Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan.Proxy (https://www.trojaner-board.de/119658-trojan-proxy.html)

Stumped 16.07.2012 18:41
Trojan.Proxy
 
Hallo

Das hat gerade Malwarebytes gefunden bei mir.
Hier der Report.



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Roy :: ROY-PC [Administrator]

16.07.2012 19:29:22
mbam-log-2012-07-16 (19-29-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 189080
Laufzeit: 5 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Daten: C:\Users\Roy\AppData\Roaming\Identities\{1A49C09D-355A-4FBE-BDC0-09EEF2C64178}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Danke für jeden der helfen kann und will.:bussi:

markusg 17.07.2012 19:08
hi
bei deinem nicht geupdateten windows wunderst du dich über malware?
nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?

Stumped 17.07.2012 19:45
Nein.
Vor längerer Zeit mal was bei Amazon bestellt sonst nichts..

markusg 19.07.2012 22:03
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Stumped 21.07.2012 09:02
09:54:12.0943 4616 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
09:54:13.0340 4616 ============================================================
09:54:13.0340 4616 Current date / time: 2012/07/21 09:54:13.0340
09:54:13.0340 4616 SystemInfo:
09:54:13.0340 4616
09:54:13.0340 4616 OS Version: 6.0.6002 ServicePack: 2.0
09:54:13.0340 4616 Product type: Workstation
09:54:13.0340 4616 ComputerName: ROY-PC
09:54:13.0340 4616 UserName: Roy
09:54:13.0340 4616 Windows directory: C:\Windows
09:54:13.0340 4616 System windows directory: C:\Windows
09:54:13.0341 4616 Processor architecture: Intel x86
09:54:13.0341 4616 Number of processors: 2
09:54:13.0341 4616 Page size: 0x1000
09:54:13.0341 4616 Boot type: Normal boot
09:54:13.0341 4616 ============================================================
09:54:16.0438 4616 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:54:16.0440 4616 ============================================================
09:54:16.0440 4616 \Device\Harddisk0\DR0:
09:54:16.0449 4616 MBR partitions:
09:54:16.0449 4616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x1BE3C800
09:54:16.0449 4616 ============================================================
09:54:16.0523 4616 C: <-> \Device\Harddisk0\DR0\Partition0
09:54:16.0523 4616 ============================================================
09:54:16.0523 4616 Initialize success
09:54:16.0523 4616 ============================================================
09:54:56.0084 5888 ============================================================
09:54:56.0084 5888 Scan started
09:54:56.0084 5888 Mode: Manual; SigCheck; TDLFS;
09:54:56.0084 5888 ============================================================
09:55:08.0384 5888 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:55:08.0879 5888 ACPI - ok
09:55:09.0119 5888 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:55:09.0147 5888 AdobeFlashPlayerUpdateSvc - ok
09:55:09.0290 5888 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
09:55:09.0857 5888 adp94xx - ok
09:55:10.0060 5888 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
09:55:10.0199 5888 adpahci - ok
09:55:10.0308 5888 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
09:55:10.0421 5888 adpu160m - ok
09:55:10.0698 5888 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
09:55:10.0813 5888 adpu320 - ok
09:55:11.0859 5888 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:55:13.0867 5888 AeLookupSvc - ok
09:55:14.0781 5888 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:55:15.0163 5888 AFD - ok
09:55:15.0622 5888 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
09:55:15.0726 5888 agp440 - ok
09:55:16.0457 5888 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:55:18.0276 5888 aic78xx - ok
09:55:18.0302 5888 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:55:20.0939 5888 ALG - ok
09:55:21.0135 5888 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
09:55:21.0554 5888 aliide - ok
09:55:21.0977 5888 ALSysIO - ok
09:55:23.0139 5888 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
09:55:23.0267 5888 amdagp - ok
09:55:23.0660 5888 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
09:55:23.0825 5888 amdide - ok
09:55:24.0211 5888 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
09:55:24.0659 5888 AmdK7 - ok
09:55:24.0790 5888 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
09:55:24.0878 5888 AmdK8 - ok
09:55:26.0634 5888 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:55:26.0709 5888 AntiVirSchedulerService - ok
09:55:26.0997 5888 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:55:27.0100 5888 AntiVirService - ok
09:55:27.0116 5888 ApfiltrService - ok
09:55:27.0342 5888 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:55:27.0752 5888 Appinfo - ok
09:55:27.0941 5888 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
09:55:28.0034 5888 arc - ok
09:55:28.0082 5888 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
09:55:28.0142 5888 arcsas - ok
09:55:28.0374 5888 ASLDRService (66597ad6098352d11239c0c42100b176) C:\Program Files\ATK Hotkey\ASLDRSrv.exe
09:55:28.0496 5888 ASLDRService ( UnsignedFile.Multi.Generic ) - warning
09:55:28.0496 5888 ASLDRService - detected UnsignedFile.Multi.Generic (1)
09:55:28.0552 5888 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:55:28.0666 5888 AsyncMac - ok
09:55:28.0780 5888 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:55:28.0791 5888 atapi - ok
09:55:29.0608 5888 athr (51edff187ed6d0275be0867e9c113693) C:\Windows\system32\DRIVERS\athr.sys
09:55:30.0050 5888 athr - ok
09:55:30.0287 5888 Ati External Event Utility (ced8a3d0da7803cc755a21d78d326139) C:\Windows\system32\Ati2evxx.exe
09:55:30.0615 5888 Ati External Event Utility - ok
09:55:31.0686 5888 atikmdag (8ce91545423a431353869ed5ade90ece) C:\Windows\system32\DRIVERS\atikmdag.sys
09:55:31.0887 5888 atikmdag - ok
09:55:32.0112 5888 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:55:32.0177 5888 AudioEndpointBuilder - ok
09:55:32.0184 5888 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:55:32.0210 5888 Audiosrv - ok
09:55:32.0767 5888 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
09:55:33.0522 5888 avgntflt - ok
09:55:33.0565 5888 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
09:55:33.0653 5888 avipbb - ok
09:55:33.0754 5888 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
09:55:33.0844 5888 avkmgr - ok
09:55:33.0937 5888 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:55:34.0029 5888 Beep - ok
09:55:34.0090 5888 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
09:55:34.0325 5888 BFE - ok
09:55:34.0506 5888 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
09:55:34.0774 5888 BITS - ok
09:55:34.0845 5888 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
09:55:34.0978 5888 blbdrive - ok
09:55:35.0024 5888 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:55:35.0156 5888 bowser - ok
09:55:35.0362 5888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:55:35.0449 5888 BrFiltLo - ok
09:55:35.0478 5888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:55:35.0553 5888 BrFiltUp - ok
09:55:35.0597 5888 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:55:35.0674 5888 Browser - ok
09:55:35.0812 5888 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:55:36.0278 5888 Brserid - ok
09:55:36.0322 5888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:55:36.0443 5888 BrSerWdm - ok
09:55:36.0484 5888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:55:36.0578 5888 BrUsbMdm - ok
09:55:36.0608 5888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:55:36.0697 5888 BrUsbSer - ok
09:55:36.0816 5888 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
09:55:37.0058 5888 BthEnum - ok
09:55:37.0174 5888 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:55:37.0373 5888 BTHMODEM - ok
09:55:37.0872 5888 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
09:55:38.0004 5888 BthPan - ok
09:55:38.0571 5888 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
09:55:38.0730 5888 BTHPORT - ok
09:55:38.0992 5888 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
09:55:39.0177 5888 BthServ - ok
09:55:39.0363 5888 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
09:55:39.0511 5888 BTHUSB - ok
09:55:39.0542 5888 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:55:39.0744 5888 cdfs - ok
09:55:40.0176 5888 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:55:40.0677 5888 cdrom - ok
09:55:41.0026 5888 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:55:41.0078 5888 CertPropSvc - ok
09:55:41.0314 5888 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
09:55:41.0424 5888 circlass - ok
09:55:41.0464 5888 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:55:41.0531 5888 CLFS - ok
09:55:41.0735 5888 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:55:41.0772 5888 clr_optimization_v2.0.50727_32 - ok
09:55:41.0974 5888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:55:41.0990 5888 clr_optimization_v4.0.30319_32 - ok
09:55:42.0251 5888 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:55:42.0707 5888 CmBatt - ok
09:55:42.0944 5888 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
09:55:43.0024 5888 cmdide - ok
09:55:43.0180 5888 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:55:43.0272 5888 Compbatt - ok
09:55:43.0277 5888 COMSysApp - ok
09:55:43.0404 5888 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
09:55:43.0477 5888 crcdisk - ok
09:55:43.0501 5888 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
09:55:43.0579 5888 Crusoe - ok
09:55:43.0785 5888 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
09:55:43.0811 5888 CryptSvc - ok
09:55:44.0117 5888 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:55:44.0372 5888 DcomLaunch - ok
09:55:44.0579 5888 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:55:44.0844 5888 DfsC - ok
09:55:45.0373 5888 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
09:55:45.0767 5888 DFSR - ok
09:55:46.0210 5888 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
09:55:46.0245 5888 Dhcp - ok
09:55:46.0305 5888 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:55:46.0354 5888 disk - ok
09:55:46.0747 5888 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
09:55:46.0785 5888 Dnscache - ok
09:55:46.0967 5888 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
09:55:46.0993 5888 dot3svc - ok
09:55:48.0048 5888 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:55:48.0104 5888 DPS - ok
09:55:48.0165 5888 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:55:48.0224 5888 drmkaud - ok
09:55:48.0439 5888 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
09:55:48.0584 5888 DXGKrnl - ok
09:55:48.0631 5888 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:55:48.0725 5888 E1G60 - ok
09:55:48.0797 5888 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:55:48.0839 5888 EapHost - ok
09:55:48.0879 5888 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:55:48.0942 5888 Ecache - ok
09:55:49.0035 5888 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
09:55:49.0112 5888 ehRecvr - ok
09:55:49.0133 5888 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
09:55:49.0177 5888 ehSched - ok
09:55:49.0193 5888 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
09:55:49.0221 5888 ehstart - ok
09:55:49.0324 5888 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
09:55:49.0378 5888 elxstor - ok
09:55:49.0432 5888 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
09:55:49.0627 5888 EMDMgmt - ok
09:55:49.0776 5888 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
09:55:49.0830 5888 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
09:55:49.0830 5888 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
09:55:49.0876 5888 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
09:55:49.0919 5888 ErrDev - ok
09:55:50.0103 5888 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
09:55:50.0259 5888 EventSystem - ok
09:55:50.0377 5888 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:55:50.0551 5888 exfat - ok
09:55:50.0600 5888 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:55:50.0688 5888 fastfat - ok
09:55:50.0711 5888 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:55:50.0842 5888 fdc - ok
09:55:50.0879 5888 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:55:50.0908 5888 fdPHost - ok
09:55:50.0915 5888 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:55:50.0992 5888 FDResPub - ok
09:55:51.0121 5888 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:55:51.0325 5888 FileInfo - ok
09:55:51.0385 5888 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:55:51.0450 5888 Filetrace - ok
09:55:51.0497 5888 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:55:51.0553 5888 flpydisk - ok
09:55:51.0686 5888 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:55:51.0868 5888 FltMgr - ok
09:55:52.0004 5888 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:55:52.0022 5888 FontCache3.0.0.0 - ok
09:55:52.0160 5888 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:55:52.0211 5888 Fs_Rec - ok
09:55:52.0250 5888 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
09:55:52.0280 5888 gagp30kx - ok
09:55:53.0272 5888 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
09:55:53.0307 5888 ghaio - ok
09:55:55.0965 5888 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
09:55:56.0168 5888 gpsvc - ok
09:55:58.0800 5888 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
09:55:59.0078 5888 HdAudAddService - ok
09:55:59.0553 5888 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:55:59.0877 5888 HDAudBus - ok
09:55:59.0923 5888 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:56:00.0059 5888 HidBth - ok
09:56:00.0069 5888 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:56:00.0218 5888 HidIr - ok
09:56:00.0385 5888 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
09:56:00.0453 5888 hidserv - ok
09:56:00.0515 5888 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:56:00.0635 5888 HidUsb - ok
09:56:01.0693 5888 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:56:01.0819 5888 hkmsvc - ok
09:56:01.0978 5888 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:56:02.0048 5888 HpCISSs - ok
09:56:04.0482 5888 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:56:04.0861 5888 HTTP - ok
09:56:04.0949 5888 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:56:05.0133 5888 i2omp - ok
09:56:05.0682 5888 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:56:05.0872 5888 i8042prt - ok
09:56:06.0397 5888 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:56:06.0754 5888 iaStorV - ok
09:56:08.0234 5888 IBUpdaterService - ok
09:56:12.0297 5888 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:56:14.0314 5888 idsvc - ok
09:56:14.0665 5888 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:56:14.0823 5888 iirsp - ok
09:56:19.0032 5888 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
09:56:19.0940 5888 IKEEXT - ok
09:56:31.0633 5888 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
09:56:35.0377 5888 IntcAzAudAddService - ok
09:56:40.0439 5888 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:56:40.0560 5888 intelide - ok
09:56:41.0350 5888 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:56:41.0749 5888 intelppm - ok
09:56:43.0136 5888 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:56:43.0436 5888 IPBusEnum - ok
09:56:44.0060 5888 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:56:44.0309 5888 IpFilterDriver - ok
09:56:45.0848 5888 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
09:56:46.0242 5888 iphlpsvc - ok
09:56:46.0323 5888 IpInIp - ok
09:56:46.0525 5888 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:56:46.0633 5888 IPMIDRV - ok
09:56:47.0008 5888 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:56:47.0141 5888 IPNAT - ok
09:56:47.0276 5888 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:56:47.0377 5888 IRENUM - ok
09:56:48.0285 5888 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:56:48.0372 5888 isapnp - ok
09:56:48.0767 5888 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:56:48.0802 5888 iScsiPrt - ok
09:56:48.0929 5888 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:56:48.0969 5888 iteatapi - ok
09:56:49.0074 5888 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:56:49.0239 5888 iteraid - ok
09:56:49.0683 5888 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:56:50.0038 5888 kbdclass - ok
09:56:50.0084 5888 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
09:56:50.0207 5888 kbdhid - ok
09:56:50.0270 5888 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
09:56:50.0565 5888 kbfiltr - ok
09:56:50.0636 5888 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
09:56:50.0735 5888 KeyIso - ok
09:56:51.0518 5888 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:56:52.0058 5888 KSecDD - ok
09:56:53.0831 5888 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:56:54.0619 5888 KtmRm - ok
09:56:55.0574 5888 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
09:56:55.0649 5888 LanmanServer - ok
09:56:55.0860 5888 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
09:56:55.0917 5888 LanmanWorkstation - ok
09:56:55.0982 5888 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:56:56.0101 5888 lltdio - ok
09:56:56.0506 5888 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:56:56.0874 5888 lltdsvc - ok
09:56:57.0131 5888 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:56:57.0194 5888 lmhosts - ok
09:56:58.0764 5888 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:56:58.0811 5888 LSI_FC - ok
09:56:59.0058 5888 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:56:59.0142 5888 LSI_SAS - ok
09:57:00.0174 5888 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:57:00.0354 5888 LSI_SCSI - ok
09:57:01.0053 5888 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:57:01.0230 5888 luafv - ok
09:57:01.0414 5888 ManyCam (8e17d513d8011b0ee03c355eaab0e0cc) C:\Windows\system32\DRIVERS\mcvidrv.sys
09:57:01.0565 5888 ManyCam - ok
09:57:01.0800 5888 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
09:57:02.0116 5888 MBAMProtector - ok
09:57:05.0927 5888 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:57:06.0591 5888 MBAMService - ok
09:57:06.0713 5888 mcaudrv_simple (562d95e00e14a944debe655decbd3f5b) C:\Windows\system32\drivers\mcaudrv.sys
09:57:07.0089 5888 mcaudrv_simple - ok
09:57:07.0450 5888 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
09:57:07.0658 5888 Mcx2Svc - ok
09:57:08.0333 5888 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:57:08.0504 5888 megasas - ok
09:57:08.0853 5888 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:57:09.0020 5888 MegaSR - ok
09:57:09.0190 5888 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:57:09.0274 5888 MMCSS - ok
09:57:09.0300 5888 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:57:09.0337 5888 Modem - ok
09:57:09.0433 5888 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
09:57:09.0531 5888 MODEMCSA - ok
09:57:09.0557 5888 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:57:09.0607 5888 monitor - ok
09:57:09.0659 5888 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:57:09.0695 5888 mouclass - ok
09:57:09.0797 5888 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:57:09.0857 5888 mouhid - ok
09:57:10.0236 5888 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:57:10.0295 5888 MountMgr - ok
09:57:11.0094 5888 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:57:11.0158 5888 MozillaMaintenance - ok
09:57:12.0435 5888 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:57:12.0668 5888 mpio - ok
09:57:13.0528 5888 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:57:13.0705 5888 mpsdrv - ok
09:57:16.0084 5888 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
09:57:16.0358 5888 MpsSvc - ok
09:57:16.0606 5888 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:57:16.0836 5888 Mraid35x - ok
09:57:18.0365 5888 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:57:18.0477 5888 MRxDAV - ok
09:57:18.0715 5888 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:57:18.0814 5888 mrxsmb - ok
09:57:19.0977 5888 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:57:20.0356 5888 mrxsmb10 - ok
09:57:20.0727 5888 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:57:20.0977 5888 mrxsmb20 - ok
09:57:21.0512 5888 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
09:57:21.0700 5888 msahci - ok
09:57:21.0758 5888 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:57:21.0820 5888 msdsm - ok
09:57:21.0930 5888 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:57:21.0985 5888 MSDTC - ok
09:57:22.0052 5888 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:57:22.0131 5888 Msfs - ok
09:57:23.0035 5888 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:57:23.0303 5888 msisadrv - ok
09:57:24.0196 5888 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:57:24.0906 5888 MSiSCSI - ok
09:57:24.0910 5888 msiserver - ok
09:57:25.0049 5888 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:57:25.0155 5888 MSKSSRV - ok
09:57:25.0305 5888 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:57:25.0518 5888 MSPCLOCK - ok
09:57:25.0578 5888 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:57:25.0653 5888 MSPQM - ok
09:57:27.0295 5888 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:57:27.0409 5888 MsRPC - ok
09:57:27.0979 5888 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:57:27.0991 5888 mssmbios - ok
09:57:28.0016 5888 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:57:28.0075 5888 MSTEE - ok
09:57:28.0159 5888 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
09:57:28.0218 5888 MTsensor - ok
09:57:28.0495 5888 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:57:28.0541 5888 Mup - ok
09:57:29.0392 5888 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
09:57:29.0527 5888 napagent - ok
09:57:30.0640 5888 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:57:30.0946 5888 NativeWifiP - ok
09:57:32.0037 5888 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:57:32.0127 5888 NDIS - ok
09:57:32.0950 5888 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:57:33.0657 5888 NdisTapi - ok
09:57:33.0770 5888 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:57:33.0843 5888 Ndisuio - ok
09:57:34.0322 5888 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:57:34.0423 5888 NdisWan - ok
09:57:34.0490 5888 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:57:34.0553 5888 NDProxy - ok
09:57:34.0659 5888 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:57:34.0768 5888 NetBIOS - ok
09:57:34.0943 5888 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:57:35.0046 5888 netbt - ok
09:57:35.0107 5888 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
09:57:35.0365 5888 Netlogon - ok
09:57:35.0626 5888 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:57:35.0800 5888 Netman - ok
09:57:38.0483 5888 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:57:38.0550 5888 netprofm - ok
09:57:40.0817 5888 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:57:40.0883 5888 NetTcpPortSharing - ok
09:57:40.0944 5888 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:57:41.0064 5888 nfrd960 - ok
09:57:42.0324 5888 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:57:42.0502 5888 NlaSvc - ok
09:57:42.0536 5888 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:57:43.0212 5888 Npfs - ok
09:57:43.0332 5888 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:57:43.0394 5888 nsi - ok
09:57:43.0560 5888 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:57:43.0645 5888 nsiproxy - ok
09:57:43.0909 5888 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:57:45.0134 5888 Ntfs - ok
09:57:45.0220 5888 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:57:45.0374 5888 ntrigdigi - ok
09:57:45.0859 5888 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:57:46.0019 5888 Null - ok
09:57:46.0170 5888 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:57:46.0209 5888 nvraid - ok
09:57:46.0487 5888 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:57:46.0545 5888 nvstor - ok
09:57:46.0984 5888 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:57:47.0117 5888 nv_agp - ok
09:57:47.0125 5888 NwlnkFlt - ok
09:57:47.0133 5888 NwlnkFwd - ok
09:57:47.0280 5888 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:57:47.0303 5888 ohci1394 - ok
09:57:48.0452 5888 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:57:48.0749 5888 p2pimsvc - ok
09:57:48.0759 5888 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:57:49.0042 5888 p2psvc - ok
09:57:49.0130 5888 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:57:49.0206 5888 Parport - ok
09:57:49.0285 5888 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:57:49.0307 5888 partmgr - ok
09:57:49.0339 5888 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:57:49.0423 5888 Parvdm - ok
09:57:49.0634 5888 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:57:49.0768 5888 PcaSvc - ok
09:57:49.0918 5888 pccsmcfd - ok
09:57:50.0545 5888 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:57:50.0563 5888 pci - ok
09:57:50.0696 5888 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:57:50.0745 5888 pciide - ok
09:57:51.0054 5888 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:57:51.0149 5888 pcmcia - ok
09:57:54.0260 5888 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:57:55.0123 5888 PEAUTH - ok
09:57:55.0567 5888 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:57:56.0052 5888 pla - ok
09:57:57.0381 5888 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
09:57:57.0433 5888 PlugPlay - ok
09:57:58.0683 5888 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:57:58.0760 5888 PNRPAutoReg - ok
09:57:58.0771 5888 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:57:58.0804 5888 PNRPsvc - ok
09:57:59.0255 5888 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
09:57:59.0363 5888 PolicyAgent - ok
09:57:59.0756 5888 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:57:59.0916 5888 PptpMiniport - ok
09:58:00.0388 5888 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:58:00.0467 5888 Processor - ok
09:58:00.0934 5888 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
09:58:01.0008 5888 ProfSvc - ok
09:58:01.0089 5888 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
09:58:01.0141 5888 ProtectedStorage - ok
09:58:01.0321 5888 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:58:01.0436 5888 PSched - ok
09:58:01.0892 5888 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:58:02.0579 5888 ql2300 - ok
09:58:03.0612 5888 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:58:03.0646 5888 ql40xx - ok
09:58:04.0268 5888 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:58:04.0301 5888 QWAVE - ok
09:58:04.0510 5888 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:58:04.0656 5888 QWAVEdrv - ok
09:58:04.0725 5888 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:58:04.0884 5888 RasAcd - ok
09:58:05.0063 5888 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:58:05.0127 5888 RasAuto - ok
09:58:05.0199 5888 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:58:05.0274 5888 Rasl2tp - ok
09:58:06.0385 5888 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
09:58:06.0457 5888 RasMan - ok
09:58:06.0841 5888 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:58:07.0157 5888 RasPppoe - ok
09:58:07.0556 5888 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:58:07.0615 5888 RasSstp - ok
09:58:08.0003 5888 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:58:08.0163 5888 rdbss - ok
09:58:08.0202 5888 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:58:08.0284 5888 RDPCDD - ok
09:58:08.0404 5888 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
09:58:08.0444 5888 rdpdr - ok
09:58:08.0524 5888 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:58:08.0627 5888 RDPENCDD - ok
09:58:08.0813 5888 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:58:08.0988 5888 RDPWD - ok
09:58:09.0095 5888 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:58:09.0149 5888 RemoteAccess - ok
09:58:09.0257 5888 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
09:58:09.0330 5888 RemoteRegistry - ok
09:58:09.0386 5888 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
09:58:09.0509 5888 RFCOMM - ok
09:58:09.0549 5888 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:58:09.0616 5888 rimmptsk - ok
09:58:09.0677 5888 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:58:09.0837 5888 rimsptsk - ok
09:58:10.0034 5888 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
09:58:10.0123 5888 rismxdp - ok
09:58:10.0191 5888 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:58:10.0289 5888 RpcLocator - ok
09:58:12.0160 5888 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:58:12.0487 5888 RpcSs - ok
09:58:13.0708 5888 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:58:14.0025 5888 rspndr - ok
09:58:14.0164 5888 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
09:58:14.0183 5888 SamSs - ok
09:58:14.0371 5888 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:58:14.0445 5888 sbp2port - ok
09:58:14.0742 5888 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
09:58:14.0805 5888 SCardSvr - ok
09:58:15.0231 5888 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
09:58:15.0554 5888 Schedule - ok
09:58:15.0695 5888 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:58:15.0721 5888 SCPolicySvc - ok
09:58:16.0226 5888 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
09:58:16.0415 5888 sdbus - ok
09:58:17.0324 5888 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:58:17.0474 5888 SDRSVC - ok
09:58:17.0601 5888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:58:19.0238 5888 secdrv - ok
09:58:19.0459 5888 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:58:19.0512 5888 seclogon - ok
09:58:19.0852 5888 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
09:58:19.0999 5888 SENS - ok
09:58:20.0307 5888 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:58:20.0420 5888 Serenum - ok
09:58:20.0854 5888 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:58:21.0110 5888 Serial - ok
09:58:21.0606 5888 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:58:21.0663 5888 Serial - ok
09:58:22.0094 5888 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:58:22.0339 5888 sermouse - ok
09:58:23.0131 5888 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:58:23.0229 5888 SessionEnv - ok
09:58:23.0254 5888 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
09:58:23.0387 5888 sffdisk - ok
09:58:23.0424 5888 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:58:23.0483 5888 sffp_mmc - ok
09:58:23.0679 5888 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:58:23.0788 5888 sffp_sd - ok
09:58:24.0022 5888 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
09:58:24.0183 5888 sfloppy - ok
09:58:24.0700 5888 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:58:24.0784 5888 SharedAccess - ok
09:58:25.0028 5888 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
09:58:25.0145 5888 ShellHWDetection - ok
09:58:25.0160 5888 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:58:25.0202 5888 sisagp - ok
09:58:25.0449 5888 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:58:25.0479 5888 SiSRaid2 - ok
09:58:25.0944 5888 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:58:25.0973 5888 SiSRaid4 - ok
09:58:28.0586 5888 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
09:58:35.0646 5888 slsvc - ok
09:58:37.0063 5888 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:58:37.0127 5888 Smb - ok
09:58:39.0172 5888 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
09:58:39.0865 5888 smserial - ok
09:58:40.0053 5888 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:58:40.0089 5888 SNMPTRAP - ok
09:58:40.0482 5888 SNP2UVC (750771bb0f0eda12bbc93f223fe682d4) C:\Windows\system32\DRIVERS\snp2uvc.sys
09:58:41.0246 5888 SNP2UVC ( UnsignedFile.Multi.Generic ) - warning
09:58:41.0246 5888 SNP2UVC - detected UnsignedFile.Multi.Generic (1)
09:58:41.0722 5888 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:58:41.0776 5888 spldr - ok
09:58:42.0050 5888 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
09:58:42.0214 5888 spmgr - ok
09:58:42.0564 5888 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
09:58:42.0633 5888 Spooler - ok
09:58:43.0474 5888 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:58:43.0645 5888 srv - ok
09:58:43.0711 5888 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:58:43.0863 5888 srv2 - ok
09:58:43.0905 5888 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:58:43.0982 5888 srvnet - ok
09:58:44.0196 5888 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:58:44.0302 5888 SSDPSRV - ok
09:58:44.0344 5888 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
09:58:44.0442 5888 ssmdrv - ok
09:58:44.0561 5888 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:58:44.0677 5888 SstpSvc - ok
09:58:45.0099 5888 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
09:58:45.0481 5888 stisvc - ok
09:58:45.0715 5888 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:58:45.0781 5888 swenum - ok
09:58:47.0026 5888 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
09:58:47.0075 5888 swprv - ok
09:58:47.0262 5888 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:58:47.0327 5888 Symc8xx - ok
09:58:47.0461 5888 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:58:47.0554 5888 Sym_hi - ok
09:58:47.0637 5888 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:58:47.0661 5888 Sym_u3 - ok
09:58:48.0324 5888 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
09:58:48.0431 5888 SysMain - ok
09:58:48.0471 5888 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:58:48.0491 5888 TabletInputService - ok
09:58:48.0641 5888 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
09:58:48.0746 5888 TapiSrv - ok
09:58:48.0823 5888 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:58:48.0858 5888 TBS - ok
09:58:49.0124 5888 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
09:58:49.0341 5888 Tcpip - ok
09:58:49.0355 5888 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
09:58:49.0393 5888 Tcpip6 - ok
09:58:49.0564 5888 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:58:49.0627 5888 tcpipreg - ok
09:58:49.0789 5888 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:58:49.0913 5888 TDPIPE - ok
09:58:50.0051 5888 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:58:50.0122 5888 TDTCP - ok
09:58:50.0163 5888 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:58:50.0210 5888 tdx - ok
09:58:50.0297 5888 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:58:50.0375 5888 TermDD - ok
09:58:50.0469 5888 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
09:58:50.0571 5888 TermService - ok
09:58:50.0740 5888 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
09:58:50.0811 5888 Themes - ok
09:58:50.0927 5888 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:58:50.0982 5888 THREADORDER - ok
09:58:51.0113 5888 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:58:51.0170 5888 TrkWks - ok
09:58:51.0229 5888 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
09:58:51.0251 5888 TrustedInstaller - ok
09:58:51.0309 5888 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:58:51.0392 5888 tssecsrv - ok
09:58:51.0423 5888 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:58:51.0524 5888 tunmp - ok
09:58:51.0667 5888 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:58:51.0736 5888 tunnel - ok
09:58:51.0800 5888 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:58:51.0838 5888 uagp35 - ok
09:58:51.0874 5888 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:58:51.0928 5888 udfs - ok
09:58:52.0097 5888 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:58:52.0162 5888 UI0Detect - ok
09:58:52.0595 5888 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:58:52.0616 5888 uliagpkx - ok
09:58:53.0004 5888 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:58:53.0108 5888 uliahci - ok
09:58:53.0276 5888 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:58:53.0315 5888 UlSata - ok
09:58:53.0475 5888 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:58:53.0514 5888 ulsata2 - ok
09:58:53.0625 5888 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:58:53.0804 5888 umbus - ok
09:58:53.0913 5888 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:58:54.0306 5888 upnphost - ok
09:58:54.0372 5888 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:58:54.0482 5888 usbccgp - ok
09:58:54.0579 5888 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:58:54.0718 5888 usbcir - ok
09:58:54.0853 5888 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:58:54.0954 5888 usbehci - ok
09:58:55.0137 5888 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:58:55.0206 5888 usbhub - ok
09:58:55.0317 5888 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:58:55.0429 5888 usbohci - ok
09:58:55.0449 5888 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
09:58:55.0512 5888 usbprint - ok
09:58:55.0576 5888 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
09:58:55.0663 5888 usbser - ok
09:58:55.0705 5888 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:58:55.0822 5888 USBSTOR - ok
09:58:55.0928 5888 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:58:56.0034 5888 usbuhci - ok
09:58:56.0164 5888 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:58:56.0240 5888 usbvideo - ok
09:58:56.0302 5888 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
09:58:56.0346 5888 UxSms - ok
09:58:56.0510 5888 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
09:58:56.0622 5888 vds - ok
09:58:56.0722 5888 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:58:56.0814 5888 vga - ok
09:58:56.0871 5888 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:58:56.0931 5888 VgaSave - ok
09:58:56.0966 5888 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:58:57.0040 5888 viaagp - ok
09:58:57.0113 5888 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:58:57.0170 5888 ViaC7 - ok
09:58:57.0211 5888 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
09:58:57.0248 5888 viaide - ok
09:58:57.0297 5888 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:58:57.0559 5888 volmgr - ok
09:59:00.0432 5888 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:59:00.0708 5888 volmgrx - ok
09:59:00.0790 5888 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:59:00.0866 5888 volsnap - ok
09:59:00.0996 5888 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:59:01.0048 5888 vsmraid - ok
09:59:02.0527 5888 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
09:59:04.0201 5888 VSS - ok
09:59:04.0585 5888 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
09:59:04.0641 5888 W32Time - ok
09:59:05.0099 5888 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:59:05.0230 5888 WacomPen - ok
09:59:05.0725 5888 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0510 5888 Wanarp - ok
09:59:06.0515 5888 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0593 5888 Wanarpv6 - ok
09:59:07.0059 5888 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
09:59:07.0179 5888 wcncsvc - ok
09:59:07.0476 5888 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:59:07.0554 5888 WcsPlugInService - ok
09:59:08.0291 5888 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:59:08.0342 5888 Wd - ok
09:59:09.0148 5888 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:59:09.0512 5888 Wdf01000 - ok
09:59:09.0961 5888 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:59:10.0070 5888 WdiServiceHost - ok
09:59:10.0075 5888 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:59:10.0115 5888 WdiSystemHost - ok
09:59:10.0866 5888 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
09:59:10.0996 5888 WebClient - ok
09:59:11.0791 5888 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
09:59:11.0864 5888 Wecsvc - ok
09:59:12.0356 5888 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:59:12.0390 5888 wercplsupport - ok
09:59:13.0935 5888 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
09:59:14.0039 5888 WerSvc - ok
09:59:14.0696 5888 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:59:14.0877 5888 WinDefend - ok
09:59:14.0897 5888 WinHttpAutoProxySvc - ok
09:59:15.0491 5888 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
09:59:15.0549 5888 Winmgmt - ok
09:59:19.0076 5888 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
09:59:20.0785 5888 WinRM - ok
09:59:23.0551 5888 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
09:59:23.0964 5888 Wlansvc - ok
09:59:24.0543 5888 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:59:24.0710 5888 WmiAcpi - ok
09:59:25.0156 5888 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
09:59:25.0219 5888 wmiApSrv - ok
09:59:27.0557 5888 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:28.0844 5888 WMPNetworkSvc - ok
09:59:29.0717 5888 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
09:59:29.0878 5888 WPCSvc - ok
09:59:30.0105 5888 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
09:59:30.0406 5888 WPDBusEnum - ok
09:59:31.0064 5888 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
09:59:31.0234 5888 WpdUsb - ok
09:59:33.0736 5888 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:59:33.0901 5888 WPFFontCache_v0400 - ok
09:59:34.0955 5888 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:59:35.0058 5888 ws2ifsl - ok
09:59:35.0240 5888 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
09:59:35.0299 5888 wscsvc - ok
09:59:35.0307 5888 WSearch - ok
09:59:52.0100 5888 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
09:59:52.0621 5888 wuauserv - ok
09:59:57.0628 5888 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:57.0753 5888 WUDFRd - ok
09:59:59.0136 5888 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
09:59:59.0211 5888 wudfsvc - ok
09:59:59.0836 5888 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
10:00:00.0396 5888 yukonwlh - ok
10:00:00.0490 5888 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
10:00:10.0176 5888 \Device\Harddisk0\DR0 - ok
10:00:10.0214 5888 Boot (0x1200) (69b4d9fadbd6a0bfd696f5b7cfbee797) \Device\Harddisk0\DR0\Partition0
10:00:10.0280 5888 \Device\Harddisk0\DR0\Partition0 - ok
10:00:10.0281 5888 ============================================================
10:00:10.0281 5888 Scan finished
10:00:10.0281 5888 ============================================================
10:00:10.0297 5880 Detected object count: 3
10:00:10.0297 5880 Actual detected object count: 3
10:01:02.0882 5880 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:02.0882 5880 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:01:02.0885 5880 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:02.0885 5880 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:01:02.0888 5880 SNP2UVC ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:02.0888 5880 SNP2UVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 25.07.2012 18:11
hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Stumped 26.07.2012 19:36
Combofix Logfile:
Code:
ComboFix 12-07-27.02 - Roy 26.07.2012  19:43:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1148 [GMT 2:00]
ausgeführt von:: c:\users\Roy\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Roy\AppData\Roaming\Help\coredb\storage
c:\windows\msvcr71.dll
c:\windows\system32\roboot.exe
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 18:17 . 2012-07-26 18:20        --------        d-----w-        c:\users\Roy\AppData\Local\temp
2012-07-26 18:17 . 2012-07-26 18:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-21 21:39 . 2012-02-29 13:41        1069056        ----a-w-        c:\windows\system32\DWrite.dll
2012-07-21 21:39 . 2012-03-01 14:46        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-07-21 21:39 . 2012-03-01 14:46        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-07-21 21:39 . 2012-02-29 14:08        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-07-21 21:39 . 2012-02-29 13:44        683008        ----a-w-        c:\windows\system32\d2d1.dll
2012-07-21 08:54 . 2012-07-21 08:54        --------        d-----w-        c:\program files\Windows Portable Devices
2012-07-21 08:41 . 2009-10-01 01:02        31232        ----a-w-        c:\windows\system32\BthMtpContextHandler.dll
2012-07-21 08:41 . 2009-10-01 01:01        40448        ----a-w-        c:\windows\system32\drivers\WpdUsb.sys
2012-07-21 08:41 . 2009-10-01 01:01        839168        ----a-w-        c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2012-07-21 08:41 . 2009-10-01 01:01        227840        ----a-w-        c:\windows\system32\drivers\UMDF\WpdFs.dll
2012-07-21 08:31 . 2012-02-29 15:09        157696        ----a-w-        c:\windows\system32\imagehlp.dll
2012-07-21 08:31 . 2012-02-29 13:32        12800        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-07-21 08:21 . 2012-07-21 08:21        98816        ----a-w-        c:\windows\system32\mfps.dll
2012-07-21 08:21 . 2012-07-21 08:21        979456        ----a-w-        c:\windows\system32\MFH264Dec.dll
2012-07-21 08:21 . 2012-07-21 08:21        357376        ----a-w-        c:\windows\system32\MFHEAACdec.dll
2012-07-21 08:21 . 2012-07-21 08:21        302592        ----a-w-        c:\windows\system32\mfmp4src.dll
2012-07-21 08:21 . 2012-07-21 08:21        2873344        ----a-w-        c:\windows\system32\mf.dll
2012-07-21 08:21 . 2012-07-21 08:21        261632        ----a-w-        c:\windows\system32\mfreadwrite.dll
2012-07-21 08:21 . 2012-07-21 08:21        209920        ----a-w-        c:\windows\system32\mfplat.dll
2012-07-21 08:21 . 2012-07-21 08:21        638336        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2012-07-21 08:21 . 2012-07-21 08:21        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-07-21 08:21 . 2012-07-21 08:21        478720        ----a-w-        c:\windows\system32\dxgi.dll
2012-07-21 08:21 . 2012-07-21 08:21        37376        ----a-w-        c:\windows\system32\cdd.dll
2012-07-21 08:21 . 2012-07-21 08:21        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2012-07-21 08:21 . 2012-07-21 08:21        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2012-07-21 08:20 . 2012-07-21 08:20        519680        ----a-w-        c:\windows\system32\d3d11.dll
2012-07-21 08:20 . 2012-07-21 08:20        252928        ----a-w-        c:\windows\system32\dxdiag.exe
2012-07-21 08:20 . 2012-07-21 08:20        195584        ----a-w-        c:\windows\system32\dxdiagn.dll
2012-07-20 22:33 . 2012-04-23 16:00        984064        ----a-w-        c:\windows\system32\crypt32.dll
2012-07-20 22:33 . 2012-04-23 16:00        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-07-20 22:33 . 2012-04-23 16:00        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-07-20 22:31 . 2011-07-29 16:00        57856        ----a-w-        c:\windows\system32\MSDvbNP.ax
2012-07-20 22:31 . 2011-07-29 16:00        69632        ----a-w-        c:\windows\system32\Mpeg2Data.ax
2012-07-20 22:31 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll
2012-07-20 22:31 . 2011-04-21 13:55        508416        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-07-20 22:31 . 2009-06-17 13:23        30208        ----a-w-        c:\windows\system32\drivers\BTHUSB.SYS
2012-07-20 22:30 . 2011-10-14 16:02        429056        ----a-w-        c:\windows\system32\EncDec.dll
2012-07-20 22:30 . 2012-03-20 23:28        53120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-07-20 22:30 . 2012-03-30 12:39        905600        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-07-20 22:30 . 2012-02-01 15:11        1218048        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-07-20 22:30 . 2012-02-01 15:10        1404928        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-07-20 22:30 . 2012-02-01 15:10        983040        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-07-20 22:30 . 2012-02-01 15:10        964608        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-07-20 22:30 . 2012-02-01 15:10        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-20 22:30 . 2012-02-01 13:58        47104        ----a-w-        c:\program files\Windows Journal\PDIALOG.exe
2012-07-20 22:30 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2012-07-20 22:29 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll
2012-07-20 22:29 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-20 22:29 . 2011-10-25 15:56        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2012-07-20 22:28 . 2012-03-01 11:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-07-20 22:28 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-20 22:28 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-20 22:28 . 2012-05-01 14:03        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-07-20 22:28 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll
2012-07-20 22:24 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-20 22:24 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-07-20 22:24 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe
2012-07-20 22:24 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll
2012-07-18 14:34 . 2012-07-18 14:37        --------        d-----w-        c:\windows\system32\ca-ES
2012-07-18 14:34 . 2012-07-18 14:37        --------        d-----w-        c:\windows\system32\eu-ES
2012-07-17 18:48 . 2012-07-17 18:48        --------        d-----w-        c:\windows\system32\EventProviders
2012-07-16 17:28 . 2012-07-16 17:28        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-16 17:28 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-16 15:09 . 2009-09-27 07:39        369152        ----a-w-        c:\windows\system32\avisynth.dll
2012-07-16 15:09 . 2005-07-14 10:31        32256        ----a-w-        c:\windows\system32\AVSredirect.dll
2012-07-16 15:09 . 2004-02-22 08:11        719872        ----a-w-        c:\windows\system32\devil.dll
2012-07-16 15:09 . 2004-01-24 22:00        70656        ----a-w-        c:\windows\system32\i420vfw.dll
2012-07-16 15:09 . 2012-07-16 15:09        --------        d-----w-        c:\program files\AviSynth 2.5
2012-07-16 15:08 . 2004-07-01 23:00        327749        ----a-w-        c:\windows\system32\drvc.dll
2012-07-16 15:08 . 2012-07-16 17:09        --------        d-----w-        c:\users\Roy\AppData\Roaming\systweak
2012-07-16 15:07 . 2012-07-16 17:09        --------        d-----w-        c:\program files\eRightSoft
2012-07-04 17:35 . 2012-07-04 17:48        --------        d-----w-        c:\program files\Amazon
2012-06-30 01:55 . 2012-07-16 17:08        --------        d-----w-        c:\users\Roy\AppData\Roaming\Broad Intelligence
2012-06-29 22:04 . 2012-06-29 22:04        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-29 22:04 . 2012-06-29 22:04        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 18:19 . 2010-08-07 20:17        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-07-21 08:22 . 2012-07-21 08:22        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-07-21 08:22 . 2012-07-21 08:22        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-07-21 08:22 . 2012-07-21 08:22        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-07-21 08:22 . 2012-07-21 08:22        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-07-21 08:22 . 2012-07-21 08:22        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-07-21 08:22 . 2012-07-21 08:22        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-07-21 08:21 . 2012-07-21 08:21        586240        ----a-w-        c:\windows\system32\stobject.dll
2012-07-21 08:21 . 2012-07-21 08:21        135680        ----a-w-        c:\windows\system32\XpsRasterService.dll
2012-07-21 08:21 . 2012-07-21 08:21        258048        ----a-w-        c:\windows\system32\winspool.drv
2012-07-21 08:21 . 2012-07-21 08:21        847360        ----a-w-        c:\windows\system32\OpcServices.dll
2012-07-21 08:21 . 2012-07-21 08:21        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2012-07-21 08:21 . 2012-07-21 08:21        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll
2012-07-21 08:21 . 2012-07-21 08:21        1554432        ----a-w-        c:\windows\system32\xpsservices.dll
2012-07-21 08:20 . 2012-07-21 08:20        4096        ----a-w-        c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2012-07-21 08:20 . 2012-07-21 08:20        369664        ----a-w-        c:\windows\system32\WMPhoto.dll
2012-07-21 08:20 . 2012-07-21 08:20        321024        ----a-w-        c:\windows\system32\PhotoMetadataHandler.dll
2012-07-21 08:20 . 2012-07-21 08:20        189440        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2012-07-21 08:20 . 2012-07-21 08:20        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2012-06-13 13:40 . 2012-07-21 08:43        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-06-02 22:19 . 2012-07-20 21:50        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-20 21:50        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-20 21:50        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-20 21:50        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-20 21:50        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-07-20 21:50        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-07-20 21:50        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-07-20 21:50        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-07-20 21:50        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-20 22:24        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-20 22:24        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-11 22:56 . 2012-05-11 22:56        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-11 22:56 . 2011-05-21 14:55        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 22:01 . 2011-12-03 10:51        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 22:01 . 2011-12-03 10:51        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-07-20 23:08 . 2011-05-09 06:56        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-08-07 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2010-08-07 37232]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 22:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=102869&gct=hp
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\6nvjsnwo.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=86cf89ef0000000000000015afad3b78&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-UpgradeHelper - c:\users\Roy\AppData\Roaming\Identities\{87147705-BD86-4C2E-AE60-14E34480C3AC}\UpgradeHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-26 20:22
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\System32\lpksetup.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-26  20:28:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-26 18:28
.
Vor Suchlauf: 6 Verzeichnis(se), 171.666.026.496 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 170.153.820.160 Bytes frei
.
- - End Of File - - 8C157F9877C2726980AE79160BCA583C
--- --- ---

markusg 27.07.2012 22:29
nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie berufliches?

Stumped 27.07.2012 22:32
Ja wie erwähnt selten zahlungen mit der Kreditkarte. Kein Onlinebanking, und nichts berufliches.
lg

markusg 30.07.2012 22:17
ok du hast das tdss rootkit.
am ende alle passwörter endern!
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27