| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanermeldung "win32/coinminer"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.09.2012, 19:32
| #1 |
 |  Trojanermeldung "win32/coinminer" Hallo, ich bekomme seid 3 Tagen von meinem Virenscanner "Microsoft security Essentials" eine Trojanermeldung "win32/coinminer". Ich verschiebe sie in Quarantäne und lasse sie Löschen, jedoch kommt die Meldung nach jedem Neustart wieder. Ich benutze Win 7 32 Bit version. Falls ihr weiter Daten benötigt welche ich hier nicht genannt habe bitte ich um entschuldigen und Antworte so schnell ich kann. Ich bin den Anweisungen laut Beitrag zur erstellung eines neuen Themas gefolgt und habe im Anhang eine Rar datei mit den 3 Dateien. Gmer,Extras und OTL.txt Ich danke für eure Hilfe. |
|
07.09.2012, 19:42
| #2 |
| /// Malware-holic   | Trojanermeldung "win32/coinminer" hi
__________________ersetze im script ... durch nutzernamen sonst gehts nicht dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
F3 - HKCU WinNT: Load - (C:\Users\...\C_1wh.exe) - C:\Users\...\C_1wh.exe ()
O4 - HKCU..\Run: [Twain Working Group] C:\Users\...\AppData\Roaming\Microsoft\twunk_16.exe ()
O4 - HKCU..\Run: [iwlfaqanbswbuyuhfhy] C:\Users\...\AppData\Roaming\iwlfaqanbswbuyuhfhy.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Flrefox] C:\Users\...\AppData\Roaming\Flrefox\Flrefox.Exe ()
PRC - [2012.09.05 22:00:34 | 000,235,520 | RHS- | M] () -- C:\Users\...\C_1wh.exe
[2012.09.05 22:03:04 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\dclogs
[2012.09.05 22:00:34 | 000,235,520 | RHS- | M] () -- C:\Users\...\C_1wh.exe
:Files
C:\Users\...\C_1wh.exe
C:\Users\...\AppData\Roaming\Microsoft\twunk_16.exe
C:\Users\...\AppData\Roaming\iwlfaqanbswbuyuhfhy.exe
C:\Users\...\AppData\Roaming\Flrefox
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
07.09.2012, 19:50
| #3 |
| | Trojanermeldung "win32/coinminer" Ich kann dir gerade nicht folgen...
__________________Welches Script ? Alle erstellten ? Durch den echten Usernamen ersetzen ? |
|
07.09.2012, 20:18
| #4 |
| /// Malware-holic | Trojanermeldung "win32/coinminer" in meinem script, steht oben in der code box, ... durch den nutzernamen ersetzen bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.09.2012, 20:48
| #5 |
| | Trojanermeldung "win32/coinminer" Es hat alles funktioniert. Danke schonmal im voraus. |
|
07.09.2012, 20:59
| #6 |
| /// Malware-holic | Trojanermeldung "win32/coinminer" wunderbar upload ist da. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ --> Trojanermeldung "win32/coinminer" |
|
07.09.2012, 21:15
| #7 |
| | Trojanermeldung "win32/coinminer" Combofix Logfile: Code:
ATTFilter ComboFix 12-09-07.03 - Jeff 07.09.2012 22:06:17.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3583.2452 [GMT 2:00]
ausgeführt von:: c:\users\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\blekkotb_031\blEKkotb_019x.dll
c:\program files\Mozilla Firefox\searchplugins\search.xml
G:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-07 bis 2012-09-07 ))))))))))))))))))))))))))))))
.
.
2012-09-07 20:11 . 2012-09-07 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 19:40 . 2012-09-07 19:46 -------- d-----w- C:\_OTL
2012-09-07 17:57 . 2012-09-07 17:57 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403B3E48-6563-48B8-99DB-0FE22F60D56B}\MpKsl9862028b.sys
2012-09-07 17:41 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403B3E48-6563-48B8-99DB-0FE22F60D56B}\mpengine.dll
2012-09-06 13:33 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-05 18:45 . 2012-09-05 20:06 -------- d-----w- C:\Fraps
2012-09-05 18:13 . 2012-09-05 18:13 -------- d-----w- c:\program files\HyperCam 2
2012-09-05 18:12 . 2012-09-05 18:13 -------- d-----w- c:\programdata\SweetIM
2012-09-05 18:12 . 2012-09-05 18:13 -------- d-----w- c:\program files\SweetIM
2012-09-05 18:10 . 2012-09-05 18:10 -------- d-----w- c:\programdata\blekko toolbars
2012-09-05 18:10 . 2012-09-07 20:10 -------- d-----w- c:\program files\blekkotb_031
2012-09-05 18:10 . 2012-09-05 18:10 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-09-05 14:45 . 2012-09-05 14:45 -------- d-----w- c:\program files\Microsoft
2012-09-05 14:44 . 2012-09-05 14:44 -------- d-----w- c:\program files\Common Files\Java
2012-09-05 14:44 . 2012-09-05 14:44 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 14:44 . 2012-09-05 14:44 -------- d-----w- c:\program files\Java
2012-09-05 13:18 . 2012-09-05 13:18 -------- d-----w- c:\program files\TeamViewer
2012-09-04 19:02 . 2004-11-23 22:22 32768 ----a-r- c:\windows\system32\XSIChooser.exe
2012-08-30 13:46 . 2012-08-30 13:46 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-29 18:04 . 2012-09-06 17:57 -------- d-----w- C:\HammerAutosave
2012-08-28 11:23 . 2012-08-28 11:23 -------- d-----w- c:\programdata\ATI
2012-08-28 11:23 . 2012-08-28 11:23 -------- d-----w- c:\program files\AMD APP
2012-08-23 14:43 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-08-23 14:43 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-08-23 14:43 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-08-23 14:43 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-08-23 14:43 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-08-23 14:43 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-08-23 14:43 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-08-23 14:43 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-08-23 11:59 . 2012-09-05 19:40 -------- d-----w- c:\program files\Common Files\Steam
2012-08-23 11:08 . 2012-08-23 11:08 -------- d-----w- c:\program files\1-abc
2012-08-22 21:35 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-08-22 21:35 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-08-22 21:35 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-08-22 21:35 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-08-22 21:19 . 2012-08-22 21:19 -------- d-----w- c:\program files\Disney Interactive Studios
2012-08-22 20:55 . 2012-08-22 20:55 -------- d-----w- c:\program files\Microsoft Garage
2012-08-22 16:42 . 2012-08-22 16:43 -------- d-----w- c:\program files\Google
2012-08-22 16:41 . 2012-08-22 16:41 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-22 13:43 . 2012-09-07 17:38 -------- d-----w- c:\program files\Opera
2012-08-18 23:50 . 2012-08-18 23:50 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-08-16 15:17 . 2012-08-16 15:17 -------- d-----w- c:\programdata\WEBREG
2012-08-16 15:14 . 2012-08-16 15:14 -------- d-----w- c:\programdata\HP Product Assistant
2012-08-16 15:12 . 2012-08-16 15:12 -------- d-----w- c:\program files\Common Files\HP
2012-08-16 15:11 . 2012-08-16 15:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-08-16 15:10 . 2008-10-06 13:37 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll
2012-08-16 15:10 . 2008-10-29 18:56 271704 ----a-w- c:\windows\system32\hpzids01.dll
2012-08-16 15:10 . 2008-10-06 13:38 121344 ----a-w- c:\windows\system32\hpf3l083.dll
2012-08-16 15:10 . 2008-10-29 18:57 974848 ----a-w- c:\windows\system32\hpost_p02b.dll
2012-08-16 15:10 . 2008-10-29 18:57 737280 ----a-w- c:\windows\system32\hposwia_p02b.dll
2012-08-16 15:10 . 2008-10-29 18:57 307200 ----a-w- c:\windows\system32\hposc_p02a.dll
2012-08-16 15:09 . 2012-08-16 15:15 -------- d-----w- c:\program files\HP
2012-08-16 15:07 . 2012-08-16 15:16 -------- d-----w- c:\programdata\HP
2012-08-16 15:07 . 2009-07-14 01:15 319488 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfppw73.dll
2012-08-16 14:24 . 2009-02-27 01:42 31640 ----a-w- c:\windows\system32\msonpmon.dll
2012-08-16 14:24 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-08-16 14:23 . 2012-08-18 23:51 -------- d-----w- c:\program files\Microsoft Works
2012-08-16 14:22 . 2012-08-16 14:22 -------- d-----w- c:\windows\PCHEALTH
2012-08-16 14:20 . 2012-08-16 14:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-08-16 14:19 . 2012-08-19 22:10 -------- d-----w- c:\programdata\Microsoft Help
2012-08-16 14:19 . 2012-08-16 14:19 -------- d-----r- C:\MSOCache
2012-08-16 01:44 . 2012-08-16 01:44 -------- d-----w- c:\windows\system32\wbem\en-US
2012-08-16 01:07 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-16 01:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-16 01:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-16 01:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-16 01:04 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-08-16 01:00 . 2012-08-16 01:00 -------- d-----w- c:\program files\MSXML 4.0
2012-08-16 00:46 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-14 18:01 . 2012-08-14 18:01 -------- d-----w- c:\program files\Firefox Backup Tool
2012-08-14 17:51 . 2012-08-14 18:18 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-14 17:49 . 2012-08-14 18:18 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-14 17:49 . 2012-08-14 18:18 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-14 17:49 . 2012-08-14 18:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-14 17:49 . 2012-08-14 18:16 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2012-08-14 17:29 . 2012-08-14 18:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 17:29 . 2012-08-14 18:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 17:29 . 2012-08-14 17:29 -------- d-----w- c:\windows\system32\Macromed
2012-08-14 17:27 . 2012-04-05 16:03 3969336 ----a-w- c:\windows\system32\GameMon.des
2012-08-14 17:27 . 2004-12-31 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2012-08-14 17:27 . 2003-07-16 15:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2012-08-14 17:26 . 2012-08-14 17:26 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\program files\Oracle
2012-08-14 17:23 . 2012-09-05 14:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-14 17:23 . 2012-09-05 14:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-14 17:17 . 2012-08-14 17:17 -------- d-----w- c:\program files\CCleaner
2012-08-14 17:10 . 2012-08-14 17:10 -------- dc----w- c:\windows\system32\DRVSTORE
2012-08-14 17:10 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-14 17:10 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-14 17:10 . 2012-08-14 17:10 -------- d-----w- c:\program files\iPod
2012-08-14 17:10 . 2012-08-14 17:10 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-14 17:10 . 2012-08-14 17:10 -------- d-----w- c:\program files\iTunes
2012-08-14 17:10 . 2012-08-14 17:10 -------- d-----w- c:\programdata\Apple Computer
2012-08-14 17:09 . 2012-08-14 17:09 -------- d-----w- c:\program files\Apple Software Update
2012-08-14 17:09 . 2012-08-14 17:09 -------- d-----w- c:\program files\Bonjour
2012-08-14 17:09 . 2012-08-14 17:10 -------- d-----w- c:\program files\Common Files\Apple
2012-08-14 17:09 . 2012-08-14 17:09 -------- d-----w- c:\programdata\Apple
2012-08-14 16:59 . 2012-09-05 19:51 -------- d-----w- c:\windows\Panther
2012-08-14 16:54 . 2012-08-14 16:54 -------- d-----w- c:\program files\Common Files\Steganos
2012-08-14 16:36 . 2012-08-14 16:36 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAD8719A-30A1-4FA7-8718-C82075023871}\gapaengine.dll
2012-08-14 16:35 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-08-14 16:33 . 2012-08-16 01:03 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-14 16:27 . 2012-08-14 16:27 -------- d-----w- c:\program files\AMD AVT
2012-08-14 16:25 . 2012-08-14 16:25 -------- d-----w- c:\programdata\LogiShrd
2012-08-14 16:23 . 2012-08-14 16:23 19720 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2012-08-14 16:23 . 2012-08-14 16:23 14856 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2012-08-14 16:23 . 2012-08-14 16:23 341000 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2012-08-14 16:23 . 2012-08-14 16:23 140808 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll
2012-08-14 16:23 . 2012-08-14 16:29 -------- d-----w- c:\program files\Logitech Gaming Software
2012-08-14 16:19 . 2012-08-14 16:19 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-14 16:17 . 2012-08-14 16:17 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-08-14 16:17 . 2012-08-28 11:22 -------- d-----w- c:\programdata\AMD
2012-08-14 16:17 . 2010-02-18 07:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-08-14 16:16 . 2012-08-28 11:22 -------- d-----w- c:\program files\ATI Technologies
2012-08-14 16:16 . 2012-08-14 16:25 -------- d-----w- C:\AMD
2012-08-14 16:15 . 2012-08-14 16:15 -------- d-----w- c:\program files\ATI
2012-08-14 16:15 . 2012-08-14 16:15 -------- d-----w- C:\ATI
2012-08-14 16:14 . 2012-08-14 16:14 -------- d-----w- c:\program files\NVIDIA Corporation
2012-08-14 16:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-14 16:11 . 2012-09-04 19:01 -------- d-----w- c:\program files\Common Files\InstallShield
2012-08-14 16:11 . 2012-09-06 19:36 -------- d-sh--w- c:\windows\Installer
2012-08-14 16:10 . 2009-04-30 04:46 704512 ----a-r- c:\windows\system32\cohelper.dll
2012-08-14 16:10 . 2009-04-28 21:27 5940 ----a-r- c:\windows\system32\drivers\nvphy.bin
2012-08-14 16:10 . 2009-04-30 05:06 287008 ----a-w- c:\windows\system32\drivers\nvmf6232.sys
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-28 04:06 . 2012-07-28 04:06 8758784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 58880 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50 . 2011-04-20 02:07 20546560 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-04-20 02:09 931328 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 469504 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-28 02:08 . 2012-07-28 02:08 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-28 02:07 . 2012-06-11 17:16 6430208 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\system32\aticaldd.dll
2012-07-28 01:15 . 2011-04-20 01:23 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:14 . 2011-04-20 01:22 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 296448 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-04-20 01:21 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-28 01:13 . 2011-04-20 01:21 83456 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46 13013504 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-14 00:15 . 2012-08-14 16:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\rocketdock\RocketDock.exe" [2007-09-02 495616]
"SSS12 Browser Monitor"="d:\steganos privacy suite 12\SteganosBrowserMonitor.exe" [2011-08-18 57344]
"Steam"="d:\steam\Steam.exe" [2012-08-23 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 1681408]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 5092152]
"SSS12 HotKeys"="d:\steganos privacy suite 12\SteganosHotKeyService.exe" [2011-08-18 84480]
"SSS12 File Redirection Starter"="d:\steganos privacy suite 12\fredirstarter.exe" [2011-08-18 17408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S1 MpKsl9862028b;MpKsl9862028b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403B3E48-6563-48B8-99DB-0FE22F60D56B}\MpKsl9862028b.sys [x]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\Sleen17.sys [x]
S1 STGMFEngine32;Steganos RAM Disk Engine [Driver];c:\windows\system32\drivers\STGMFEngine32.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler32.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 18:10]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-22 16:42]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-22 16:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=4C0BF23A9232A0B36F84845047959A7C&tbp=homepage
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\frknonnv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/|hxxp://shotonline.gamescampus.eu/|hxxp://www.stayfriends.de/|hxxp://www.kicker.de/
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=4C0BF23A9232A0B36F84845047959A7C&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ipoint - c:\users\Jeff\C_1wh.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\0000005d
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2743029956-1779779573-3456650838-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,fe,00,ad,80,b3,2d,86,aa,a2,cc,d6,8e,59,dc,b8,7c,58,df,97,e5,
8c,df,22,c4,84,7c,f8,92,fe,eb,e2,a7,c7,30,bd,02,c9,b9,3f,e8,e0,3f,77,a9,47,\
"rkeysecu"=hex:22,74,fe,96,1a,d5,3d,ec,15,2a,a9,a4,3c,0b,4d,28
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-07 22:12:58
ComboFix-quarantined-files.txt 2012-09-07 20:12
.
Vor Suchlauf: 10 Verzeichnis(se), 446.732.832.768 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 446.628.110.336 Bytes frei
.
- - End Of File - - 4C3D70B3962AB9A76D8526743089A543
Muss ich jetzt noch etwas machen ? |
|
10.09.2012, 17:42
| #8 |
| /// Malware-holic | Trojanermeldung "win32/coinminer" hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.09.2012, 22:24
| #9 |
| | Trojanermeldung "win32/coinminer" Okay habe ich gemacht Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.10.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jeff :: JEFF-PC [Administrator] Schutz: Aktiviert 10.09.2012 20:59:10 mbam-log-2012-09-10 (20-59-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 514518 Laufzeit: 1 Stunde(n), 52 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\09072012_214039\C_Users\Jeff\C_1wh.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
11.09.2012, 10:15
| #10 |
| /// Malware-holic | Trojanermeldung "win32/coinminer" hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.09.2012, 11:56
| #11 |
| | Trojanermeldung "win32/coinminer" Habe ich gemacht. Zu dem noch etwas anderes ich habe mir gestern einmal Secure Banking runtergeladen von euch und Installiert und heute bekomme ich die meldung das ich ein Rootkit drauf habe und den Webbrowser nicht mehr öffnen soll bis ich Vierenfrei bin. Siehe Anhang. Code:
ATTFilter 12:54:05.0869 4180 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:54:05.0966 4180 ============================================================
12:54:05.0966 4180 Current date / time: 2012/09/11 12:54:05.0966
12:54:05.0966 4180 SystemInfo:
12:54:05.0966 4180
12:54:05.0966 4180 OS Version: 6.1.7601 ServicePack: 1.0
12:54:05.0966 4180 Product type: Workstation
12:54:05.0966 4180 ComputerName: JEFF-PC
12:54:05.0967 4180 UserName: Jeff
12:54:05.0967 4180 Windows directory: C:\Windows
12:54:05.0967 4180 System windows directory: C:\Windows
12:54:05.0967 4180 Processor architecture: Intel x86
12:54:05.0967 4180 Number of processors: 4
12:54:05.0967 4180 Page size: 0x1000
12:54:05.0967 4180 Boot type: Normal boot
12:54:05.0967 4180 ============================================================
12:54:07.0347 4180 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x6A75B7, SectorsPerTrack: 0x1C, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000050
12:54:07.0362 4180 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x2F50C, SectorsPerTrack: 0x2D, TracksPerCylinder: 0x70, Type 'K0', Flags 0x00000050
12:54:07.0367 4180 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:54:07.0367 4180 ============================================================
12:54:07.0367 4180 \Device\Harddisk0\DR0:
12:54:07.0368 4180 MBR partitions:
12:54:07.0368 4180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:54:07.0368 4180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:54:07.0368 4180 \Device\Harddisk1\DR1:
12:54:07.0368 4180 MBR partitions:
12:54:07.0368 4180 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:54:07.0368 4180 \Device\Harddisk2\DR2:
12:54:07.0368 4180 MBR partitions:
12:54:07.0368 4180 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
12:54:07.0368 4180 ============================================================
12:54:07.0387 4180 C: <-> \Device\Harddisk0\DR0\Partition2
12:54:07.0407 4180 D: <-> \Device\Harddisk1\DR1\Partition1
12:54:07.0408 4180 G: <-> \Device\Harddisk2\DR2\Partition1
12:54:07.0408 4180 ============================================================
12:54:07.0408 4180 Initialize success
12:54:07.0408 4180 ============================================================
12:54:34.0639 4784 ============================================================
12:54:34.0639 4784 Scan started
12:54:34.0639 4784 Mode: Manual; SigCheck; TDLFS;
12:54:34.0639 4784 ============================================================
12:54:36.0253 4784 ================ Scan system memory ========================
12:54:36.0253 4784 System memory - ok
12:54:36.0254 4784 ================ Scan services =============================
12:54:36.0426 4784 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:54:36.0555 4784 1394ohci - ok
12:54:36.0582 4784 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:54:36.0603 4784 ACPI - ok
12:54:36.0617 4784 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:54:36.0674 4784 AcpiPmi - ok
12:54:36.0791 4784 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:54:36.0811 4784 AdobeARMservice - ok
12:54:36.0855 4784 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:54:36.0874 4784 AdobeFlashPlayerUpdateSvc - ok
12:54:36.0905 4784 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:54:36.0928 4784 adp94xx - ok
12:54:36.0946 4784 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:54:36.0960 4784 adpahci - ok
12:54:36.0967 4784 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:54:36.0979 4784 adpu320 - ok
12:54:36.0998 4784 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:54:37.0136 4784 AeLookupSvc - ok
12:54:37.0176 4784 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:54:37.0238 4784 AFD - ok
12:54:37.0268 4784 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:54:37.0284 4784 agp440 - ok
12:54:37.0315 4784 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:54:37.0332 4784 aic78xx - ok
12:54:37.0365 4784 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:54:37.0412 4784 ALG - ok
12:54:37.0428 4784 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:54:37.0443 4784 aliide - ok
12:54:37.0474 4784 [ 87F8E98FCD859D2F0C291DCF9F1A5543 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:54:37.0583 4784 AMD External Events Utility - ok
12:54:37.0633 4784 AMD FUEL Service - ok
12:54:37.0647 4784 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:54:37.0657 4784 amdagp - ok
12:54:37.0662 4784 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:54:37.0671 4784 amdide - ok
12:54:37.0681 4784 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
12:54:37.0696 4784 amdiox86 - ok
12:54:37.0725 4784 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:54:37.0750 4784 AmdK8 - ok
12:54:37.0954 4784 [ 6617FED21C91E821E3D00484741B302F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:54:38.0355 4784 amdkmdag - ok
12:54:38.0401 4784 [ 0CD80C1ABE5507B4ADBFC8338E3698E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:54:38.0435 4784 amdkmdap - ok
12:54:38.0469 4784 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:54:38.0507 4784 AmdPPM - ok
12:54:38.0581 4784 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:54:38.0608 4784 amdsata - ok
12:54:38.0648 4784 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:54:38.0667 4784 amdsbs - ok
12:54:38.0698 4784 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:54:38.0745 4784 amdxata - ok
12:54:38.0806 4784 [ 40C15CE1B832B78CC2A2F61807058763 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
12:54:38.0833 4784 AODDriver4.1 - ok
12:54:38.0879 4784 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:54:38.0940 4784 AppID - ok
12:54:38.0985 4784 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:54:39.0033 4784 AppIDSvc - ok
12:54:39.0043 4784 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:54:39.0077 4784 Appinfo - ok
12:54:39.0128 4784 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:54:39.0162 4784 Apple Mobile Device - ok
12:54:39.0190 4784 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
12:54:39.0206 4784 arc - ok
12:54:39.0230 4784 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:54:39.0248 4784 arcsas - ok
12:54:39.0273 4784 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:54:39.0388 4784 AsyncMac - ok
12:54:39.0405 4784 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:54:39.0417 4784 atapi - ok
12:54:39.0461 4784 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
12:54:39.0472 4784 AtiHDAudioService - ok
12:54:39.0504 4784 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:54:39.0550 4784 AudioEndpointBuilder - ok
12:54:39.0570 4784 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:54:39.0593 4784 Audiosrv - ok
12:54:39.0617 4784 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:54:39.0652 4784 AxInstSV - ok
12:54:39.0712 4784 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
12:54:39.0752 4784 b06bdrv - ok
12:54:39.0773 4784 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:54:39.0813 4784 b57nd60x - ok
12:54:39.0847 4784 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:54:39.0888 4784 BDESVC - ok
12:54:39.0901 4784 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:54:39.0932 4784 Beep - ok
12:54:39.0958 4784 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:54:39.0993 4784 BFE - ok
12:54:40.0024 4784 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
12:54:40.0064 4784 BITS - ok
12:54:40.0085 4784 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:54:40.0100 4784 blbdrive - ok
12:54:40.0155 4784 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:54:40.0202 4784 Bonjour Service - ok
12:54:40.0219 4784 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:54:40.0273 4784 bowser - ok
12:54:40.0308 4784 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:54:40.0354 4784 BrFiltLo - ok
12:54:40.0364 4784 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:54:40.0421 4784 BrFiltUp - ok
12:54:40.0454 4784 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:54:40.0527 4784 BridgeMP - ok
12:54:40.0561 4784 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:54:40.0620 4784 Browser - ok
12:54:40.0655 4784 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:54:40.0687 4784 Brserid - ok
12:54:40.0700 4784 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:54:40.0725 4784 BrSerWdm - ok
12:54:40.0732 4784 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:54:40.0751 4784 BrUsbMdm - ok
12:54:40.0757 4784 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:54:40.0777 4784 BrUsbSer - ok
12:54:40.0783 4784 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:54:40.0798 4784 BTHMODEM - ok
12:54:40.0825 4784 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:54:40.0846 4784 bthserv - ok
12:54:40.0967 4784 catchme - ok
12:54:41.0001 4784 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:54:41.0055 4784 cdfs - ok
12:54:41.0098 4784 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:54:41.0129 4784 cdrom - ok
12:54:41.0162 4784 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:54:41.0201 4784 CertPropSvc - ok
12:54:41.0208 4784 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
12:54:41.0221 4784 circlass - ok
12:54:41.0238 4784 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:54:41.0251 4784 CLFS - ok
12:54:41.0327 4784 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:54:41.0356 4784 clr_optimization_v2.0.50727_32 - ok
12:54:41.0412 4784 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:54:41.0497 4784 clr_optimization_v4.0.30319_32 - ok
12:54:41.0519 4784 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:54:41.0543 4784 CmBatt - ok
12:54:41.0551 4784 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:54:41.0567 4784 cmdide - ok
12:54:41.0597 4784 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
12:54:41.0619 4784 CNG - ok
12:54:41.0624 4784 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:54:41.0633 4784 Compbatt - ok
12:54:41.0655 4784 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:54:41.0671 4784 CompositeBus - ok
12:54:41.0684 4784 COMSysApp - ok
12:54:41.0721 4784 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:54:41.0748 4784 crcdisk - ok
12:54:41.0778 4784 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:54:41.0812 4784 CryptSvc - ok
12:54:41.0848 4784 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:54:41.0898 4784 DcomLaunch - ok
12:54:41.0917 4784 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:54:41.0946 4784 defragsvc - ok
12:54:41.0967 4784 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:54:41.0991 4784 DfsC - ok
12:54:42.0034 4784 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:54:42.0098 4784 Dhcp - ok
12:54:42.0114 4784 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:54:42.0148 4784 discache - ok
12:54:42.0167 4784 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
12:54:42.0178 4784 Disk - ok
12:54:42.0208 4784 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:54:42.0247 4784 Dnscache - ok
12:54:42.0275 4784 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:54:42.0299 4784 dot3svc - ok
12:54:42.0347 4784 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:54:42.0396 4784 Dot4 - ok
12:54:42.0417 4784 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:54:42.0452 4784 Dot4Print - ok
12:54:42.0471 4784 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:54:42.0496 4784 dot4usb - ok
12:54:42.0510 4784 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:54:42.0566 4784 DPS - ok
12:54:42.0601 4784 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:54:42.0622 4784 drmkaud - ok
12:54:42.0660 4784 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:54:42.0678 4784 DXGKrnl - ok
12:54:42.0721 4784 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:54:42.0789 4784 EapHost - ok
12:54:42.0899 4784 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
12:54:43.0020 4784 ebdrv - ok
12:54:43.0041 4784 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:54:43.0098 4784 EFS - ok
12:54:43.0160 4784 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:54:43.0207 4784 ehRecvr - ok
12:54:43.0211 4784 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:54:43.0236 4784 ehSched - ok
12:54:43.0275 4784 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:54:43.0293 4784 elxstor - ok
12:54:43.0312 4784 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:54:43.0328 4784 ErrDev - ok
12:54:43.0367 4784 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:54:43.0394 4784 EventSystem - ok
12:54:43.0412 4784 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:54:43.0435 4784 exfat - ok
12:54:43.0441 4784 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:54:43.0469 4784 fastfat - ok
12:54:43.0500 4784 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:54:43.0544 4784 Fax - ok
12:54:43.0555 4784 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
12:54:43.0566 4784 fdc - ok
12:54:43.0582 4784 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:54:43.0608 4784 fdPHost - ok
12:54:43.0623 4784 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:54:43.0644 4784 FDResPub - ok
12:54:43.0649 4784 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:54:43.0661 4784 FileInfo - ok
12:54:43.0666 4784 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:54:43.0698 4784 Filetrace - ok
12:54:43.0703 4784 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:54:43.0721 4784 flpydisk - ok
12:54:43.0731 4784 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:54:43.0744 4784 FltMgr - ok
12:54:43.0769 4784 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
12:54:43.0813 4784 FontCache - ok
12:54:43.0860 4784 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:54:43.0884 4784 FontCache3.0.0.0 - ok
12:54:43.0928 4784 [ F33425DBD8CDF00C1F318BA0EDC8D048 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:54:43.0951 4784 ForceWare Intelligent Application Manager (IAM) - ok
12:54:43.0968 4784 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:54:43.0984 4784 FsDepends - ok
12:54:44.0007 4784 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:54:44.0022 4784 Fs_Rec - ok
12:54:44.0045 4784 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:54:44.0061 4784 fvevol - ok
12:54:44.0083 4784 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:54:44.0094 4784 gagp30kx - ok
12:54:44.0115 4784 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:54:44.0123 4784 GEARAspiWDM - ok
12:54:44.0150 4784 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:54:44.0199 4784 gpsvc - ok
12:54:44.0239 4784 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:44.0289 4784 gupdate - ok
12:54:44.0317 4784 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:44.0338 4784 gupdatem - ok
12:54:44.0366 4784 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:54:44.0400 4784 hcw85cir - ok
12:54:44.0442 4784 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:54:44.0472 4784 HdAudAddService - ok
12:54:44.0498 4784 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:54:44.0516 4784 HDAudBus - ok
12:54:44.0523 4784 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:54:44.0564 4784 HidBatt - ok
12:54:44.0571 4784 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:54:44.0631 4784 HidBth - ok
12:54:44.0640 4784 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:54:44.0668 4784 HidIr - ok
12:54:44.0692 4784 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
12:54:44.0791 4784 hidserv - ok
12:54:44.0806 4784 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:54:44.0833 4784 HidUsb - ok
12:54:44.0853 4784 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:54:44.0877 4784 hkmsvc - ok
12:54:44.0884 4784 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:54:44.0915 4784 HomeGroupListener - ok
12:54:44.0933 4784 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:54:44.0963 4784 HomeGroupProvider - ok
12:54:45.0054 4784 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:54:45.0083 4784 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:54:45.0083 4784 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:54:45.0108 4784 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:54:45.0123 4784 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:54:45.0123 4784 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:54:45.0146 4784 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:54:45.0160 4784 HpSAMD - ok
12:54:45.0185 4784 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:54:45.0218 4784 HTTP - ok
12:54:45.0231 4784 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:54:45.0241 4784 hwpolicy - ok
12:54:45.0265 4784 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:54:45.0286 4784 i8042prt - ok
12:54:45.0312 4784 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:54:45.0328 4784 iaStorV - ok
12:54:45.0390 4784 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:54:45.0423 4784 idsvc - ok
12:54:45.0434 4784 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:54:45.0444 4784 iirsp - ok
12:54:45.0483 4784 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:54:45.0557 4784 IKEEXT - ok
12:54:45.0573 4784 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:54:45.0583 4784 intelide - ok
12:54:45.0599 4784 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
12:54:45.0610 4784 intelppm - ok
12:54:45.0624 4784 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:54:45.0646 4784 IPBusEnum - ok
12:54:45.0652 4784 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:54:45.0687 4784 IpFilterDriver - ok
12:54:45.0744 4784 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:54:45.0779 4784 iphlpsvc - ok
12:54:45.0785 4784 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:54:45.0796 4784 IPMIDRV - ok
12:54:45.0802 4784 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:54:45.0828 4784 IPNAT - ok
12:54:45.0886 4784 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:54:45.0958 4784 iPod Service - ok
12:54:45.0995 4784 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:54:46.0015 4784 IRENUM - ok
12:54:46.0027 4784 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:54:46.0040 4784 isapnp - ok
12:54:46.0061 4784 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:54:46.0076 4784 iScsiPrt - ok
12:54:46.0083 4784 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:54:46.0093 4784 kbdclass - ok
12:54:46.0107 4784 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:54:46.0128 4784 kbdhid - ok
12:54:46.0147 4784 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:54:46.0157 4784 KeyIso - ok
12:54:46.0188 4784 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:54:46.0199 4784 KSecDD - ok
12:54:46.0209 4784 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:54:46.0222 4784 KSecPkg - ok
12:54:46.0248 4784 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:54:46.0274 4784 KtmRm - ok
12:54:46.0304 4784 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
12:54:46.0342 4784 LanmanServer - ok
12:54:46.0363 4784 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:54:46.0385 4784 LanmanWorkstation - ok
12:54:46.0413 4784 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
12:54:46.0420 4784 LGBusEnum - ok
12:54:46.0449 4784 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
12:54:46.0458 4784 LGVirHid - ok
12:54:46.0500 4784 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:54:46.0546 4784 lltdio - ok
12:54:46.0571 4784 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:54:46.0595 4784 lltdsvc - ok
12:54:46.0608 4784 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:54:46.0641 4784 lmhosts - ok
12:54:46.0671 4784 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:54:46.0683 4784 LSI_FC - ok
12:54:46.0715 4784 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:54:46.0726 4784 LSI_SAS - ok
12:54:46.0741 4784 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:54:46.0751 4784 LSI_SAS2 - ok
12:54:46.0771 4784 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:54:46.0782 4784 LSI_SCSI - ok
12:54:46.0788 4784 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:54:46.0810 4784 luafv - ok
12:54:46.0851 4784 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:54:46.0861 4784 MBAMProtector - ok
12:54:46.0902 4784 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:54:46.0917 4784 MBAMScheduler - ok
12:54:46.0956 4784 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:54:46.0985 4784 MBAMService - ok
12:54:47.0019 4784 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:54:47.0031 4784 Mcx2Svc - ok
12:54:47.0048 4784 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
12:54:47.0058 4784 megasas - ok
12:54:47.0093 4784 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:54:47.0108 4784 MegaSR - ok
12:54:47.0168 4784 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:54:47.0202 4784 Microsoft Office Groove Audit Service - ok
12:54:47.0239 4784 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:54:47.0276 4784 MMCSS - ok
12:54:47.0292 4784 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:54:47.0327 4784 Modem - ok
12:54:47.0364 4784 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:54:47.0397 4784 monitor - ok
12:54:47.0413 4784 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:54:47.0428 4784 mouclass - ok
12:54:47.0435 4784 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:54:47.0458 4784 mouhid - ok
12:54:47.0464 4784 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:54:47.0480 4784 mountmgr - ok
12:54:47.0528 4784 [ 145C5465B8F99E9D8360AF852A17DC78 ] MouseWithoutBordersSvc C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe
12:54:47.0532 4784 MouseWithoutBordersSvc ( UnsignedFile.Multi.Generic ) - warning
12:54:47.0533 4784 MouseWithoutBordersSvc - detected UnsignedFile.Multi.Generic (1)
12:54:47.0565 4784 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:54:47.0578 4784 MpFilter - ok
12:54:47.0604 4784 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:54:47.0616 4784 mpio - ok
12:54:47.0739 4784 [ A69630D039C38018689190234F866D77 ] MpKslcb1861bd C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67C84619-D82C-4933-AA0E-D3365C7A3D06}\MpKslcb1861bd.sys
12:54:47.0763 4784 MpKslcb1861bd - ok
12:54:47.0780 4784 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:54:47.0812 4784 mpsdrv - ok
12:54:47.0843 4784 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:54:47.0891 4784 MpsSvc - ok
12:54:47.0905 4784 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:54:47.0925 4784 MRxDAV - ok
12:54:47.0955 4784 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:54:47.0975 4784 mrxsmb - ok
12:54:47.0995 4784 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:54:48.0016 4784 mrxsmb10 - ok
12:54:48.0034 4784 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:54:48.0072 4784 mrxsmb20 - ok
12:54:48.0094 4784 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:54:48.0120 4784 msahci - ok
12:54:48.0137 4784 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:54:48.0155 4784 msdsm - ok
12:54:48.0177 4784 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:54:48.0207 4784 MSDTC - ok
12:54:48.0225 4784 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:54:48.0258 4784 Msfs - ok
12:54:48.0267 4784 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:54:48.0299 4784 mshidkmdf - ok
12:54:48.0304 4784 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:54:48.0315 4784 msisadrv - ok
12:54:48.0334 4784 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:54:48.0367 4784 MSiSCSI - ok
12:54:48.0372 4784 msiserver - ok
12:54:48.0394 4784 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:54:48.0416 4784 MSKSSRV - ok
12:54:48.0472 4784 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:54:48.0500 4784 MsMpSvc - ok
12:54:48.0516 4784 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:54:48.0560 4784 MSPCLOCK - ok
12:54:48.0574 4784 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:54:48.0605 4784 MSPQM - ok
12:54:48.0627 4784 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:54:48.0640 4784 MsRPC - ok
12:54:48.0649 4784 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:54:48.0658 4784 mssmbios - ok
12:54:48.0664 4784 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:54:48.0685 4784 MSTEE - ok
12:54:48.0718 4784 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:54:48.0734 4784 MTConfig - ok
12:54:48.0739 4784 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:54:48.0750 4784 Mup - ok
12:54:48.0780 4784 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:54:48.0805 4784 napagent - ok
12:54:48.0833 4784 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:54:48.0861 4784 NativeWifiP - ok
12:54:48.0885 4784 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:54:48.0908 4784 NDIS - ok
12:54:48.0917 4784 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:54:48.0947 4784 NdisCap - ok
12:54:48.0963 4784 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:54:48.0995 4784 NdisTapi - ok
12:54:49.0000 4784 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:54:49.0020 4784 Ndisuio - ok
12:54:49.0026 4784 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:54:49.0057 4784 NdisWan - ok
12:54:49.0062 4784 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:54:49.0083 4784 NDProxy - ok
12:54:49.0120 4784 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:54:49.0125 4784 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:54:49.0125 4784 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:54:49.0131 4784 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:54:49.0165 4784 NetBIOS - ok
12:54:49.0171 4784 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:54:49.0202 4784 NetBT - ok
12:54:49.0219 4784 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:54:49.0229 4784 Netlogon - ok
12:54:49.0267 4784 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:54:49.0292 4784 Netman - ok
12:54:49.0307 4784 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:54:49.0337 4784 netprofm - ok
12:54:49.0356 4784 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:54:49.0367 4784 NetTcpPortSharing - ok
12:54:49.0419 4784 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:54:49.0429 4784 nfrd960 - ok
12:54:49.0480 4784 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:54:49.0507 4784 NisDrv - ok
12:54:49.0543 4784 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
12:54:49.0564 4784 NisSrv - ok
12:54:49.0604 4784 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:54:49.0647 4784 NlaSvc - ok
12:54:49.0659 4784 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:54:49.0695 4784 Npfs - ok
12:54:49.0700 4784 npggsvc - ok
12:54:49.0732 4784 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:54:49.0781 4784 nsi - ok
12:54:49.0787 4784 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:54:49.0809 4784 nsiproxy - ok
12:54:49.0837 4784 [ 84A1A494791DA6AC7292D82F97E40BEC ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:54:49.0849 4784 nSvcIp - ok
12:54:49.0908 4784 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:54:49.0973 4784 Ntfs - ok
12:54:49.0985 4784 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:54:50.0006 4784 Null - ok
12:54:50.0041 4784 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
12:54:50.0056 4784 NVENETFD - ok
12:54:50.0083 4784 [ D22E432E402499AC264A113D7168B91F ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
12:54:50.0095 4784 NVNET - ok
12:54:50.0127 4784 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:54:50.0139 4784 nvraid - ok
12:54:50.0157 4784 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:54:50.0169 4784 nvstor - ok
12:54:50.0195 4784 [ 032EF66DD96692AD3A9D36160F467F67 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
12:54:50.0206 4784 nvstor32 - ok
12:54:50.0216 4784 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:54:50.0228 4784 nv_agp - ok
12:54:50.0299 4784 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:54:50.0356 4784 odserv - ok
12:54:50.0380 4784 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:54:50.0410 4784 ohci1394 - ok
12:54:50.0876 4784 [ 0636B4C097E5E388A2DC8C8D6C4A0E78 ] OpenVPNService D:\OpenVPN\bin\openvpnserv.exe
12:54:50.0936 4784 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
12:54:50.0937 4784 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
12:54:50.0976 4784 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:50.0988 4784 ose - ok
12:54:51.0036 4784 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:54:51.0088 4784 p2pimsvc - ok
12:54:51.0132 4784 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:54:51.0161 4784 p2psvc - ok
12:54:51.0193 4784 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:54:51.0209 4784 Parport - ok
12:54:51.0232 4784 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:54:51.0248 4784 partmgr - ok
12:54:51.0266 4784 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:54:51.0281 4784 Parvdm - ok
12:54:51.0293 4784 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:54:51.0316 4784 PcaSvc - ok
12:54:51.0325 4784 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:54:51.0336 4784 pci - ok
12:54:51.0341 4784 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:54:51.0352 4784 pciide - ok
12:54:51.0372 4784 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:54:51.0385 4784 pcmcia - ok
12:54:51.0390 4784 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:54:51.0401 4784 pcw - ok
12:54:51.0429 4784 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:54:51.0470 4784 PEAUTH - ok
12:54:51.0527 4784 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:54:51.0591 4784 pla - ok
12:54:51.0634 4784 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:54:51.0708 4784 PlugPlay - ok
12:54:51.0751 4784 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:54:51.0762 4784 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:54:51.0762 4784 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:54:51.0795 4784 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
12:54:51.0805 4784 PnkBstrA - ok
12:54:51.0823 4784 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:54:51.0845 4784 PNRPAutoReg - ok
12:54:51.0866 4784 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:54:51.0877 4784 PNRPsvc - ok
12:54:51.0901 4784 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:54:51.0932 4784 PolicyAgent - ok
12:54:51.0955 4784 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:54:51.0987 4784 Power - ok
12:54:52.0017 4784 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:54:52.0050 4784 PptpMiniport - ok
12:54:52.0059 4784 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
12:54:52.0080 4784 Processor - ok
12:54:52.0095 4784 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:54:52.0153 4784 ProfSvc - ok
12:54:52.0181 4784 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:54:52.0197 4784 ProtectedStorage - ok
12:54:52.0224 4784 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:54:52.0257 4784 Psched - ok
12:54:52.0347 4784 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:54:52.0423 4784 ql2300 - ok
12:54:52.0451 4784 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:54:52.0463 4784 ql40xx - ok
12:54:52.0495 4784 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:54:52.0523 4784 QWAVE - ok
12:54:52.0557 4784 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:54:52.0570 4784 QWAVEdrv - ok
12:54:52.0623 4784 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:54:52.0683 4784 RasAcd - ok
12:54:52.0723 4784 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:54:52.0778 4784 RasAgileVpn - ok
12:54:52.0796 4784 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:54:52.0838 4784 RasAuto - ok
12:54:52.0855 4784 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:54:52.0887 4784 Rasl2tp - ok
12:54:52.0909 4784 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:54:52.0947 4784 RasMan - ok
12:54:52.0953 4784 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:54:52.0974 4784 RasPppoe - ok
12:54:52.0980 4784 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:54:53.0006 4784 RasSstp - ok
12:54:53.0021 4784 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:54:53.0050 4784 rdbss - ok
12:54:53.0059 4784 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:54:53.0071 4784 rdpbus - ok
12:54:53.0083 4784 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:54:53.0111 4784 RDPCDD - ok
12:54:53.0129 4784 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:54:53.0159 4784 RDPENCDD - ok
12:54:53.0166 4784 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:54:53.0195 4784 RDPREFMP - ok
12:54:53.0223 4784 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:54:53.0272 4784 RDPWD - ok
12:54:53.0313 4784 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:54:53.0342 4784 rdyboost - ok
12:54:53.0369 4784 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:54:53.0399 4784 RemoteAccess - ok
12:54:53.0421 4784 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:54:53.0445 4784 RemoteRegistry - ok
12:54:53.0455 4784 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:54:53.0489 4784 RpcEptMapper - ok
12:54:53.0512 4784 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:54:53.0534 4784 RpcLocator - ok
12:54:53.0551 4784 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:54:53.0575 4784 RpcSs - ok
12:54:53.0601 4784 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:54:53.0635 4784 rspndr - ok
12:54:53.0646 4784 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:54:53.0656 4784 SamSs - ok
12:54:53.0673 4784 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:54:53.0685 4784 sbp2port - ok
12:54:53.0735 4784 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:54:53.0800 4784 SCardSvr - ok
12:54:53.0806 4784 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:54:53.0840 4784 scfilter - ok
12:54:53.0866 4784 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:54:53.0943 4784 Schedule - ok
12:54:53.0953 4784 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:54:53.0983 4784 SCPolicySvc - ok
12:54:53.0994 4784 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:54:54.0020 4784 SDRSVC - ok
12:54:54.0037 4784 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:54:54.0059 4784 secdrv - ok
12:54:54.0067 4784 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:54:54.0098 4784 seclogon - ok
12:54:54.0114 4784 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
12:54:54.0143 4784 SENS - ok
12:54:54.0161 4784 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:54:54.0179 4784 SensrSvc - ok
12:54:54.0184 4784 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:54:54.0195 4784 Serenum - ok
12:54:54.0210 4784 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:54:54.0235 4784 Serial - ok
12:54:54.0246 4784 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:54:54.0256 4784 sermouse - ok
12:54:54.0270 4784 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:54:54.0292 4784 SessionEnv - ok
12:54:54.0297 4784 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:54:54.0318 4784 sffdisk - ok
12:54:54.0323 4784 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:54:54.0335 4784 sffp_mmc - ok
12:54:54.0340 4784 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:54:54.0355 4784 sffp_sd - ok
12:54:54.0361 4784 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:54:54.0374 4784 sfloppy - ok
12:54:54.0401 4784 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:54:54.0435 4784 SharedAccess - ok
12:54:54.0453 4784 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:54:54.0488 4784 ShellHWDetection - ok
12:54:54.0494 4784 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:54:54.0504 4784 sisagp - ok
12:54:54.0535 4784 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:54:54.0545 4784 SiSRaid2 - ok
12:54:54.0562 4784 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:54:54.0574 4784 SiSRaid4 - ok
12:54:54.0592 4784 [ EACA11D07D7E74D72B913089B75B1416 ] SLEE_17_DRIVER C:\Windows\system32\drivers\Sleen17.sys
12:54:54.0632 4784 SLEE_17_DRIVER - ok
12:54:54.0665 4784 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:54:54.0718 4784 Smb - ok
12:54:54.0755 4784 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:54:54.0766 4784 SNMPTRAP - ok
12:54:54.0773 4784 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:54:54.0783 4784 spldr - ok
12:54:54.0814 4784 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:54:54.0847 4784 Spooler - ok
12:54:54.0954 4784 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:54:55.0083 4784 sppsvc - ok
12:54:55.0093 4784 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:54:55.0115 4784 sppuinotify - ok
12:54:55.0133 4784 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:54:55.0172 4784 srv - ok
12:54:55.0180 4784 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:54:55.0211 4784 srv2 - ok
12:54:55.0225 4784 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:54:55.0244 4784 srvnet - ok
12:54:55.0259 4784 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:54:55.0284 4784 SSDPSRV - ok
12:54:55.0291 4784 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:54:55.0322 4784 SstpSvc - ok
12:54:55.0374 4784 Steam Client Service - ok
12:54:55.0410 4784 [ D1B2EC20D19D843A5997E6C47CE61825 ] Steganos Volatile Disk C:\Windows\system32\STGRAMDiskHandler32.exe
12:54:55.0446 4784 Steganos Volatile Disk ( UnsignedFile.Multi.Generic ) - warning
12:54:55.0446 4784 Steganos Volatile Disk - detected UnsignedFile.Multi.Generic (1)
12:54:55.0465 4784 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:54:55.0481 4784 stexstor - ok
12:54:55.0501 4784 [ E5D761276CBF76155BEBEF33A9DA0590 ] STGMFEngine32 C:\Windows\system32\drivers\STGMFEngine32.sys
12:54:55.0530 4784 STGMFEngine32 ( UnsignedFile.Multi.Generic ) - warning
12:54:55.0530 4784 STGMFEngine32 - detected UnsignedFile.Multi.Generic (1)
12:54:55.0565 4784 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:54:55.0603 4784 StiSvc - ok
12:54:55.0617 4784 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:54:55.0625 4784 swenum - ok
12:54:55.0649 4784 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:54:55.0686 4784 swprv - ok
12:54:55.0750 4784 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:54:55.0815 4784 SysMain - ok
12:54:55.0832 4784 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:54:55.0854 4784 TabletInputService - ok
12:54:55.0877 4784 [ 8348170623EFA63E8E9A8D234B5D350F ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
12:54:55.0961 4784 tap0901 - ok
12:54:55.0975 4784 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:54:56.0031 4784 TapiSrv - ok
12:54:56.0037 4784 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:54:56.0060 4784 TBS - ok
12:54:56.0127 4784 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:54:56.0203 4784 Tcpip - ok
12:54:56.0243 4784 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:54:56.0268 4784 TCPIP6 - ok
12:54:56.0289 4784 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:54:56.0343 4784 tcpipreg - ok
12:54:56.0360 4784 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:54:56.0392 4784 TDPIPE - ok
12:54:56.0419 4784 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:54:56.0431 4784 TDTCP - ok
12:54:56.0437 4784 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:54:56.0460 4784 tdx - ok
12:54:56.0595 4784 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:54:56.0647 4784 TeamViewer7 - ok
12:54:56.0654 4784 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:54:56.0664 4784 TermDD - ok
12:54:56.0731 4784 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:54:56.0786 4784 TermService - ok
12:54:56.0803 4784 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:54:56.0823 4784 Themes - ok
12:54:56.0834 4784 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:54:56.0856 4784 THREADORDER - ok
12:54:56.0867 4784 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:54:56.0896 4784 TrkWks - ok
12:54:56.0940 4784 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:54:56.0987 4784 TrustedInstaller - ok
12:54:57.0012 4784 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:54:57.0064 4784 tssecsrv - ok
12:54:57.0083 4784 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:54:57.0117 4784 TsUsbFlt - ok
12:54:57.0132 4784 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:54:57.0144 4784 TsUsbGD - ok
12:54:57.0159 4784 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:54:57.0182 4784 tunnel - ok
12:54:57.0187 4784 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:54:57.0198 4784 uagp35 - ok
12:54:57.0205 4784 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:54:57.0236 4784 udfs - ok
12:54:57.0268 4784 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:54:57.0287 4784 UI0Detect - ok
12:54:57.0312 4784 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:54:57.0389 4784 uliagpkx - ok
12:54:57.0552 4784 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:54:57.0696 4784 umbus - ok
12:54:57.0735 4784 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
12:54:57.0771 4784 UmPass - ok
12:54:57.0798 4784 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:54:57.0837 4784 upnphost - ok
12:54:57.0874 4784 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:54:57.0886 4784 usbaudio - ok
12:54:57.0904 4784 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:54:57.0923 4784 usbccgp - ok
12:54:57.0937 4784 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:54:57.0950 4784 usbcir - ok
12:54:57.0968 4784 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:54:57.0983 4784 usbehci - ok
12:54:58.0000 4784 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:54:58.0014 4784 usbhub - ok
12:54:58.0021 4784 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:54:58.0045 4784 usbohci - ok
12:54:58.0061 4784 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:54:58.0081 4784 usbprint - ok
12:54:58.0101 4784 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:54:58.0113 4784 usbscan - ok
12:54:58.0135 4784 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:54:58.0191 4784 USBSTOR - ok
12:54:58.0206 4784 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:54:58.0226 4784 usbuhci - ok
12:54:58.0243 4784 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:54:58.0270 4784 UxSms - ok
12:54:58.0283 4784 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:54:58.0293 4784 VaultSvc - ok
12:54:58.0319 4784 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:54:58.0329 4784 vdrvroot - ok
12:54:58.0350 4784 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:54:58.0385 4784 vds - ok
12:54:58.0400 4784 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:54:58.0419 4784 vga - ok
12:54:58.0424 4784 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:54:58.0446 4784 VgaSave - ok
12:54:58.0453 4784 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:54:58.0465 4784 vhdmp - ok
12:54:58.0484 4784 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:54:58.0496 4784 viaagp - ok
12:54:58.0508 4784 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:54:58.0532 4784 ViaC7 - ok
12:54:58.0581 4784 [ F27C1D81ED7DACA5B1A539745A4EF710 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:54:58.0626 4784 VIAHdAudAddService - ok
12:54:58.0640 4784 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:54:58.0651 4784 viaide - ok
12:54:58.0666 4784 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:54:58.0675 4784 volmgr - ok
12:54:58.0683 4784 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:54:58.0698 4784 volmgrx - ok
12:54:58.0730 4784 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:54:58.0744 4784 volsnap - ok
12:54:58.0767 4784 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:54:58.0780 4784 vsmraid - ok
12:54:58.0811 4784 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:54:58.0886 4784 VSS - ok
12:54:58.0897 4784 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:54:58.0916 4784 vwifibus - ok
12:54:58.0939 4784 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:54:58.0970 4784 W32Time - ok
12:54:58.0989 4784 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:54:59.0079 4784 WacomPen - ok
12:54:59.0111 4784 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:54:59.0194 4784 WANARP - ok
12:54:59.0199 4784 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:54:59.0222 4784 Wanarpv6 - ok
12:54:59.0264 4784 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:54:59.0312 4784 wbengine - ok
12:54:59.0331 4784 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:54:59.0355 4784 WbioSrvc - ok
12:54:59.0362 4784 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:54:59.0379 4784 wcncsvc - ok
12:54:59.0390 4784 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:54:59.0407 4784 WcsPlugInService - ok
12:54:59.0429 4784 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
12:54:59.0439 4784 Wd - ok
12:54:59.0461 4784 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:54:59.0479 4784 Wdf01000 - ok
12:54:59.0494 4784 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:54:59.0651 4784 WdiServiceHost - ok
12:54:59.0661 4784 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:54:59.0679 4784 WdiSystemHost - ok
12:54:59.0710 4784 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:54:59.0736 4784 WebClient - ok
12:54:59.0754 4784 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:54:59.0785 4784 Wecsvc - ok
12:54:59.0791 4784 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:54:59.0811 4784 wercplsupport - ok
12:54:59.0845 4784 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:54:59.0914 4784 WerSvc - ok
12:54:59.0931 4784 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:54:59.0957 4784 WfpLwf - ok
12:54:59.0976 4784 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:54:59.0986 4784 WIMMount - ok
12:55:00.0041 4784 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:55:00.0085 4784 WinDefend - ok
12:55:00.0091 4784 WinHttpAutoProxySvc - ok
12:55:00.0135 4784 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:55:00.0157 4784 Winmgmt - ok
12:55:00.0194 4784 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:55:00.0259 4784 WinRM - ok
12:55:00.0288 4784 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
12:55:00.0308 4784 WinUSB - ok
12:55:00.0407 4784 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:55:00.0514 4784 Wlansvc - ok
12:55:00.0542 4784 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:55:00.0569 4784 WmiAcpi - ok
12:55:00.0601 4784 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:55:00.0626 4784 wmiApSrv - ok
12:55:00.0743 4784 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:55:00.0833 4784 WMPNetworkSvc - ok
12:55:00.0859 4784 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:55:00.0875 4784 WPCSvc - ok
12:55:00.0889 4784 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:55:00.0908 4784 WPDBusEnum - ok
12:55:00.0925 4784 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:55:00.0960 4784 ws2ifsl - ok
12:55:00.0972 4784 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:55:00.0987 4784 wscsvc - ok
12:55:00.0991 4784 WSearch - ok
12:55:01.0076 4784 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:55:01.0148 4784 wuauserv - ok
12:55:01.0155 4784 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:55:01.0184 4784 WudfPf - ok
12:55:01.0213 4784 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:55:01.0242 4784 WUDFRd - ok
12:55:01.0261 4784 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:55:01.0283 4784 wudfsvc - ok
12:55:01.0298 4784 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:55:01.0325 4784 WwanSvc - ok
12:55:01.0347 4784 ================ Scan global ===============================
12:55:01.0377 4784 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:55:01.0413 4784 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:55:01.0445 4784 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:55:01.0475 4784 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:55:01.0508 4784 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:55:01.0530 4784 [Global] - ok
12:55:01.0531 4784 ================ Scan MBR ==================================
12:55:01.0551 4784 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:55:01.0791 4784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:55:01.0792 4784 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:55:01.0800 4784 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:55:02.0296 4784 \Device\Harddisk1\DR1 - ok
12:55:02.0305 4784 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
12:55:03.0070 4784 \Device\Harddisk2\DR2 - ok
12:55:03.0071 4784 ================ Scan VBR ==================================
12:55:03.0077 4784 [ CD687E89D8F9B19FEB9F4E7A83670A58 ] \Device\Harddisk0\DR0\Partition1
12:55:03.0081 4784 \Device\Harddisk0\DR0\Partition1 - ok
12:55:03.0100 4784 [ 609CFBB2B39BFCD62B2F57BABD5CBE94 ] \Device\Harddisk0\DR0\Partition2
12:55:03.0103 4784 \Device\Harddisk0\DR0\Partition2 - ok
12:55:03.0111 4784 [ 7A1133DEB22DB18FAEA9F7FC67895DA6 ] \Device\Harddisk1\DR1\Partition1
12:55:03.0114 4784 \Device\Harddisk1\DR1\Partition1 - ok
12:55:03.0120 4784 [ F83A4C3EAAA10C6D06F9449DF528495D ] \Device\Harddisk2\DR2\Partition1
12:55:03.0121 4784 \Device\Harddisk2\DR2\Partition1 - ok
12:55:03.0123 4784 ============================================================
12:55:03.0123 4784 Scan finished
12:55:03.0123 4784 ============================================================
12:55:03.0137 5956 Detected object count: 9
12:55:03.0137 5956 Actual detected object count: 9
12:55:10.0627 5956 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0628 5956 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0632 5956 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0632 5956 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0636 5956 MouseWithoutBordersSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0636 5956 MouseWithoutBordersSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0640 5956 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0640 5956 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0644 5956 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0644 5956 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0646 5956 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0647 5956 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0649 5956 Steganos Volatile Disk ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0649 5956 Steganos Volatile Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0651 5956 STGMFEngine32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0651 5956 STGMFEngine32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0654 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:55:10.0654 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Geändert von reyman (11.09.2012 um 12:04 Uhr) Grund: extra text |
|
11.09.2012, 13:33
| #12 |
| /// Malware-holic | Trojanermeldung "win32/coinminer" ja, das sehe ich in dem log auch, in dem vom tdss killer 12:55:10.0654 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user diesen fund, über continue entfernen lassen, dann neustarten. danach neues tdss killer log posten. nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtigs, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.09.2012, 13:52
| #13 |
| | Trojanermeldung "win32/coinminer" Ja benutze diesen Pc für alle diese dinge. nur diesen einen Fund ? Weil er hat ja 9 gefunden. Ich kann den log weder posten noch anhängen da er zu groß ist was mache ich da am besten ? /edit: hab den log im Uploadchannel hochgeladen wie du mir das auf Seite 1 gesagt hattest Geändert von reyman (11.09.2012 um 14:22 Uhr) |
|
11.09.2012, 14:13
| #14 |
| /// Malware-holic | Trojanermeldung "win32/coinminer" dann das log bitte packen und hier anhängen, nciht im upload channel, und ja, nur den einen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.09.2012, 14:23
| #15 |
| | Trojanermeldung "win32/coinminer" Sorry für den Fehler. Habe nun oben editiert und angehängt |
|
| Themen zu Trojanermeldung "win32/coinminer" |
| 32 bit, anhang, beitrag, datei, erstellung, essen, extras, gmer, löschen, microsoft, miner, neue, neuen, neustart, quarantäne, rar datei, scan, scanner, security, tagen, themas, troja, trojanermeldung, virenscan, virenscanner, win |
Linear-Darstellung
