:30.0696 4872 TDPIPE - ok
15:12:30.0701 4872 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:12:30.0714 4872 TDTCP - ok
15:12:30.0721 4872 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:12:30.0753 4872 tdx - ok
15:12:30.0758 4872 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:12:30.0769 4872 TermDD - ok
15:12:30.0794 4872 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:12:30.0836 4872 TermService - ok
15:12:30.0841 4872 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:12:30.0860 4872 Themes - ok
15:12:30.0866 4872 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:12:30.0900 4872 THREADORDER - ok
15:12:30.0906 4872 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Users\Marco\TomTom HOME 2\TomTomHOMEService.exe
15:12:30.0916 4872 TomTomHOMEService - ok
15:12:30.0924 4872 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:12:30.0960 4872 TrkWks - ok
15:12:30.0969 4872 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:12:31.0002 4872 TrustedInstaller - ok
15:12:31.0009 4872 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:12:31.0041 4872 tssecsrv - ok
15:12:31.0047 4872 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:12:31.0060 4872 TsUsbFlt - ok
15:12:31.0065 4872 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:12:31.0077 4872 TsUsbGD - ok
15:12:31.0085 4872 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:12:31.0120 4872 tunnel - ok
15:12:31.0125 4872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:12:31.0137 4872 uagp35 - ok
15:12:31.0152 4872 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:12:31.0187 4872 udfs - ok
15:12:31.0198 4872 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:12:31.0213 4872 UI0Detect - ok
15:12:31.0219 4872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:12:31.0231 4872 uliagpkx - ok
15:12:31.0236 4872 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:12:31.0249 4872 umbus - ok
15:12:31.0253 4872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:12:31.0267 4872 UmPass - ok
15:12:31.0278 4872 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:12:31.0295 4872 UmRdpService - ok
15:12:31.0314 4872 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:12:31.0353 4872 upnphost - ok
15:12:31.0358 4872 upperdev (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:12:31.0382 4872 upperdev - ok
15:12:31.0390 4872 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:12:31.0404 4872 usbccgp - ok
15:12:31.0411 4872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:12:31.0427 4872 usbcir - ok
15:12:31.0432 4872 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:12:31.0445 4872 usbehci - ok
15:12:31.0461 4872 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:12:31.0478 4872 usbhub - ok
15:12:31.0486 4872 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:12:31.0498 4872 usbohci - ok
15:12:31.0502 4872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:12:31.0517 4872 usbprint - ok
15:12:31.0528 4872 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:12:31.0543 4872 usbscan - ok
15:12:31.0554 4872 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
15:12:31.0567 4872 usbser - ok
15:12:31.0570 4872 UsbserFilt (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:12:31.0594 4872 UsbserFilt - ok
15:12:31.0601 4872 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:12:31.0614 4872 USBSTOR - ok
15:12:31.0618 4872 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:12:31.0631 4872 usbuhci - ok
15:12:31.0636 4872 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:12:31.0669 4872 UxSms - ok
15:12:31.0673 4872 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:12:31.0685 4872 VaultSvc - ok
15:12:31.0690 4872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:12:31.0701 4872 vdrvroot - ok
15:12:31.0722 4872 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:12:31.0761 4872 vds - ok
15:12:31.0769 4872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:12:31.0783 4872 vga - ok
15:12:31.0787 4872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:12:31.0819 4872 VgaSave - ok
15:12:31.0829 4872 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:12:31.0844 4872 vhdmp - ok
15:12:31.0848 4872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:12:31.0858 4872 viaide - ok
15:12:31.0868 4872 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:12:31.0882 4872 vmbus - ok
15:12:31.0886 4872 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:12:31.0899 4872 VMBusHID - ok
15:12:31.0905 4872 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:12:31.0916 4872 volmgr - ok
15:12:31.0932 4872 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:12:31.0948 4872 volmgrx - ok
15:12:31.0965 4872 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:12:31.0984 4872 volsnap - ok
15:12:31.0993 4872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:12:32.0007 4872 vsmraid - ok
15:12:32.0065 4872 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:12:32.0122 4872 VSS - ok
15:12:32.0150 4872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:12:32.0165 4872 vwifibus - ok
15:12:32.0181 4872 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:12:32.0220 4872 W32Time - ok
15:12:32.0227 4872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:12:32.0242 4872 WacomPen - ok
15:12:32.0248 4872 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:32.0282 4872 WANARP - ok
15:12:32.0285 4872 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:32.0316 4872 Wanarpv6 - ok
15:12:32.0371 4872 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:12:32.0415 4872 wbengine - ok
15:12:32.0446 4872 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:12:32.0467 4872 WbioSrvc - ok
15:12:32.0484 4872 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:12:32.0507 4872 wcncsvc - ok
15:12:32.0512 4872 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:12:32.0529 4872 WcsPlugInService - ok
15:12:32.0539 4872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:12:32.0550 4872 Wd - ok
15:12:32.0575 4872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:12:32.0598 4872 Wdf01000 - ok
15:12:32.0605 4872 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:12:32.0639 4872 WdiServiceHost - ok
15:12:32.0642 4872 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:12:32.0660 4872 WdiSystemHost - ok
15:12:32.0673 4872 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:12:32.0695 4872 WebClient - ok
15:12:32.0706 4872 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:12:32.0743 4872 Wecsvc - ok
15:12:32.0752 4872 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:12:32.0789 4872 wercplsupport - ok
15:12:32.0798 4872 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:12:32.0832 4872 WerSvc - ok
15:12:32.0841 4872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:12:32.0872 4872 WfpLwf - ok
15:12:32.0876 4872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:12:32.0887 4872 WIMMount - ok
15:12:32.0891 4872 WinDefend - ok
15:12:32.0899 4872 WinHttpAutoProxySvc - ok
15:12:32.0916 4872 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:12:32.0951 4872 Winmgmt - ok
15:12:33.0022 4872 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:12:33.0083 4872 WinRM - ok
15:12:33.0118 4872 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:12:33.0133 4872 WinUsb - ok
15:12:33.0166 4872 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:12:33.0197 4872 Wlansvc - ok
15:12:33.0201 4872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:12:33.0213 4872 WmiAcpi - ok
15:12:33.0229 4872 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:12:33.0244 4872 wmiApSrv - ok
15:12:33.0248 4872 WMPNetworkSvc - ok
15:12:33.0255 4872 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:12:33.0269 4872 WPCSvc - ok
15:12:33.0276 4872 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:12:33.0292 4872 WPDBusEnum - ok
15:12:33.0297 4872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:12:33.0329 4872 ws2ifsl - ok
15:12:33.0336 4872 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:12:33.0355 4872 wscsvc - ok
15:12:33.0358 4872 WSearch - ok
15:12:33.0441 4872 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:12:33.0495 4872 wuauserv - ok
15:12:33.0531 4872 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:12:33.0563 4872 WudfPf - ok
15:12:33.0573 4872 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:12:33.0608 4872 WUDFRd - ok
15:12:33.0615 4872 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:12:33.0648 4872 wudfsvc - ok
15:12:33.0660 4872 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:12:33.0682 4872 WwanSvc - ok
15:12:33.0691 4872 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:12:33.0936 4872 \Device\Harddisk0\DR0 - ok
15:12:33.0940 4872 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
15:12:34.0020 4872 \Device\Harddisk1\DR1 - ok
15:12:34.0024 4872 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
15:12:34.0131 4872 \Device\Harddisk2\DR2 - ok
15:12:34.0135 4872 Boot (0x1200) (41d936185e8e2e0763297499f92cb038) \Device\Harddisk0\DR0\Partition0
15:12:34.0137 4872 \Device\Harddisk0\DR0\Partition0 - ok
15:12:34.0140 4872 Boot (0x1200) (346207f82d21337bb8ee37fcfb457374) \Device\Harddisk0\DR0\Partition1
15:12:34.0142 4872 \Device\Harddisk0\DR0\Partition1 - ok
15:12:34.0146 4872 Boot (0x1200) (589d52e97d813cb80b142a74bfbdf468) \Device\Harddisk2\DR2\Partition0
15:12:34.0147 4872 \Device\Harddisk2\DR2\Partition0 - ok
15:12:34.0152 4872 Boot (0x1200) (86dad7e3150e63d55ac7640bff90bb32) \Device\Harddisk2\DR2\Partition1
15:12:34.0154 4872 \Device\Harddisk2\DR2\Partition1 - ok
15:12:34.0155 4872 ============================================================
15:12:34.0155 4872 Scan finished
15:12:34.0155 4872 ============================================================
15:12:34.0168 2376 Detected object count: 1
15:12:34.0168 2376 Actual detected object count: 1
15:12:58.0720 2376 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:58.0720 2376 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.07.2012, 11:47
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2012, 13:33
| #21 |
| | Windows Update Trojaner Dies ist rausgekommen Combofix Logfile: Code:
ATTFilter ComboFix 12-07-14.01 - Marco 15.07.2012 13:46:50.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2737 [GMT 2:00]
ausgeführt von:: c:\users\Marco\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-15 bis 2012-07-15 ))))))))))))))))))))))))))))))
.
.
2012-07-15 12:28 . 2012-07-15 12:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-15 11:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F82F08-3E1B-4727-A60D-A52B647D9E15}\mpengine.dll
2012-07-10 18:39 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-10 17:44 . 2012-07-10 17:44 -------- d-----w- c:\program files (x86)\PLAY
2012-07-10 17:34 . 2012-07-10 17:34 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-10 17:34 . 2012-07-10 17:34 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-10 17:33 . 2012-07-10 17:33 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-07-08 14:41 . 2012-07-08 14:41 -------- d-----w- c:\users\Marco\AppData\Roaming\Need for Speed World
2012-07-08 14:07 . 2012-07-08 14:07 -------- d-----w- c:\users\Marco\AppData\Local\Electronic_Arts_Inc
2012-07-08 14:06 . 2012-07-08 14:06 -------- d-----w- c:\programdata\Electronic Arts
2012-07-08 14:06 . 2012-07-08 14:06 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-07-01 14:28 . 2012-07-01 14:28 -------- d-----w- C:\_OTL
2012-06-27 18:33 . 2012-07-10 18:07 -------- d-----w- c:\program files (x86)\Agrar Simulator 2012
2012-06-26 19:14 . 2012-06-26 19:15 -------- d-----w- c:\program files (x86)\Agrar Simulator 2012 Demo
2012-06-24 18:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 18:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 18:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 18:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 18:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 18:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 18:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 18:10 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 18:10 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 14:09 . 2012-06-17 14:09 -------- d-----w- c:\program files (x86)\ESET
2012-06-17 14:00 . 2012-06-17 14:00 -------- d-----w- c:\users\Marco\AppData\Roaming\Malwarebytes
2012-06-17 14:00 . 2012-06-17 14:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-17 14:00 . 2012-06-17 14:00 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 14:00 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 20:48 . 2012-04-12 20:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 20:48 . 2011-10-23 18:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 04:01 . 2012-06-14 18:24 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-14 18:24 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-15 01:32 . 2012-06-14 18:24 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 10:21 . 2012-05-01 19:18 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2012-03-23 20:01 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-14 18:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 18:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 18:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 18:24 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 18:24 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 18:24 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 18:24 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 18:24 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 18:24 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 18:24 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 18:24 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 18:24 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 18:24 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 18:24 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-14 18:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-14 18:24 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"TomTomHOME.exe"="c:\users\Marco\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 TomTomHOMEService;TomTomHOMEService;c:\users\Marco\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-10 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-10-23 116096]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 20:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\fccgf0qa.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AVMUSBFernanschluss - c:\users\Marco\AppData\Local\Apps\2.0\44BNM185.HY5\008L5WW2.2GM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe
AddRemove-{AEF59382-3FF1-4EBF-A93E-CCC474DCEA3F}_is1 - g:\bau-simulator 2012\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-15 14:31:11
ComboFix-quarantined-files.txt 2012-07-15 12:31
.
Vor Suchlauf: 10 Verzeichnis(se), 63.498.027.008 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 63.328.002.048 Bytes frei
.
- - End Of File - - F4F5F6C7F283B6477D2032E81ACCFDBC
|
|
15.07.2012, 17:42
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update Trojaner Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Filelook::
c:\windows\SysWow64\Drivers\atapi.sys
Folder::
c:\windows\1C4551A64743409391E41477CD655043.TMP
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2012, 21:10
| #23 |
| | Windows Update Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 12-07-14.01 - Marco 15.07.2012 22:02:20.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.3095 [GMT 2:00]
ausgeführt von:: c:\users\Marco\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Marco\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-15 bis 2012-07-15 ))))))))))))))))))))))))))))))
.
.
2012-07-15 20:06 . 2012-07-15 20:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-15 20:06 . 2012-07-15 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 11:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F82F08-3E1B-4727-A60D-A52B647D9E15}\mpengine.dll
2012-07-10 18:39 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-10 17:44 . 2012-07-10 17:44 -------- d-----w- c:\program files (x86)\PLAY
2012-07-10 17:34 . 2012-07-10 17:34 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-10 17:34 . 2012-07-10 17:34 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-08 14:41 . 2012-07-08 14:41 -------- d-----w- c:\users\Marco\AppData\Roaming\Need for Speed World
2012-07-08 14:07 . 2012-07-08 14:07 -------- d-----w- c:\users\Marco\AppData\Local\Electronic_Arts_Inc
2012-07-08 14:06 . 2012-07-08 14:06 -------- d-----w- c:\programdata\Electronic Arts
2012-07-08 14:06 . 2012-07-08 14:06 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-07-01 14:28 . 2012-07-01 14:28 -------- d-----w- C:\_OTL
2012-06-27 18:33 . 2012-07-10 18:07 -------- d-----w- c:\program files (x86)\Agrar Simulator 2012
2012-06-26 19:14 . 2012-06-26 19:15 -------- d-----w- c:\program files (x86)\Agrar Simulator 2012 Demo
2012-06-24 18:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 18:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 18:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 18:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 18:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 18:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 18:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 18:10 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 18:10 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 14:09 . 2012-06-17 14:09 -------- d-----w- c:\program files (x86)\ESET
2012-06-17 14:00 . 2012-06-17 14:00 -------- d-----w- c:\users\Marco\AppData\Roaming\Malwarebytes
2012-06-17 14:00 . 2012-06-17 14:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-17 14:00 . 2012-06-17 14:00 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 14:00 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 13:48 . 2012-04-12 20:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 13:48 . 2011-10-23 18:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 04:01 . 2012-06-14 18:24 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-14 18:24 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-15 01:32 . 2012-06-14 18:24 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 10:21 . 2012-05-01 19:18 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2012-03-23 20:01 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-14 18:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 18:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 18:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 18:24 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 18:24 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 18:24 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 18:24 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 18:24 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 18:24 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 18:24 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 18:24 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 18:24 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 18:24 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 18:24 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-14 18:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-14 18:24 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_12.28.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-23 20:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-15 13:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-23 20:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-15 13:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-23 20:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-15 13:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-15 14:34 35350 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-15 18:07 51928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-23 18:04 . 2012-07-15 19:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 18:04 . 2012-07-15 11:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-01 14:32 . 2012-07-15 11:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-01 14:32 . 2012-07-15 19:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-15 19:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-15 11:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 18:06 . 2012-07-15 18:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 18:06 . 2012-07-15 11:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-23 18:06 . 2012-07-15 18:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-23 18:06 . 2012-07-15 11:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-23 18:06 . 2012-07-15 18:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-23 18:06 . 2012-07-15 11:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 18:09 . 2012-07-15 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 18:09 . 2012-07-15 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 18:09 . 2012-07-15 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 18:09 . 2012-07-15 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 18:11 . 2012-07-15 18:07 7794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-540894877-694316282-3225767269-1000_UserData.bin
+ 2012-07-15 14:32 . 2012-07-15 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-15 11:38 . 2012-07-15 11:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 14:32 . 2012-07-15 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-15 11:38 . 2012-07-15 11:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-15 13:48 . 2012-07-15 13:48 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-15 12:48 . 2012-07-15 12:48 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-15 12:48 . 2012-07-15 12:48 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
- 2012-04-12 20:39 . 2012-06-23 20:48 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-12 20:39 . 2012-07-15 13:48 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-10-26 16:34 . 2012-07-15 19:55 277766 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-15 11:42 618936 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-15 18:11 618936 c:\windows\system32\perfh009.dat
+ 2011-04-12 07:43 . 2012-07-15 18:11 657660 c:\windows\system32\perfh007.dat
- 2011-04-12 07:43 . 2012-07-15 11:42 657660 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-07-15 11:42 107256 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-15 18:11 107256 c:\windows\system32\perfc009.dat
+ 2011-04-12 07:43 . 2012-07-15 18:11 131032 c:\windows\system32\perfc007.dat
- 2011-04-12 07:43 . 2012-07-15 11:42 131032 c:\windows\system32\perfc007.dat
+ 2012-07-15 13:48 . 2012-07-15 13:48 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_Plugin.exe
+ 2012-07-15 12:48 . 2012-07-15 12:48 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe
+ 2012-07-15 12:48 . 2012-07-15 12:48 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.dll
- 2009-07-14 05:12 . 2012-07-15 11:40 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-15 19:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-23 18:06 . 2012-07-15 18:06 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-10-23 18:06 . 2012-07-15 11:38 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2012-07-15 14:39 109896 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-07-15 11:37 390388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-15 14:31 390388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-07-01 14:46 . 2012-07-15 11:37 391156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-540894877-694316282-3225767269-1000-8192.dat
+ 2012-07-01 14:46 . 2012-07-15 14:31 391156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-540894877-694316282-3225767269-1000-8192.dat
+ 2012-07-15 13:48 . 2012-07-15 13:48 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2012-07-15 13:48 . 2012-07-15 13:48 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
+ 2012-07-15 13:48 . 2012-07-15 13:48 12314312 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"TomTomHOME.exe"="c:\users\Marco\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 TomTomHOMEService;TomTomHOMEService;c:\users\Marco\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-10 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-10-23 116096]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:48]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\fccgf0qa.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-15 22:08:37
ComboFix-quarantined-files.txt 2012-07-15 20:08
ComboFix2.txt 2012-07-15 12:31
.
Vor Suchlauf: 14 Verzeichnis(se), 65.844.527.104 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 65.499.205.632 Bytes frei
.
- - End Of File - - 4A5CBC6FBF8FEBFDF6E915A7F032CA03
Dies ist rausgekommen |
|
16.07.2012, 13:53
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update Trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2012, 11:07
| #25 |
| | Windows Update TrojanerCode:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/22/2012 at 12:06:50
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Marco - PC-MARCO
# Running from : C:\Users\Marco\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Software
[x64] Key Found : HKCU\Software\Softonic
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\fccgf0qa.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1172 octets] - [22/07/2012 12:06:50]
########## EOF - C:\AdwCleaner[R1].txt - [1300 octets] ##########
|
|
23.07.2012, 14:26
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update Trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2012, 15:37
| #27 |
| | Windows Update TrojanerCode:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/29/2012 at 16:33:34
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Marco - PC-MARCO
# Running from : C:\Users\Marco\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Software
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\fccgf0qa.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1295 octets] - [22/07/2012 12:06:50]
AdwCleaner[S1].txt - [1200 octets] - [29/07/2012 16:33:34]
########## EOF - C:\AdwCleaner[S1].txt - [1328 octets] ##########
|
|
29.07.2012, 19:14
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update Trojaner Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2012, 18:55
| #29 |
| | Windows Update Trojaner Hallo, Sry für die späte Antwort. 1. Ja es geht alles uneingeschränkt. 2. es sind keine leeren Ordner vorhanden Programme sind vorhanden, nur da die Dateien umbenannt wurden kann ich diese nicht öffnen. gruß Marco |
|
03.11.2012, 14:35
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update Trojaner Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows Update Trojaner |
| abgesicherten, ausschalten, datei, dateien, datein, email, erhalte, erhalten, fehler, größte, hoffe, kaspersky, mails, modus, mozilla, reagiert, schnell, starte, starten, suche, troja, trojane, trojaner, update, update trojaner, windows, windows update |
Linear-Darstellung
