| |
| |||||||
Log-Analyse und Auswertung: WIN 7 GVU Trojaner ähnlich 2.04 mit anderem TextWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.07.2012, 14:55
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
MOD - C:\Users\xxxxx\AppData\Local\Temp\glom0_og.exe ()
IE - HKLM\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{1592EB48-0ADE-43C5-A327-5A010716C394}: "URL" = http://www.slaago.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=MruuIucd
IE - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\..\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=1b429399-4a9b-11e1-98b0-001a4d46bea5&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell - "" = AutoRun
O33 - MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\Shell\AutoRun\command - "" = F:\Installer.exe
[2012.07.04 16:25:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.09 15:29:56 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 23:40:56 | 000,001,894 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.12 17:36:44 | 000,000,447 | ---- | C] () -- C:\user.js
[2011.11.04 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5037
[2011.11.04 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\5038
[2011.11.04 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\kock
[2011.11.04 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\UAs
[2011.11.04 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\xmldm
:Files
C:\Users\xxxxx\AppData\Local\Temp\glom0_og.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.07.2012, 15:11
| #17 |
 | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text hallo,
__________________vielen dank schon mal wegen den toolbars hier die logdatei Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1592EB48-0ADE-43C5-A327-5A010716C394}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1592EB48-0ADE-43C5-A327-5A010716C394}\ not found.
Registry key HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B988083-4DEA-41E4-88B3-EB882DA87E6B}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1491276608-1763617303-3872750263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949622b0-06b3-11df-be14-001a4d46bea5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949622b0-06b3-11df-be14-001a4d46bea5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949622b0-06b3-11df-be14-001a4d46bea5}\ not found.
File F:\Installer.exe not found.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\ProgramData\go_0molg.pad moved successfully.
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\user.js moved successfully.
C:\Users\xxxxx\AppData\Roaming\5037\components folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\5037 folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\5038\components folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\5038 folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\kock folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\UAs folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\xmldm folder moved successfully.
========== FILES ==========
C:\Users\xxxxx\AppData\Local\Temp\glom0_og.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: xxxxx
->Temp folder emptied: 14387953336 bytes
->Temporary Internet Files folder emptied: 5928930904 bytes
->Java cache emptied: 76531374 bytes
->FireFox cache emptied: 891057949 bytes
->Opera cache emptied: 20632681 bytes
->Flash cache emptied: 224701 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: UpdatusUser.*****
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 408636811 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 734 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 20.709,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: xxxxx
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
User: UpdatusUser.*****
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07092012_160327
Files\Folders moved on Reboot...
C:\Users\xxxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
PendingFileRenameOperations files...
File C:\Users\xxxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
Registry entries deleted on Reboot...
|
|
09.07.2012, 15:21
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
09.07.2012, 15:56
| #19 |
| | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text tdss-killer logdatei Code:
ATTFilter 16:50:49.0486 2656 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
16:50:49.0834 2656 ============================================================
16:50:49.0834 2656 Current date / time: 2012/07/09 16:50:49.0834
16:50:49.0834 2656 SystemInfo:
16:50:49.0834 2656
16:50:49.0834 2656 OS Version: 6.1.7601 ServicePack: 1.0
16:50:49.0834 2656 Product type: Workstation
16:50:49.0834 2656 ComputerName: *****
16:50:49.0836 2656 UserName: xxxxx
16:50:49.0836 2656 Windows directory: C:\Windows
16:50:49.0836 2656 System windows directory: C:\Windows
16:50:49.0836 2656 Running under WOW64
16:50:49.0836 2656 Processor architecture: Intel x64
16:50:49.0836 2656 Number of processors: 2
16:50:49.0836 2656 Page size: 0x1000
16:50:49.0836 2656 Boot type: Normal boot
16:50:49.0836 2656 ============================================================
16:50:50.0354 2656 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:50:50.0391 2656 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:50:50.0396 2656 ============================================================
16:50:50.0396 2656 \Device\Harddisk0\DR0:
16:50:50.0396 2656 MBR partitions:
16:50:50.0396 2656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:50:50.0396 2656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
16:50:50.0396 2656 \Device\Harddisk1\DR1:
16:50:50.0396 2656 MBR partitions:
16:50:50.0396 2656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
16:50:50.0396 2656 ============================================================
16:50:50.0396 2656 C: <-> \Device\Harddisk0\DR0\Partition1
16:50:50.0426 2656 D: <-> \Device\Harddisk1\DR1\Partition0
16:50:50.0426 2656 ============================================================
16:50:50.0426 2656 Initialize success
16:50:50.0426 2656 ============================================================
16:51:23.0514 40324 ============================================================
16:51:23.0514 40324 Scan started
16:51:23.0514 40324 Mode: Manual; SigCheck; TDLFS;
16:51:23.0514 40324 ============================================================
16:51:24.0084 40324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:51:24.0187 40324 1394ohci - ok
16:51:24.0192 40324 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
16:51:24.0234 40324 acedrv11 - ok
16:51:24.0249 40324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:51:24.0264 40324 ACPI - ok
16:51:24.0269 40324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:51:24.0309 40324 AcpiPmi - ok
16:51:24.0342 40324 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:51:24.0352 40324 AdobeFlashPlayerUpdateSvc - ok
16:51:24.0372 40324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:51:24.0402 40324 adp94xx - ok
16:51:24.0419 40324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:51:24.0437 40324 adpahci - ok
16:51:24.0447 40324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:51:24.0459 40324 adpu320 - ok
16:51:24.0464 40324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:51:24.0569 40324 AeLookupSvc - ok
16:51:24.0592 40324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:51:24.0619 40324 AFD - ok
16:51:24.0624 40324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:51:24.0634 40324 agp440 - ok
16:51:24.0639 40324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:51:24.0652 40324 ALG - ok
16:51:24.0662 40324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:51:24.0672 40324 aliide - ok
16:51:24.0677 40324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:51:24.0679 40324 amdide - ok
16:51:24.0692 40324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:51:24.0707 40324 AmdK8 - ok
16:51:24.0712 40324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:51:24.0744 40324 AmdPPM - ok
16:51:24.0752 40324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:51:24.0762 40324 amdsata - ok
16:51:24.0772 40324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:51:24.0784 40324 amdsbs - ok
16:51:24.0787 40324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:51:24.0797 40324 amdxata - ok
16:51:24.0802 40324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:51:24.0892 40324 AppID - ok
16:51:24.0894 40324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:51:24.0939 40324 AppIDSvc - ok
16:51:24.0939 40324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:51:24.0984 40324 Appinfo - ok
16:51:24.0994 40324 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:51:25.0014 40324 AppMgmt - ok
16:51:25.0022 40324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:51:25.0032 40324 arc - ok
16:51:25.0037 40324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:51:25.0047 40324 arcsas - ok
16:51:25.0062 40324 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:51:25.0074 40324 aspnet_state - ok
16:51:25.0077 40324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:25.0117 40324 AsyncMac - ok
16:51:25.0119 40324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:51:25.0129 40324 atapi - ok
16:51:25.0142 40324 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
16:51:25.0157 40324 atksgt - ok
16:51:25.0184 40324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:51:25.0227 40324 AudioEndpointBuilder - ok
16:51:25.0232 40324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:51:25.0289 40324 AudioSrv - ok
16:51:25.0299 40324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:51:25.0329 40324 AxInstSV - ok
16:51:25.0349 40324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:51:25.0382 40324 b06bdrv - ok
16:51:25.0387 40324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:51:25.0412 40324 b57nd60a - ok
16:51:25.0419 40324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:51:25.0454 40324 BDESVC - ok
16:51:25.0457 40324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:51:25.0502 40324 Beep - ok
16:51:25.0537 40324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:51:25.0579 40324 BFE - ok
16:51:25.0614 40324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:51:25.0669 40324 BITS - ok
16:51:25.0677 40324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:51:25.0699 40324 blbdrive - ok
16:51:25.0704 40324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:51:25.0724 40324 bowser - ok
16:51:25.0732 40324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:51:25.0744 40324 BrFiltLo - ok
16:51:25.0747 40324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:51:25.0769 40324 BrFiltUp - ok
16:51:25.0779 40324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:51:25.0814 40324 Browser - ok
16:51:25.0827 40324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:51:25.0849 40324 Brserid - ok
16:51:25.0854 40324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:51:25.0864 40324 BrSerWdm - ok
16:51:25.0864 40324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:51:25.0899 40324 BrUsbMdm - ok
16:51:25.0904 40324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:51:25.0914 40324 BrUsbSer - ok
16:51:25.0919 40324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:51:25.0937 40324 BTHMODEM - ok
16:51:25.0947 40324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:51:25.0997 40324 bthserv - ok
16:51:26.0002 40324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:51:26.0037 40324 cdfs - ok
16:51:26.0045 40324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:51:26.0067 40324 cdrom - ok
16:51:26.0072 40324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:51:26.0112 40324 CertPropSvc - ok
16:51:26.0117 40324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:51:26.0127 40324 circlass - ok
16:51:26.0145 40324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:51:26.0162 40324 CLFS - ok
16:51:26.0170 40324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:26.0182 40324 clr_optimization_v2.0.50727_32 - ok
16:51:26.0187 40324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:51:26.0200 40324 clr_optimization_v2.0.50727_64 - ok
16:51:26.0212 40324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:26.0225 40324 clr_optimization_v4.0.30319_32 - ok
16:51:26.0237 40324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:51:26.0250 40324 clr_optimization_v4.0.30319_64 - ok
16:51:26.0252 40324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:51:26.0265 40324 CmBatt - ok
16:51:26.0265 40324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:51:26.0277 40324 cmdide - ok
16:51:26.0295 40324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:51:26.0320 40324 CNG - ok
16:51:26.0320 40324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:51:26.0330 40324 Compbatt - ok
16:51:26.0330 40324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:51:26.0370 40324 CompositeBus - ok
16:51:26.0372 40324 COMSysApp - ok
16:51:26.0375 40324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:51:26.0385 40324 crcdisk - ok
16:51:26.0397 40324 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:51:26.0430 40324 CryptSvc - ok
16:51:26.0450 40324 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:51:26.0480 40324 CSC - ok
16:51:26.0505 40324 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:51:26.0532 40324 CscService - ok
16:51:26.0555 40324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:51:26.0595 40324 DcomLaunch - ok
16:51:26.0600 40324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:51:26.0660 40324 defragsvc - ok
16:51:26.0670 40324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:51:26.0697 40324 DfsC - ok
16:51:26.0705 40324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:51:26.0752 40324 Dhcp - ok
16:51:26.0755 40324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:51:26.0800 40324 discache - ok
16:51:26.0805 40324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:51:26.0815 40324 Disk - ok
16:51:26.0825 40324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:51:26.0845 40324 Dnscache - ok
16:51:26.0855 40324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:51:26.0910 40324 dot3svc - ok
16:51:26.0917 40324 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:51:26.0932 40324 dot4 - ok
16:51:26.0935 40324 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:51:26.0965 40324 Dot4Print - ok
16:51:26.0967 40324 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:51:26.0995 40324 dot4usb - ok
16:51:27.0002 40324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:51:27.0037 40324 DPS - ok
16:51:27.0040 40324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:51:27.0057 40324 drmkaud - ok
16:51:27.0095 40324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:51:27.0137 40324 DXGKrnl - ok
16:51:27.0145 40324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:51:27.0175 40324 EapHost - ok
16:51:27.0295 40324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:51:27.0395 40324 ebdrv - ok
16:51:27.0422 40324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:51:27.0447 40324 EFS - ok
16:51:27.0475 40324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:51:27.0507 40324 ehRecvr - ok
16:51:27.0515 40324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:51:27.0535 40324 ehSched - ok
16:51:27.0815 40324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:51:27.0835 40324 elxstor - ok
16:51:27.0840 40324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:51:27.0857 40324 ErrDev - ok
16:51:27.0880 40324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:51:27.0937 40324 EventSystem - ok
16:51:27.0947 40324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:51:27.0987 40324 exfat - ok
16:51:27.0992 40324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:51:28.0045 40324 fastfat - ok
16:51:28.0072 40324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:51:28.0092 40324 Fax - ok
16:51:28.0105 40324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:51:28.0117 40324 fdc - ok
16:51:28.0122 40324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:51:28.0152 40324 fdPHost - ok
16:51:28.0157 40324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:51:28.0190 40324 FDResPub - ok
16:51:28.0195 40324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:51:28.0205 40324 FileInfo - ok
16:51:28.0207 40324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:51:28.0260 40324 Filetrace - ok
16:51:28.0262 40324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:28.0275 40324 flpydisk - ok
16:51:28.0287 40324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:51:28.0305 40324 FltMgr - ok
16:51:28.0345 40324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:51:28.0372 40324 FontCache - ok
16:51:28.0382 40324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:51:28.0390 40324 FontCache3.0.0.0 - ok
16:51:28.0397 40324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:51:28.0407 40324 FsDepends - ok
16:51:28.0412 40324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:51:28.0415 40324 Fs_Rec - ok
16:51:28.0425 40324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:51:28.0447 40324 fvevol - ok
16:51:28.0452 40324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:51:28.0462 40324 gagp30kx - ok
16:51:28.0465 40324 Gizmo Central - ok
16:51:28.0470 40324 GizmoDrv (ee8829b623542d8adc4dba65a1133741) C:\Windows\system32\drivers\GizmoDrv.sys
16:51:28.0470 40324 GizmoDrv - ok
16:51:28.0507 40324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:51:28.0552 40324 gpsvc - ok
16:51:28.0555 40324 gupdate - ok
16:51:28.0560 40324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:51:28.0580 40324 hcw85cir - ok
16:51:28.0595 40324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:51:28.0617 40324 HdAudAddService - ok
16:51:28.0625 40324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:51:28.0647 40324 HDAudBus - ok
16:51:28.0650 40324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:51:28.0667 40324 HidBatt - ok
16:51:28.0672 40324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:51:28.0687 40324 HidBth - ok
16:51:28.0690 40324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:51:28.0717 40324 HidIr - ok
16:51:28.0722 40324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:51:28.0760 40324 hidserv - ok
16:51:28.0762 40324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:51:28.0782 40324 HidUsb - ok
16:51:28.0790 40324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:51:28.0830 40324 hkmsvc - ok
16:51:28.0835 40324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:51:28.0855 40324 HomeGroupListener - ok
16:51:28.0865 40324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:51:28.0877 40324 HomeGroupProvider - ok
16:51:28.0882 40324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:51:28.0895 40324 HpSAMD - ok
16:51:28.0922 40324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:51:28.0975 40324 HTTP - ok
16:51:28.0980 40324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:51:28.0987 40324 hwpolicy - ok
16:51:28.0995 40324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:51:29.0007 40324 i8042prt - ok
16:51:29.0025 40324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:51:29.0045 40324 iaStorV - ok
16:51:29.0080 40324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:51:29.0107 40324 idsvc - ok
16:51:29.0112 40324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:51:29.0122 40324 iirsp - ok
16:51:29.0155 40324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:51:29.0200 40324 IKEEXT - ok
16:51:29.0205 40324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:51:29.0205 40324 intelide - ok
16:51:29.0217 40324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:51:29.0230 40324 intelppm - ok
16:51:29.0237 40324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:51:29.0290 40324 IPBusEnum - ok
16:51:29.0292 40324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:29.0340 40324 IpFilterDriver - ok
16:51:29.0362 40324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:51:29.0400 40324 iphlpsvc - ok
16:51:29.0405 40324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:51:29.0417 40324 IPMIDRV - ok
16:51:29.0422 40324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:51:29.0485 40324 IPNAT - ok
16:51:29.0487 40324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:51:29.0505 40324 IRENUM - ok
16:51:29.0510 40324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:51:29.0517 40324 isapnp - ok
16:51:29.0530 40324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:51:29.0545 40324 iScsiPrt - ok
16:51:29.0550 40324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:51:29.0560 40324 kbdclass - ok
16:51:29.0565 40324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:51:29.0582 40324 kbdhid - ok
16:51:29.0587 40324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:29.0615 40324 KeyIso - ok
16:51:29.0617 40324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:51:29.0632 40324 KSecDD - ok
16:51:29.0640 40324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:51:29.0642 40324 KSecPkg - ok
16:51:29.0655 40324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:51:29.0710 40324 ksthunk - ok
16:51:29.0725 40324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:51:29.0762 40324 KtmRm - ok
16:51:29.0775 40324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:51:29.0820 40324 LanmanServer - ok
16:51:29.0825 40324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:51:29.0885 40324 LanmanWorkstation - ok
16:51:29.0895 40324 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
16:51:29.0915 40324 lirsgt - ok
16:51:29.0917 40324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:51:29.0947 40324 lltdio - ok
16:51:29.0962 40324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:51:30.0000 40324 lltdsvc - ok
16:51:30.0002 40324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:51:30.0050 40324 lmhosts - ok
16:51:30.0067 40324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:51:30.0080 40324 LSI_FC - ok
16:51:30.0087 40324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:51:30.0097 40324 LSI_SAS - ok
16:51:30.0102 40324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:51:30.0107 40324 LSI_SAS2 - ok
16:51:30.0117 40324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:51:30.0130 40324 LSI_SCSI - ok
16:51:30.0137 40324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:51:30.0167 40324 luafv - ok
16:51:30.0172 40324 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
16:51:30.0185 40324 lvpepf64 - ok
16:51:30.0215 40324 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
16:51:30.0250 40324 LVRS64 - ok
16:51:30.0255 40324 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
16:51:30.0255 40324 LVUSBS64 - ok
16:51:30.0267 40324 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:51:30.0275 40324 MBAMProtector - ok
16:51:30.0305 40324 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:51:30.0325 40324 MBAMService - ok
16:51:30.0332 40324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:51:30.0347 40324 Mcx2Svc - ok
16:51:30.0352 40324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:51:30.0355 40324 megasas - ok
16:51:30.0375 40324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:51:30.0392 40324 MegaSR - ok
16:51:30.0397 40324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:51:30.0427 40324 MMCSS - ok
16:51:30.0432 40324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:51:30.0472 40324 Modem - ok
16:51:30.0475 40324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:51:30.0485 40324 monitor - ok
16:51:30.0495 40324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:51:30.0505 40324 mouclass - ok
16:51:30.0507 40324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:51:30.0530 40324 mouhid - ok
16:51:30.0537 40324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:51:30.0547 40324 mountmgr - ok
16:51:30.0555 40324 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:51:30.0565 40324 MozillaMaintenance - ok
16:51:30.0570 40324 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:51:30.0590 40324 MpFilter - ok
16:51:30.0597 40324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:51:30.0607 40324 mpio - ok
16:51:30.0615 40324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:51:30.0660 40324 mpsdrv - ok
16:51:30.0690 40324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:51:30.0732 40324 MpsSvc - ok
16:51:30.0740 40324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:51:30.0762 40324 MRxDAV - ok
16:51:30.0770 40324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:30.0785 40324 mrxsmb - ok
16:51:30.0797 40324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:30.0815 40324 mrxsmb10 - ok
16:51:30.0832 40324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:30.0845 40324 mrxsmb20 - ok
16:51:30.0847 40324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:51:30.0857 40324 msahci - ok
16:51:30.0865 40324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:51:30.0875 40324 msdsm - ok
16:51:30.0885 40324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:51:30.0900 40324 MSDTC - ok
16:51:30.0905 40324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:51:30.0950 40324 Msfs - ok
16:51:30.0952 40324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:51:30.0990 40324 mshidkmdf - ok
16:51:30.0995 40324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:51:31.0000 40324 msisadrv - ok
16:51:31.0010 40324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:51:31.0057 40324 MSiSCSI - ok
16:51:31.0062 40324 msiserver - ok
16:51:31.0067 40324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:31.0120 40324 MSKSSRV - ok
16:51:31.0122 40324 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:51:31.0132 40324 MsMpSvc - ok
16:51:31.0135 40324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:31.0192 40324 MSPCLOCK - ok
16:51:31.0202 40324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:51:31.0230 40324 MSPQM - ok
16:51:31.0247 40324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:51:31.0262 40324 MsRPC - ok
16:51:31.0270 40324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:51:31.0272 40324 mssmbios - ok
16:51:31.0282 40324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:51:31.0337 40324 MSTEE - ok
16:51:31.0342 40324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:51:31.0357 40324 MTConfig - ok
16:51:31.0362 40324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:51:31.0372 40324 Mup - ok
16:51:31.0392 40324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:51:31.0437 40324 napagent - ok
16:51:31.0455 40324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:31.0475 40324 NativeWifiP - ok
16:51:31.0512 40324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:51:31.0545 40324 NDIS - ok
16:51:31.0552 40324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:51:31.0592 40324 NdisCap - ok
16:51:31.0597 40324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:31.0637 40324 NdisTapi - ok
16:51:31.0642 40324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:31.0680 40324 Ndisuio - ok
16:51:31.0690 40324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:31.0737 40324 NdisWan - ok
16:51:31.0742 40324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:51:31.0777 40324 NDProxy - ok
16:51:31.0782 40324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:51:31.0825 40324 NetBIOS - ok
16:51:31.0832 40324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:51:31.0887 40324 NetBT - ok
16:51:31.0890 40324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:31.0905 40324 Netlogon - ok
16:51:31.0920 40324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:51:31.0955 40324 Netman - ok
16:51:31.0967 40324 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:51:31.0977 40324 NetMsmqActivator - ok
16:51:31.0980 40324 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:51:31.0987 40324 NetPipeActivator - ok
16:51:32.0007 40324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:51:32.0067 40324 netprofm - ok
16:51:32.0072 40324 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:51:32.0080 40324 NetTcpActivator - ok
16:51:32.0082 40324 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:51:32.0085 40324 NetTcpPortSharing - ok
16:51:32.0095 40324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:51:32.0110 40324 nfrd960 - ok
16:51:32.0117 40324 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:51:32.0125 40324 NisDrv - ok
16:51:32.0140 40324 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:51:32.0155 40324 NisSrv - ok
16:51:32.0170 40324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:51:32.0210 40324 NlaSvc - ok
16:51:32.0220 40324 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
16:51:32.0230 40324 NMSAccessU - ok
16:51:32.0232 40324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:51:32.0260 40324 Npfs - ok
16:51:32.0265 40324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:51:32.0315 40324 nsi - ok
16:51:32.0320 40324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:51:32.0360 40324 nsiproxy - ok
16:51:32.0422 40324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:51:32.0467 40324 Ntfs - ok
16:51:32.0497 40324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:51:32.0525 40324 Null - ok
16:51:33.0012 40324 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:51:33.0350 40324 nvlddmkm - ok
16:51:33.0385 40324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:51:33.0395 40324 nvraid - ok
16:51:33.0402 40324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:51:33.0417 40324 nvstor - ok
16:51:33.0452 40324 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
16:51:33.0490 40324 nvsvc - ok
16:51:33.0577 40324 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:51:33.0630 40324 nvUpdatusService - ok
16:51:33.0665 40324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:51:33.0675 40324 nv_agp - ok
16:51:33.0695 40324 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:51:33.0712 40324 odserv - ok
16:51:33.0717 40324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:51:33.0740 40324 ohci1394 - ok
16:51:33.0747 40324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:51:33.0757 40324 ose - ok
16:51:33.0772 40324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:51:33.0790 40324 p2pimsvc - ok
16:51:33.0810 40324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:51:33.0840 40324 p2psvc - ok
16:51:33.0847 40324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:51:33.0867 40324 Parport - ok
16:51:33.0872 40324 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:51:33.0882 40324 partmgr - ok
16:51:33.0892 40324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:51:33.0910 40324 PcaSvc - ok
16:51:33.0920 40324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:51:33.0930 40324 pci - ok
16:51:33.0935 40324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:51:33.0937 40324 pciide - ok
16:51:33.0947 40324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:33.0957 40324 pcmcia - ok
16:51:33.0970 40324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:51:33.0980 40324 pcw - ok
16:51:34.0005 40324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:51:34.0052 40324 PEAUTH - ok
16:51:34.0105 40324 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:51:34.0140 40324 PeerDistSvc - ok
16:51:34.0170 40324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:51:34.0182 40324 PerfHost - ok
16:51:34.0307 40324 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
16:51:34.0380 40324 PID_PEPI - ok
16:51:34.0455 40324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:51:34.0512 40324 pla - ok
16:51:34.0530 40324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:51:34.0550 40324 PlugPlay - ok
16:51:34.0557 40324 Pml Driver HPZ12 (64ca1485214340cacc315ffdfded73ef) C:\Windows\system32\HPZipm12.dll
16:51:34.0567 40324 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:51:34.0567 40324 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:51:34.0572 40324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:51:34.0587 40324 PNRPAutoReg - ok
16:51:34.0602 40324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:51:34.0625 40324 PNRPsvc - ok
16:51:34.0645 40324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:51:34.0687 40324 PolicyAgent - ok
16:51:34.0697 40324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:51:34.0737 40324 Power - ok
16:51:34.0750 40324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:34.0787 40324 PptpMiniport - ok
16:51:34.0792 40324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:51:34.0802 40324 Processor - ok
16:51:34.0807 40324 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:51:34.0827 40324 ProfSvc - ok
16:51:34.0830 40324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:34.0847 40324 ProtectedStorage - ok
16:51:34.0855 40324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:51:34.0897 40324 Psched - ok
16:51:34.0955 40324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:51:35.0002 40324 ql2300 - ok
16:51:35.0045 40324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:51:35.0057 40324 ql40xx - ok
16:51:35.0067 40324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:51:35.0090 40324 QWAVE - ok
16:51:35.0095 40324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:51:35.0110 40324 QWAVEdrv - ok
16:51:35.0112 40324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:35.0160 40324 RasAcd - ok
16:51:35.0162 40324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:51:35.0197 40324 RasAgileVpn - ok
16:51:35.0205 40324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:51:35.0235 40324 RasAuto - ok
16:51:35.0237 40324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:35.0270 40324 Rasl2tp - ok
16:51:35.0285 40324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:51:35.0342 40324 RasMan - ok
16:51:35.0347 40324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:35.0382 40324 RasPppoe - ok
16:51:35.0387 40324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:35.0417 40324 RasSstp - ok
16:51:35.0432 40324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:35.0505 40324 rdbss - ok
16:51:35.0512 40324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:51:35.0537 40324 rdpbus - ok
16:51:35.0540 40324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:35.0570 40324 RDPCDD - ok
16:51:35.0580 40324 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:51:35.0605 40324 RDPDR - ok
16:51:35.0607 40324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:51:35.0652 40324 RDPENCDD - ok
16:51:35.0657 40324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:51:35.0690 40324 RDPREFMP - ok
16:51:35.0697 40324 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:51:35.0727 40324 RdpVideoMiniport - ok
16:51:35.0737 40324 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:51:35.0750 40324 RDPWD - ok
16:51:35.0760 40324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:51:35.0772 40324 rdyboost - ok
16:51:35.0780 40324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:51:35.0820 40324 RemoteAccess - ok
16:51:35.0835 40324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:51:35.0862 40324 RemoteRegistry - ok
16:51:35.0872 40324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:51:35.0915 40324 RpcEptMapper - ok
16:51:35.0920 40324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:51:35.0935 40324 RpcLocator - ok
16:51:35.0957 40324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:51:36.0000 40324 RpcSs - ok
16:51:36.0010 40324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:36.0042 40324 rspndr - ok
16:51:36.0050 40324 RTL8167 (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:51:36.0072 40324 RTL8167 - ok
16:51:36.0075 40324 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:51:36.0087 40324 s3cap - ok
16:51:36.0087 40324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:36.0110 40324 SamSs - ok
16:51:36.0117 40324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:51:36.0127 40324 sbp2port - ok
16:51:36.0137 40324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:51:36.0192 40324 SCardSvr - ok
16:51:36.0202 40324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:51:36.0230 40324 scfilter - ok
16:51:36.0270 40324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:51:36.0320 40324 Schedule - ok
16:51:36.0327 40324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:51:36.0377 40324 SCPolicySvc - ok
16:51:36.0387 40324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:51:36.0402 40324 SDRSVC - ok
16:51:36.0410 40324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:51:36.0447 40324 secdrv - ok
16:51:36.0452 40324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:51:36.0485 40324 seclogon - ok
16:51:36.0487 40324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:51:36.0537 40324 SENS - ok
16:51:36.0542 40324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:51:36.0555 40324 SensrSvc - ok
16:51:36.0557 40324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:51:36.0587 40324 Serenum - ok
16:51:36.0592 40324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:51:36.0610 40324 Serial - ok
16:51:36.0612 40324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:51:36.0625 40324 sermouse - ok
16:51:36.0645 40324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:51:36.0687 40324 SessionEnv - ok
16:51:36.0692 40324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:51:36.0715 40324 sffdisk - ok
16:51:36.0717 40324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:36.0742 40324 sffp_mmc - ok
16:51:36.0745 40324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:51:36.0757 40324 sffp_sd - ok
16:51:36.0762 40324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:51:36.0795 40324 sfloppy - ok
16:51:36.0812 40324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:51:36.0847 40324 SharedAccess - ok
16:51:36.0872 40324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:51:36.0910 40324 ShellHWDetection - ok
16:51:36.0912 40324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:51:36.0925 40324 SiSRaid2 - ok
16:51:36.0930 40324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:51:36.0940 40324 SiSRaid4 - ok
16:51:36.0952 40324 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:51:36.0962 40324 SkypeUpdate - ok
16:51:36.0970 40324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:51:37.0010 40324 Smb - ok
16:51:37.0017 40324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:51:37.0042 40324 SNMPTRAP - ok
16:51:37.0045 40324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:51:37.0055 40324 spldr - ok
16:51:37.0077 40324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:51:37.0132 40324 Spooler - ok
16:51:37.0262 40324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:51:37.0357 40324 sppsvc - ok
16:51:37.0385 40324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:51:37.0430 40324 sppuinotify - ok
16:51:37.0472 40324 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
16:51:37.0472 40324 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
16:51:37.0475 40324 sptd ( LockedFile.Multi.Generic ) - warning
16:51:37.0475 40324 sptd - detected LockedFile.Multi.Generic (1)
16:51:37.0497 40324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:51:37.0515 40324 srv - ok
16:51:37.0535 40324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:51:37.0570 40324 srv2 - ok
16:51:37.0610 40324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:38.0000 40324 srvnet - ok
16:51:38.0010 40324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:51:38.0060 40324 SSDPSRV - ok
16:51:38.0067 40324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:51:38.0105 40324 SstpSvc - ok
16:51:38.0107 40324 ss_bus (d21ff3592daee244ee8376830a672b52) C:\Windows\system32\DRIVERS\ss_bus.sys
16:51:38.0130 40324 ss_bus - ok
16:51:38.0135 40324 ss_mdfl (451db3d10e6112e06b4506d4a7becec1) C:\Windows\system32\DRIVERS\ss_mdfl.sys
16:51:38.0140 40324 ss_mdfl - ok
16:51:38.0150 40324 ss_mdm (ef40c8a268a5263a0ef48fed8e57cbed) C:\Windows\system32\DRIVERS\ss_mdm.sys
16:51:38.0160 40324 ss_mdm - ok
16:51:38.0165 40324 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
16:51:38.0177 40324 StarOpen ( UnsignedFile.Multi.Generic ) - warning
16:51:38.0177 40324 StarOpen - detected UnsignedFile.Multi.Generic (1)
16:51:38.0182 40324 Steam Client Service - ok
16:51:38.0202 40324 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:51:38.0225 40324 Stereo Service - ok
16:51:38.0230 40324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:51:38.0240 40324 stexstor - ok
16:51:38.0262 40324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:51:38.0295 40324 stisvc - ok
16:51:38.0300 40324 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:51:38.0310 40324 storflt - ok
16:51:38.0315 40324 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:51:38.0325 40324 storvsc - ok
16:51:38.0332 40324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:51:38.0340 40324 swenum - ok
16:51:38.0360 40324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:51:38.0405 40324 swprv - ok
16:51:38.0407 40324 Synth3dVsc - ok
16:51:38.0472 40324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:51:38.0525 40324 SysMain - ok
16:51:38.0555 40324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:51:38.0570 40324 TabletInputService - ok
16:51:38.0585 40324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:51:38.0640 40324 TapiSrv - ok
16:51:38.0645 40324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:51:38.0672 40324 TBS - ok
16:51:38.0752 40324 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:51:38.0802 40324 Tcpip - ok
16:51:38.0895 40324 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:38.0940 40324 TCPIP6 - ok
16:51:38.0980 40324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:51:39.0012 40324 tcpipreg - ok
16:51:39.0015 40324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:51:39.0035 40324 TDPIPE - ok
16:51:39.0040 40324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:51:39.0065 40324 TDTCP - ok
16:51:39.0072 40324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:51:39.0112 40324 tdx - ok
16:51:39.0117 40324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:51:39.0127 40324 TermDD - ok
16:51:39.0155 40324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:51:39.0200 40324 TermService - ok
16:51:39.0205 40324 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
16:51:39.0215 40324 TFsExDisk - ok
16:51:39.0220 40324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:51:39.0242 40324 Themes - ok
16:51:39.0247 40324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:51:39.0287 40324 THREADORDER - ok
16:51:39.0295 40324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:51:39.0337 40324 TrkWks - ok
16:51:39.0347 40324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:51:39.0385 40324 TrustedInstaller - ok
16:51:39.0392 40324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:39.0425 40324 tssecsrv - ok
16:51:39.0432 40324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:51:39.0460 40324 TsUsbFlt - ok
16:51:39.0462 40324 tsusbhub - ok
16:51:39.0470 40324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:39.0502 40324 tunnel - ok
16:51:39.0507 40324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:51:39.0517 40324 uagp35 - ok
16:51:39.0535 40324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:51:39.0580 40324 udfs - ok
16:51:39.0587 40324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:51:39.0602 40324 UI0Detect - ok
16:51:39.0610 40324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:51:39.0620 40324 uliagpkx - ok
16:51:39.0622 40324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:51:39.0640 40324 umbus - ok
16:51:39.0645 40324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:51:39.0670 40324 UmPass - ok
16:51:39.0682 40324 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:51:39.0702 40324 UmRdpService - ok
16:51:39.0720 40324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:51:39.0767 40324 upnphost - ok
16:51:39.0775 40324 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:51:39.0790 40324 usbaudio - ok
16:51:39.0795 40324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:39.0820 40324 usbccgp - ok
16:51:39.0825 40324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:51:39.0845 40324 usbcir - ok
16:51:39.0850 40324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:51:39.0875 40324 usbehci - ok
16:51:39.0890 40324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:51:39.0907 40324 usbhub - ok
16:51:39.0912 40324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:51:39.0930 40324 usbohci - ok
16:51:39.0932 40324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:51:39.0950 40324 usbprint - ok
16:51:39.0957 40324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:39.0970 40324 USBSTOR - ok
16:51:39.0975 40324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:51:39.0985 40324 usbuhci - ok
16:51:39.0992 40324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:51:40.0047 40324 UxSms - ok
16:51:40.0052 40324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:51:40.0062 40324 VaultSvc - ok
16:51:40.0067 40324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:51:40.0077 40324 vdrvroot - ok
16:51:40.0100 40324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:51:40.0137 40324 vds - ok
16:51:40.0140 40324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:40.0170 40324 vga - ok
16:51:40.0172 40324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:51:40.0212 40324 VgaSave - ok
16:51:40.0217 40324 VGPU - ok
16:51:40.0227 40324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:51:40.0240 40324 vhdmp - ok
16:51:40.0245 40324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:51:40.0255 40324 viaide - ok
16:51:40.0257 40324 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:51:40.0267 40324 vmbus - ok
16:51:40.0280 40324 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:51:40.0297 40324 VMBusHID - ok
16:51:40.0302 40324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:51:40.0312 40324 volmgr - ok
16:51:40.0327 40324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:51:40.0350 40324 volmgrx - ok
16:51:40.0362 40324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:51:40.0377 40324 volsnap - ok
16:51:40.0387 40324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:51:40.0397 40324 vsmraid - ok
16:51:40.0457 40324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:51:40.0520 40324 VSS - ok
16:51:40.0547 40324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:51:40.0570 40324 vwifibus - ok
16:51:40.0587 40324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:51:40.0627 40324 W32Time - ok
16:51:40.0635 40324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:51:40.0657 40324 WacomPen - ok
16:51:40.0662 40324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:40.0700 40324 WANARP - ok
16:51:40.0702 40324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:40.0730 40324 Wanarpv6 - ok
16:51:40.0785 40324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:51:40.0830 40324 wbengine - ok
16:51:40.0862 40324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:51:40.0887 40324 WbioSrvc - ok
16:51:40.0902 40324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:51:40.0925 40324 wcncsvc - ok
16:51:40.0930 40324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:51:40.0965 40324 WcsPlugInService - ok
16:51:40.0970 40324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:51:40.0980 40324 Wd - ok
16:51:41.0005 40324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:51:41.0032 40324 Wdf01000 - ok
16:51:41.0042 40324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:51:41.0080 40324 WdiServiceHost - ok
16:51:41.0082 40324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:51:41.0105 40324 WdiSystemHost - ok
16:51:41.0117 40324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:51:41.0135 40324 WebClient - ok
16:51:41.0147 40324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:51:41.0197 40324 Wecsvc - ok
16:51:41.0205 40324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:51:41.0252 40324 wercplsupport - ok
16:51:41.0260 40324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:51:41.0302 40324 WerSvc - ok
16:51:41.0307 40324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:51:41.0355 40324 WfpLwf - ok
16:51:41.0357 40324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:51:41.0367 40324 WIMMount - ok
16:51:41.0370 40324 WinDefend - ok
16:51:41.0377 40324 WinHttpAutoProxySvc - ok
16:51:41.0392 40324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:51:41.0435 40324 Winmgmt - ok
16:51:41.0510 40324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:51:41.0587 40324 WinRM - ok
16:51:41.0632 40324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:51:41.0645 40324 WinUsb - ok
16:51:41.0680 40324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:51:41.0717 40324 Wlansvc - ok
16:51:41.0807 40324 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:51:41.0862 40324 wlidsvc - ok
16:51:41.0887 40324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:51:41.0902 40324 WmiAcpi - ok
16:51:41.0917 40324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:51:41.0932 40324 wmiApSrv - ok
16:51:41.0937 40324 WMPNetworkSvc - ok
16:51:41.0942 40324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:51:41.0952 40324 WPCSvc - ok
16:51:41.0960 40324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:51:41.0982 40324 WPDBusEnum - ok
16:51:41.0985 40324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:51:42.0030 40324 ws2ifsl - ok
16:51:42.0037 40324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:51:42.0057 40324 wscsvc - ok
16:51:42.0060 40324 WSearch - ok
16:51:42.0150 40324 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:51:42.0212 40324 wuauserv - ok
16:51:42.0250 40324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:51:42.0282 40324 WudfPf - ok
16:51:42.0290 40324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:51:42.0325 40324 WUDFRd - ok
16:51:42.0332 40324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:51:42.0365 40324 wudfsvc - ok
16:51:42.0377 40324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:51:42.0402 40324 WwanSvc - ok
16:51:42.0410 40324 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
16:51:42.0430 40324 xusb21 - ok
16:51:42.0457 40324 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:51:42.0477 40324 YahooAUService - ok
16:51:42.0480 40324 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:51:42.0560 40324 \Device\Harddisk0\DR0 - ok
16:51:42.0562 40324 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
16:51:42.0630 40324 \Device\Harddisk1\DR1 - ok
16:51:42.0632 40324 Boot (0x1200) (09d47519dd8d85d5d880d78edd072a18) \Device\Harddisk0\DR0\Partition0
16:51:42.0632 40324 \Device\Harddisk0\DR0\Partition0 - ok
16:51:42.0635 40324 Boot (0x1200) (33aeb7fb96bac3b8e93e36e53699fc2a) \Device\Harddisk0\DR0\Partition1
16:51:42.0635 40324 \Device\Harddisk0\DR0\Partition1 - ok
16:51:42.0640 40324 Boot (0x1200) (edf31b6d8b85f95e236a9e24d0dd56b3) \Device\Harddisk1\DR1\Partition0
16:51:42.0640 40324 \Device\Harddisk1\DR1\Partition0 - ok
16:51:42.0640 40324 ============================================================
16:51:42.0640 40324 Scan finished
16:51:42.0640 40324 ============================================================
16:51:42.0650 40316 Detected object count: 3
16:51:42.0650 40316 Actual detected object count: 3
16:52:54.0770 40316 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:54.0770 40316 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:54.0772 40316 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:52:54.0772 40316 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:52:54.0772 40316 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:54.0772 40316 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.07.2012, 18:32
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.07.2012, 13:37
| #21 |
| | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text hallo, habe combofix ausgeführt, bei dem von combofix durchgeführten neustart konnte ich dann keine programme aufrufen, habe danach noch einen neustart gemacht, jetzt tut wieder alles. Code:
ATTFilter ComboFix 12-07-10.01 - xxxxx 10.07.2012 13:52:28.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2642 [GMT 2:00]
ausgeführt von:: c:\users\xxxxx\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxxxx\AppData\Roaming\AcroIEHelpe.txt
c:\users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\users\xxxxx\AppData\Roaming\srvblck2.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-10 bis 2012-07-10 ))))))))))))))))))))))))))))))
.
.
2012-07-10 11:56 . 2012-07-10 11:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 14:56 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A87643D6-A76F-405F-890A-718E9D94ECA8}\mpengine.dll
2012-07-09 14:03 . 2012-07-09 14:03 -------- d-----w- C:\_OTL
2012-07-08 19:20 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-06 09:57 . 2012-07-06 09:57 -------- d-----w- c:\program files (x86)\ESET
2012-07-04 16:48 . 2012-02-11 20:15 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAEE68A9-C31D-4CA4-979B-C05EE15B2410}\gapaengine.dll
2012-07-02 23:33 . 2012-07-02 23:33 -------- d-----w- c:\users\xxxxx\AppData\Roaming\Malwarebytes
2012-07-02 23:33 . 2012-07-02 23:33 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 23:33 . 2012-07-02 23:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 23:33 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 19:45 . 2012-06-24 19:45 -------- d-----w- c:\program files (x86)\Microsoft
2012-06-24 12:15 . 2012-06-24 12:15 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-24 12:15 . 2012-06-24 12:15 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 23:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 23:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 23:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 23:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 23:55 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 23:55 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 23:55 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 23:54 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 23:54 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 21:24 . 2012-06-26 01:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-14 21:24 . 2012-06-24 12:15 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-14 21:24 . 2012-06-24 12:15 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-14 10:57 . 2012-06-14 10:57 -------- d-----w- c:\users\xxxxx\AppData\Local\Macromedia
2012-06-14 01:37 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 01:37 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 01:37 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 15:35 . 2012-06-12 15:58 -------- d-----w- c:\program files (x86)\JDownloader
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 01:47 . 2012-04-02 22:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 01:47 . 2011-05-17 11:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Facebook Update"="c:\users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-06 137536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-17 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-03-26 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-21 834544]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:47]
.
2012-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job
- c:\users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-06 20:04]
.
2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job
- c:\users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-06 20:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{222f31fb-a14e-4af2-bb14-997f28294370}]
2011-12-18 02:53 167416 ----a-w- c:\users\xxxxx\AppData\Roaming\VshareComplete\64\VshareComplete64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
TCP: Interfaces\{61117D82-11E3-4CF7-A9E5-C8D4BBC29531}: NameServer = 213.191.74.18 62.109.123.196
FF - ProfilePath - c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ytkfj7wc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
AddRemove-vShare plugin - c:\program files (x86)\StartSearch plugin\uninst.exe
AddRemove-Game Organizer - c:\programdata\Easybits GO\EasyBitsGO.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-10 14:02:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-10 12:02
.
Vor Suchlauf: 10 Verzeichnis(se), 43.627.917.312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 43.499.745.280 Bytes frei
.
- - End Of File - - CD1083CA434473A2527B3B0DE3B34855
|
|
10.07.2012, 20:16
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.07.2012, 19:15
| #23 |
| | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text gmer logile Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-11 20:13:15
Windows 6.1.7601 Service Pack 1
Running: 64jk4z6v.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xA8 0xFB 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x13 0xD5 0xE8 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0xEA 0xB6 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xA8 0xFB 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x13 0xD5 0xE8 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0xEA 0xB6 0x0D ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:18:13 on 11.07.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Opera Software Opera Internet Browser 12.00 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001Core.job" - "Facebook Inc." - C:\Users\Claus\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-1491276608-1763617303-3872750263-1001UA.job" - "Facebook Inc." - C:\Users\Claus\AppData\Local\Facebook\Update\FacebookUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "a9qksfce" (a9qksfce) - "Microsoft Corporation" - C:\Windows\system32\drivers\a9qksfce.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Gizmo Device Driver" (GizmoDrv) - "Arainia Solutions LLC" - C:\Windows\system32\drivers\GizmoDrv.sys "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) "TFsExDisk" (TFsExDisk) - "Teruten Inc" - C:\Windows\System32\Drivers\TFsExDisk.sys "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "GMNRev Class" - "Hewlett-Packard" - C:\Program Files (x86)\HP\Common\HPGMNRev.dll / hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.2" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.2\ICQ.exe "PokerStars" - "PokerStars" - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun "Facebook Update" - "Facebook Inc." - "C:\Users\Claus\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "ICQ" - "ICQ, LLC." - "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 "Messenger (Yahoo!)" - "Yahoo! Inc." - "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet "Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\Steam.exe" -silent -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ContentTransferWMDetector.exe" - "Sony Corporation" - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe "DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\NisSrv.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Gizmo Central" (Gizmo Central) - ? - C:\Program Files (x86)\Gizmo\gservice.exe (File not found) "Google Update Service (gupdate)" (gupdate) - ? - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (File not found) "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NMSAccessU" (NMSAccessU) - ? - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-11 20:21:18
-----------------------------
20:21:18.703 OS Version: Windows x64 6.1.7601 Service Pack 1
20:21:18.703 Number of processors: 2 586 0x170A
20:21:18.703 ComputerName: ***** UserName: xxxxx
20:21:19.873 Initialize success
20:22:21.217 AVAST engine defs: 12071101
20:22:28.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:22:28.003 Disk 0 Vendor: CORSAIR_CMFSSD-128GBG1D__Z VAM0501Q Size: 122104MB BusType: 3
20:22:28.018 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
20:22:28.018 Disk 1 Vendor: SAMSUNG_HD321KJ CP100-12 Size: 305245MB BusType: 3
20:22:28.018 Disk 0 MBR read successfully
20:22:28.018 Disk 0 MBR scan
20:22:28.018 Disk 0 Windows 7 default MBR code
20:22:28.018 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:22:28.018 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
20:22:28.034 Disk 0 scanning C:\Windows\system32\drivers
20:22:37.238 Service scanning
20:22:47.877 Modules scanning
20:22:47.877 Disk 0 trace - called modules:
20:22:48.486 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80043dd2c0]<<spvc.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:22:48.486 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046bf060]
20:22:48.486 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004571520]
20:22:48.501 5 ACPI.sys[fffff880011697a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004573060]
20:22:48.501 \Driver\atapi[0xfffffa800454ae70] -> IRP_MJ_CREATE -> 0xfffffa80043dd2c0
20:22:54.507 AVAST engine scan C:\Windows
20:22:55.147 AVAST engine scan C:\Windows\system32
20:24:08.685 AVAST engine scan C:\Windows\system32\drivers
20:24:12.071 AVAST engine scan C:\Users\xxxxx
20:25:31.194 AVAST engine scan C:\ProgramData
20:25:45.905 Scan finished successfully
20:26:00.553 Disk 0 MBR has been saved successfully to "C:\Users\xxxxx\Desktop\MBR.dat"
20:26:00.553 The log file has been saved successfully to "C:\Users\xxxxx\Desktop\aswMBR.txt"
|
|
12.07.2012, 10:00
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 14:07
| #25 |
| | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text SAS-Log Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/13/2012 at 03:00 PM
Application Version : 5.5.1006
Core Rules Database Version : 8894
Trace Rules Database Version: 6706
Scan type : Complete Scan
Total Scan Time : 00:55:32
Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 523
Memory threats detected : 0
Registry items scanned : 72631
Registry threats detected : 0
File items scanned : 161094
File threats detected : 1917
Trojan.Agent/Gen-Frauder
C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\SEQ2AVI.EXE
MAM-Log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 xxxxx :: ****** [Administrator] Schutz: Aktiviert 13.07.2012 15:09:05 mbam-log-2012-07-13 (15-09-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 436875 Laufzeit: 15 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.07.2012, 20:50
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text Sieht ok aus, nur ein Fehlalarm und sonst Cookies Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2012, 12:58
| #27 |
| | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text Hallo Arne, so weit ich das beurteilen kann läuft das system wieder störungsfrei. werd heut glaub nochmal komplett scans durchführen soweit da nochmal meldungen kommen, werd ich diese posten. die meisten der programme die ich nun auf dem desktop habe, sollt ich wohl wieder löschen, was ist sinnvoll als schutz und was ist überhaupt nicht sinnvoll, gubt es einen schutz vor dem gvu trojaner und ähnlichem? würde mcih freuen wenn du mir da noch ein wenig helfen kannst, dass ich nciht gleich in nem monat wieder hier was posten muss. Gruß hab da zb mal was über die sandybox gelesen, ist sowas sinnvoll? |
|
18.07.2012, 11:28
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text Ja Sandboxie ist ok und kann sinnvoll sein Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu WIN 7 GVU Trojaner ähnlich 2.04 mit anderem Text |
| 7-zip, avg, avg secure search, avg security toolbar, bho, bildschirm, blockiert, cdburnerxp, error, explorer, fehler, firefox, flash player, format, helper, iexplore.exe, install.exe, langs, league of legends, limited.com/facebook, logfile, microsoft office word, nicht öffnen, nvidia update, office 2007, pando media booster, plug-in, realtek, registry, richtlinie, rundll, scan, searchscopes, secure search, security, shark, software, staropen, svchost.exe, teamspeak, trojaner, udp, vtoolbarupdater, windows, wrapper |
Linear-Darstellung
