| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Dropper und TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2012, 19:08
| #1 |
 |  Trojan.Dropper und TR/ATRAPS.Gen2 Hallo an alle, ich habe einen Trojaner auf dem Rechner nach dem Aufrufen einer unsicheren Seite im Internet(z)... AntiVir und Malewarebytes zeigen diesen beide an (wenn eine Internetverbindung besteht) Kriege den beim besten willen nicht weg... Vorgehensweise bis jetzt... Antivir Scan -> Neustart Malwarebytes Scan -> Neustart Defogger -> Neustart OTL -> Neustart Eset -> Neustart anbei die Logs... Ich wäre euch super dankbar wenn ihr mir helfen könntet ohne Neuinstallation wieder ein sicheres System zu bekommen... danke im Voraus Neon AVSCAN Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 11. Juni 2012 14:11 Es wird nach 3814721 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Professional Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : VDC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 07:34:10 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 07:34:10 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 07:34:10 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 08:14:54 AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 08:16:55 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:59:39 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:05:10 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 08:15:16 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 08:15:17 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 08:15:18 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 08:15:19 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 08:15:20 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 08:15:21 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 08:15:22 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 08:15:22 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 08:15:23 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 08:28:52 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 12:59:42 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 12:59:42 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 12:59:44 VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 12:59:45 VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 12:59:46 VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 13:47:50 VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 13:47:51 VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 13:47:52 VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 07:40:16 VBASE024.VDF : 7.11.32.86 2048 Bytes 08.06.2012 07:40:16 VBASE025.VDF : 7.11.32.87 2048 Bytes 08.06.2012 07:40:17 VBASE026.VDF : 7.11.32.88 2048 Bytes 08.06.2012 07:40:18 VBASE027.VDF : 7.11.32.89 2048 Bytes 08.06.2012 07:40:19 VBASE028.VDF : 7.11.32.90 2048 Bytes 08.06.2012 07:40:20 VBASE029.VDF : 7.11.32.91 2048 Bytes 08.06.2012 07:40:21 VBASE030.VDF : 7.11.32.92 2048 Bytes 08.06.2012 07:40:21 VBASE031.VDF : 7.11.32.118 78336 Bytes 11.06.2012 07:40:24 Engineversion : 8.2.10.80 AEVDF.DLL : 8.1.2.8 106867 Bytes 08.06.2012 13:48:07 AESCRIPT.DLL : 8.1.4.24 450939 Bytes 08.06.2012 13:48:06 AESCN.DLL : 8.1.8.2 131444 Bytes 22.04.2012 19:12:35 AESBX.DLL : 8.2.5.10 606580 Bytes 30.05.2012 13:00:03 AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 06:55:37 AEPACK.DLL : 8.2.16.16 807288 Bytes 30.05.2012 13:00:01 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 18:59:03 AEHEUR.DLL : 8.1.4.36 4874615 Bytes 08.06.2012 13:48:05 AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 08:15:47 AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 18:56:22 AEEXP.DLL : 8.1.0.44 82293 Bytes 30.05.2012 13:00:04 AEEMU.DLL : 8.1.3.0 393589 Bytes 31.01.2012 06:55:34 AECORE.DLL : 8.1.25.10 201080 Bytes 08.06.2012 13:48:02 AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 06:55:33 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 07:34:10 AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 07:34:10 AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 08:14:54 AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 07:34:10 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 07:34:10 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 07:34:10 AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 07:34:10 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 07:34:10 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 07:34:10 RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 07:34:10 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd5d393\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Montag, 11. Juni 2012 14:11 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avnotify.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avnotify.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vvvv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WinVNC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WinVNC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@' C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 Beginne mit der Desinfektion: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 55fe4f43.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. Ende des Suchlaufs: Montag, 11. Juni 2012 14:11 Benötigte Zeit: 00:00 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 77 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 1 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 76 Dateien ohne Befall 4 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. MBAM-log Malwarebytes Anti-Malware (PRO) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 VD :: VDC [Administrator] Schutz: Aktiviert 11.06.2012 16:56:32 mbam-log Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 738978 Laufzeit: 46 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. (Ende) DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:00 on 11/06/2012 (VD) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2012 18:08:52 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\VD\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 23,99 Gb Total Physical Memory | 22,02 Gb Available Physical Memory | 91,80% Memory free 43,99 Gb Paging File | 41,97 Gb Available in Paging File | 95,42% Paging File free Paging file location(s): e:\pagefile.sys 20480 20480 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 26,18 Gb Free Space | 26,18% Space Free | Partition Type: NTFS Drive D: | 80,01 Gb Total Space | 39,48 Gb Free Space | 49,35% Space Free | Partition Type: NTFS Drive E: | 458,81 Gb Total Space | 240,13 Gb Free Space | 52,34% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 566,95 Gb Free Space | 30,43% Space Free | Partition Type: NTFS Drive W: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive X: | 478,90 Gb Total Space | 252,29 Gb Free Space | 52,68% Space Free | Partition Type: NTFS Drive Y: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,54% Space Free | Partition Type: NTFS Computer Name: VDC | User Name: VD | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 18:01:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\VD\Desktop\OTL.exe [2012.06.11 17:55:49 | 002,322,184 | ---- | C] (ESET) -- C:\Users\VD\Desktop\esetsmartinstaller_enu.exe [2012.06.11 17:50:17 | 000,231,936 | ---- | C] (Ufasoft) -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000008.@ [2012.05.30 16:28:54 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\Malwarebytes [2012.05.30 16:07:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.30 16:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.30 16:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.30 16:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.30 10:51:46 | 000,000,000 | ---D | C] -- C:\Users\VD\Desktop\DPIT Plants & Effex [2012.05.30 03:19:49 | 000,000,000 | ---D | C] -- C:\Users\VD\Documents\signatur [2012.05.30 01:49:04 | 000,000,000 | ---D | C] -- C:\Users\VD\Desktop\mook [2012.05.30 00:52:41 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\Thunderbird [2012.05.30 00:52:41 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Local\Thunderbird [2012.05.30 00:52:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.05.23 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.05.21 14:14:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.05.14 16:01:27 | 000,000,000 | ---D | C] -- C:\Users\VD\Desktop\Neuer Ordner [2012.05.14 11:30:13 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\CopperLan Manager [2012.05.14 11:30:12 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\CopperLan [2012.05.14 11:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CopperLan [2012.05.14 11:30:08 | 000,031,992 | ---- | C] (ICT7 S.A.) -- C:\Windows\SysNative\drivers\CHAILinkOverUSB.sys [2012.05.14 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopperLan [2012.05.14 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\CopperLan ========== Files - Modified Within 30 Days ========== [2012.06.11 18:04:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.11 18:04:51 | 2139,213,820 | -HS- | M] () -- C:\hiberfil.sys [2012.06.11 18:01:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\VD\Desktop\OTL.exe [2012.06.11 18:00:04 | 000,000,000 | ---- | M] () -- C:\Users\VD\defogger_reenable [2012.06.11 17:55:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\VD\Desktop\esetsmartinstaller_enu.exe [2012.06.11 17:52:19 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 17:52:19 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 13:33:52 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.06.11 13:33:52 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.06.11 13:16:13 | 2411,776,975 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.11 09:53:14 | 000,016,371 | ---- | M] () -- C:\Users\VD\Desktop\test_triangle.v4p [2012.06.01 20:31:41 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\2-D.vnc [2012.06.01 20:30:18 | 000,000,132 | ---- | M] () -- C:\Users\VD\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.06.01 20:19:12 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\1-C.vnc [2012.06.01 20:12:58 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\3-E.vnc [2012.06.01 19:48:41 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\4-F.vnc [2012.06.01 19:40:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.06.01 19:37:40 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\6-H.vnc [2012.06.01 19:37:14 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\5-G.vnc [2012.06.01 19:17:43 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\0-B.vnc [2012.06.01 19:12:28 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\7-I.vnc [2012.06.01 19:03:07 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\9-A.vnc [2012.06.01 18:33:32 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\LIGHT.vnc [2012.06.01 09:44:25 | 007,304,425 | ---- | M] () -- C:\Users\VD\Desktop\client_spaces.jpg [2012.06.01 09:39:20 | 000,834,131 | ---- | M] () -- C:\Users\VD\Desktop\mbms_interface.rar [2012.06.01 09:38:00 | 003,955,729 | ---- | M] () -- C:\Users\VD\Desktop\mbms_testpics.rar [2012.06.01 09:37:25 | 000,135,491 | ---- | M] () -- C:\Users\VD\Desktop\mbms.rar [2012.06.01 05:34:12 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.01 05:34:12 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.01 05:34:12 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.01 05:34:12 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.01 05:34:12 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.31 00:41:00 | 000,000,589 | ---- | M] () -- C:\Users\VD\Desktop\server_videosynch.lnk [2012.05.30 16:07:17 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.30 15:43:33 | 000,021,275 | ---- | M] () -- C:\Users\VD\Desktop\120530_MappingStuttgart.rar [2012.05.30 14:57:18 | 000,171,759 | ---- | M] () -- C:\Users\VD\Desktop\FB_Banner_Stuttgart.jpg [2012.05.30 10:56:54 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.30 10:56:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.28 15:31:53 | 000,001,049 | ---- | M] () -- C:\Users\VD\Desktop\CopperLan Manager.lnk ========== Files Created - No Company Name ========== [2012.06.11 18:00:04 | 000,000,000 | ---- | C] () -- C:\Users\VD\defogger_reenable [2012.06.11 17:45:22 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@ [2012.06.11 16:48:35 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000032.@ [2012.06.11 14:16:01 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@ [2012.06.11 13:32:45 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.06.11 13:32:45 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.06.11 13:16:13 | 2411,776,975 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.06.11 09:53:12 | 000,016,371 | ---- | C] () -- C:\Users\VD\Desktop\test_triangle.v4p [2012.06.01 20:31:40 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\2-D.vnc [2012.06.01 20:12:57 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\3-E.vnc [2012.06.01 19:51:35 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\1-C.vnc [2012.06.01 19:48:37 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\4-F.vnc [2012.06.01 19:40:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.06.01 19:37:39 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\6-H.vnc [2012.06.01 19:37:13 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\5-G.vnc [2012.06.01 19:17:42 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\0-B.vnc [2012.06.01 19:12:25 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\7-I.vnc [2012.06.01 19:03:03 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\9-A.vnc [2012.06.01 18:33:30 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\LIGHT.vnc [2012.06.01 09:44:19 | 007,304,425 | ---- | C] () -- C:\Users\VD\Desktop\client_spaces.jpg [2012.06.01 09:39:20 | 000,834,131 | ---- | C] () -- C:\Users\VD\Desktop\mbms_interface.rar [2012.06.01 09:38:02 | 003,955,729 | ---- | C] () -- C:\Users\VD\Desktop\mbms_testpics.rar [2012.06.01 09:37:33 | 000,135,491 | ---- | C] () -- C:\Users\VD\Desktop\mbms.rar [2012.05.31 00:39:02 | 000,000,589 | ---- | C] () -- C:\Users\VD\Desktop\server_videosynch.lnk [2012.05.30 23:57:16 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000000.@ [2012.05.30 23:31:40 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\000000cb.@ [2012.05.30 23:31:40 | 000,001,536 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000004.@ [2012.05.30 16:07:17 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.30 15:43:33 | 000,021,275 | ---- | C] () -- C:\Users\VD\Desktop\120530_MappingStuttgart.rar [2012.05.30 14:57:18 | 000,171,759 | ---- | C] () -- C:\Users\VD\Desktop\FB_Banner_Stuttgart.jpg [2012.05.30 10:56:55 | 000,000,740 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000004.@ [2012.05.30 10:56:08 | 000,004,266 | ---- | C] () -- C:\Users\VD\Desktop\aaocg.nfo [2012.05.30 10:56:08 | 000,000,056 | ---- | C] () -- C:\Users\VD\Desktop\FILE_ID.DIZ [2012.05.30 00:52:36 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.05.14 11:30:09 | 000,001,049 | ---- | C] () -- C:\Users\VD\Desktop\CopperLan Manager.lnk [2012.05.11 16:19:57 | 000,960,000 | ---- | C] () -- C:\Program Files (x86)\TouchOSCEditor.exe [2012.04.24 10:01:41 | 000,000,132 | ---- | C] () -- C:\Users\VD\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.04.20 22:45:31 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.20 22:35:25 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.04.20 22:11:33 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2010.11.21 05:23:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\@ ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\evolve_function:AFP_AfpInfo @Alternate Data Stream - 1300 bytes -> C:\Users\VD\AppData\Local\Temp:axwc9SJP2URh2CFDAb8hj4 < End of report > EXTRAS OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.06.2012 18:08:52 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\VD\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
23,99 Gb Total Physical Memory | 22,02 Gb Available Physical Memory | 91,80% Memory free
43,99 Gb Paging File | 41,97 Gb Available in Paging File | 95,42% Paging File free
Paging file location(s): e:\pagefile.sys 20480 20480 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 26,18 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 80,01 Gb Total Space | 39,48 Gb Free Space | 49,35% Space Free | Partition Type: NTFS
Drive E: | 458,81 Gb Total Space | 240,13 Gb Free Space | 52,34% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 566,95 Gb Free Space | 30,43% Space Free | Partition Type: NTFS
Drive W: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive X: | 478,90 Gb Total Space | 252,29 Gb Free Space | 52,68% Space Free | Partition Type: NTFS
Drive Y: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,54% Space Free | Partition Type: NTFS
Computer Name: VDC | User Name: VD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{99D0C200-21DC-4B84-B39D-4319E111AE4B}" = Smart Technology Programming Software 7.0.13.22
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.44
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DE02D760-9D68-49BA-A1CE-FDEC5892608D}" = Trapcode Suite 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"MAXON8C66D661" = NET Render Client 13.016
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel(R) Network Connections 15.7.176.0
"VLC media player" = VLC media player 2.0.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EE14CC2-ED85-4EEA-8714-A31C86AF3769}" = PCmover OEM Express
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0E}" = Ralink RT2870 Wireless LAN Card
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47A542D0-3B8C-4208-8023-5621606197F0}" = PTLens
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{656C6151-03B2-4077-8E29-0950037FC8B4}" = Avid Codecs LE
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1A35687-AEA9-422C-B237-FC4F8136B6F6}" = Intel(R) Integrator Assistant
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E8D0E51F-CC46-48DF-9BF2-E6157FC3717E}" = Intel(R) Extreme Tuning Utility
"{F015C84A-A7FA-4DFC-A266-1754CC536056}" = Accusoft PICVideo Motion JPEG 4
"{F01CBA59-B5BD-4608-A834-1CBE8C292A71}" = Intel(R) Desktop Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"CopperLan" = CopperLan uninstall
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DE02D760-9D68-49BA-A1CE-FDEC5892608D}" = Trapcode Suite 64-bit
"InstallShield_{F015C84A-A7FA-4DFC-A266-1754CC536056}" = Accusoft PICVideo Motion JPEG 4
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Ultravnc2_is1" = UltraVnc
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"XviD" = XviD MPEG-4 Codec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.06.2012 04:03:08 | Computer Name = VDC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MAXON\CINEMA
4D R13\plugins\DPIT Plants & Effex\aupdater.cdl64". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\MAXON\CINEMA 4D R13\plugins\DPIT Plants & Effex\aupdater.cdl64"
in Zeile 1. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 11.06.2012 04:04:09 | Computer Name = VDC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MAXON\CINEMA
4D R13\plugins\DPIT Plants & Effex\aupdater.cdl64". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\MAXON\CINEMA 4D R13\plugins\DPIT Plants & Effex\aupdater.cdl64"
in Zeile 1. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 11.06.2012 06:37:43 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
Error - 11.06.2012 06:42:53 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
Error - 11.06.2012 07:17:57 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
Error - 11.06.2012 10:50:09 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
Error - 11.06.2012 11:46:52 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
Error - 11.06.2012 11:55:52 | Computer Name = VDC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\VD\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11.06.2012 11:55:54 | Computer Name = VDC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\VD\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11.06.2012 12:06:36 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.06.2012 10:48:29 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.06.2012 10:48:29 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 11.06.2012 11:45:12 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 11.06.2012 11:45:12 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.06.2012 11:45:12 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.06.2012 11:45:13 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 11.06.2012 12:04:56 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 11.06.2012 12:04:56 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.06.2012 12:04:56 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.06.2012 12:04:57 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
< End of report >
ESET C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@ Win64/Agent.BA trojan C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000000.@ Win64/Sirefef.AE trojan C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@ Win64/Sirefef.AE trojan Operating memory a variant of Win32/Sirefef.EZ trojan Kann mir wirklich NIEMAND helfen??? Ich wäre so dankbar und brauche den Rechner unbedingt, ohne ihn neu aufzusetzen... |
|
12.06.2012, 14:00
| #2 |
| /// Malwareteam    | Trojan.Dropper und TR/ATRAPS.Gen2 Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Du bist hier leider nicht der einzige mit Problemen und derzeit kann es mehrere Tage dauern, bis du Antwort erhältst! Also hab Geduld! Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
12.06.2012, 14:50
| #3 |
| | Trojan.Dropper und TR/ATRAPS.Gen2 vielen dank für die Hilfe...
__________________ich habe beide scans gemacht und er hat auch einige Fehler gefunden... hier die Ergebnisse: aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 15:22:20
-----------------------------
15:22:20.690 OS Version: Windows x64 6.1.7601 Service Pack 1
15:22:20.690 Number of processors: 12 586 0x2C02
15:22:20.690 ComputerName: VDC UserName: VD
15:22:20.799 Initialize success
15:23:23.979 AVAST engine defs: 12061200
15:24:00.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8
15:24:00.437 Disk 0 Vendor: INTEL_SSDSA2CW600G3 4PC10302 Size: 572325MB BusType: 3
15:24:00.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-9
15:24:00.452 Disk 1 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
15:24:00.452 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T1L0-b
15:24:00.452 Disk 2 Vendor: INTEL_SSDSA2CW600G3 4PC10302 Size: 572325MB BusType: 3
15:24:00.468 Disk 0 MBR read successfully
15:24:00.468 Disk 0 MBR scan
15:24:00.468 Disk 0 Windows XP default MBR code
15:24:00.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:24:00.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102400 MB offset 206848
15:24:00.468 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 469823 MB offset 209922048
15:24:00.468 Disk 0 scanning C:\Windows\system32\drivers
15:24:02.792 Service scanning
15:24:08.128 Modules scanning
15:24:08.128 Disk 0 trace - called modules:
15:24:08.128 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:24:08.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8013762790]
15:24:08.128 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80134b3e40]
15:24:08.128 5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0xfffffa80134c7680]
15:24:08.268 AVAST engine scan C:\
15:29:25.838 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:29:26.446 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:32:32.742 File: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000008.@ **INFECTED** Win32:Trojan-gen
15:32:32.773 File: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000000.@ **INFECTED** Win32:Malware-gen
15:32:32.773 File: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
15:32:32.804 File: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@ **INFECTED** Win32:Malware-gen
15:38:36.378 Scan finished successfully
15:38:51.932 Disk 0 MBR has been saved successfully to "C:\Users\VD\Desktop\MBR.dat"
15:38:51.932 The log file has been saved successfully to "C:\Users\VD\Desktop\aswMBR.txt"
TDS killer log: Code:
ATTFilter 15:39:28.0982 1000 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:39:30.0994 1000 ============================================================
15:39:30.0994 1000 Current date / time: 2012/06/12 15:39:30.0994
15:39:30.0994 1000 SystemInfo:
15:39:30.0994 1000
15:39:30.0994 1000 OS Version: 6.1.7601 ServicePack: 1.0
15:39:30.0994 1000 Product type: Workstation
15:39:30.0994 1000 ComputerName: VDC
15:39:30.0994 1000 UserName: VD
15:39:30.0994 1000 Windows directory: C:\Windows
15:39:30.0994 1000 System windows directory: C:\Windows
15:39:30.0994 1000 Running under WOW64
15:39:30.0994 1000 Processor architecture: Intel x64
15:39:30.0994 1000 Number of processors: 12
15:39:30.0994 1000 Page size: 0x1000
15:39:30.0994 1000 Boot type: Safe boot with network
15:39:30.0994 1000 ============================================================
15:39:31.0181 1000 Drive \Device\Harddisk0\DR0 - Size: 0x8BBA5F6000 (558.91 Gb), SectorSize: 0x200, Cylinders: 0x11D01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:31.0197 1000 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:31.0197 1000 Drive \Device\Harddisk2\DR2 - Size: 0x8BBA5F6000 (558.91 Gb), SectorSize: 0x200, Cylinders: 0x11D01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:31.0197 1000 Drive \Device\Harddisk3\DR3 - Size: 0x3CD00000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:39:31.0197 1000 ============================================================
15:39:31.0197 1000 \Device\Harddisk0\DR0:
15:39:31.0197 1000 MBR partitions:
15:39:31.0197 1000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:39:31.0197 1000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC800000
15:39:31.0197 1000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC832800, BlocksNum 0x3959F800
15:39:31.0197 1000 \Device\Harddisk1\DR1:
15:39:31.0197 1000 MBR partitions:
15:39:31.0197 1000 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
15:39:31.0197 1000 \Device\Harddisk2\DR2:
15:39:31.0197 1000 MBR partitions:
15:39:31.0197 1000 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00298D
15:39:31.0197 1000 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0xA0029CC, BlocksNum 0x3BDCF1F5
15:39:31.0197 1000 \Device\Harddisk3\DR3:
15:39:31.0197 1000 MBR partitions:
15:39:31.0197 1000 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x1E67C0
15:39:31.0197 1000 ============================================================
15:39:31.0197 1000 C: <-> \Device\Harddisk0\DR0\Partition1
15:39:31.0197 1000 Y: <-> \Device\Harddisk0\DR0\Partition0
15:39:31.0197 1000 D: <-> \Device\Harddisk2\DR2\Partition0
15:39:31.0212 1000 F: <-> \Device\Harddisk1\DR1\Partition0
15:39:31.0212 1000 X: <-> \Device\Harddisk2\DR2\Partition1
15:39:31.0212 1000 E: <-> \Device\Harddisk0\DR0\Partition2
15:39:31.0212 1000 ============================================================
15:39:31.0212 1000 Initialize success
15:39:31.0212 1000 ============================================================
15:39:59.0698 1340 ============================================================
15:39:59.0698 1340 Scan started
15:39:59.0698 1340 Mode: Manual; TDLFS;
15:39:59.0698 1340 ============================================================
15:40:00.0743 1340 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:40:00.0759 1340 1394ohci - ok
15:40:00.0759 1340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:40:00.0759 1340 ACPI - ok
15:40:00.0774 1340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:40:00.0774 1340 AcpiPmi - ok
15:40:00.0774 1340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:40:00.0790 1340 adp94xx - ok
15:40:00.0806 1340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:40:00.0806 1340 adpahci - ok
15:40:00.0821 1340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:40:00.0821 1340 adpu320 - ok
15:40:00.0821 1340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:40:00.0821 1340 AeLookupSvc - ok
15:40:00.0837 1340 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
15:40:00.0852 1340 AFD - ok
15:40:00.0868 1340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:40:00.0868 1340 agp440 - ok
15:40:00.0868 1340 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:40:00.0868 1340 ALG - ok
15:40:00.0884 1340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:40:00.0884 1340 aliide - ok
15:40:00.0884 1340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:40:00.0884 1340 amdide - ok
15:40:00.0884 1340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:40:00.0899 1340 AmdK8 - ok
15:40:00.0899 1340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:40:00.0899 1340 AmdPPM - ok
15:40:00.0930 1340 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:40:00.0930 1340 amdsata - ok
15:40:00.0946 1340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:40:00.0946 1340 amdsbs - ok
15:40:00.0946 1340 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:40:00.0946 1340 amdxata - ok
15:40:00.0946 1340 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:40:00.0946 1340 AppID - ok
15:40:00.0946 1340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:40:00.0946 1340 AppIDSvc - ok
15:40:00.0962 1340 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:40:00.0962 1340 Appinfo - ok
15:40:00.0962 1340 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:40:00.0962 1340 AppMgmt - ok
15:40:00.0977 1340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:40:00.0977 1340 arc - ok
15:40:00.0993 1340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:40:00.0993 1340 arcsas - ok
15:40:01.0008 1340 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:01.0008 1340 aspnet_state - ok
15:40:01.0008 1340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:01.0008 1340 AsyncMac - ok
15:40:01.0008 1340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:40:01.0008 1340 atapi - ok
15:40:01.0024 1340 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:01.0040 1340 AudioEndpointBuilder - ok
15:40:01.0055 1340 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:01.0055 1340 AudioSrv - ok
15:40:01.0055 1340 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:40:01.0055 1340 AxInstSV - ok
15:40:01.0071 1340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:40:01.0086 1340 b06bdrv - ok
15:40:01.0086 1340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:01.0102 1340 b57nd60a - ok
15:40:01.0118 1340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:40:01.0118 1340 BDESVC - ok
15:40:01.0118 1340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:40:01.0118 1340 Beep - ok
15:40:01.0133 1340 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:40:01.0149 1340 BITS - ok
15:40:01.0149 1340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:01.0149 1340 blbdrive - ok
15:40:01.0149 1340 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
15:40:01.0149 1340 bowser - ok
15:40:01.0164 1340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:40:01.0164 1340 BrFiltLo - ok
15:40:01.0180 1340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:40:01.0180 1340 BrFiltUp - ok
15:40:01.0180 1340 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:40:01.0180 1340 Browser - ok
15:40:01.0196 1340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:40:01.0196 1340 Brserid - ok
15:40:01.0196 1340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:01.0196 1340 BrSerWdm - ok
15:40:01.0196 1340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:01.0196 1340 BrUsbMdm - ok
15:40:01.0211 1340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:01.0211 1340 BrUsbSer - ok
15:40:01.0211 1340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:40:01.0211 1340 BTHMODEM - ok
15:40:01.0242 1340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:40:01.0242 1340 bthserv - ok
15:40:01.0242 1340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:40:01.0242 1340 cdfs - ok
15:40:01.0258 1340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:40:01.0258 1340 cdrom - ok
15:40:01.0258 1340 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:01.0258 1340 CertPropSvc - ok
15:40:01.0274 1340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:40:01.0274 1340 circlass - ok
15:40:01.0305 1340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:40:01.0305 1340 CLFS - ok
15:40:01.0305 1340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:01.0320 1340 clr_optimization_v2.0.50727_32 - ok
15:40:01.0320 1340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:01.0320 1340 clr_optimization_v2.0.50727_64 - ok
15:40:01.0336 1340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:40:01.0336 1340 clr_optimization_v4.0.30319_32 - ok
15:40:01.0367 1340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:40:01.0367 1340 clr_optimization_v4.0.30319_64 - ok
15:40:01.0367 1340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:40:01.0367 1340 CmBatt - ok
15:40:01.0383 1340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:40:01.0383 1340 cmdide - ok
15:40:01.0383 1340 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:40:01.0398 1340 CNG - ok
15:40:01.0398 1340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:40:01.0398 1340 Compbatt - ok
15:40:01.0398 1340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:40:01.0398 1340 CompositeBus - ok
15:40:01.0414 1340 COMSysApp - ok
15:40:01.0430 1340 CPoEthProt (aca9762a169028bf76a3bb6374cb82f5) C:\Windows\system32\DRIVERS\CPoEthProt.sys
15:40:01.0430 1340 CPoEthProt - ok
15:40:01.0430 1340 CPVMidi (9f09dd50ee5da60903ed20bbd09baf0d) C:\Windows\system32\DRIVERS\CPVMidi.sys
15:40:01.0430 1340 CPVMidi - ok
15:40:01.0461 1340 CPVNM (408bf9e50edc0b55d957df34bfb589e8) C:\Program Files\CopperLan\CPVNM\CPVNM.exe
15:40:01.0476 1340 CPVNM - ok
15:40:01.0492 1340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:40:01.0492 1340 crcdisk - ok
15:40:01.0492 1340 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:40:01.0492 1340 CryptSvc - ok
15:40:01.0508 1340 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:40:01.0508 1340 CSC - ok
15:40:01.0523 1340 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:40:01.0539 1340 CscService - ok
15:40:01.0554 1340 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:01.0570 1340 DcomLaunch - ok
15:40:01.0570 1340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:40:01.0570 1340 defragsvc - ok
15:40:01.0586 1340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:40:01.0586 1340 DfsC - ok
15:40:01.0586 1340 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:40:01.0601 1340 Dhcp - ok
15:40:01.0617 1340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:40:01.0617 1340 discache - ok
15:40:01.0632 1340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:40:01.0632 1340 Disk - ok
15:40:01.0648 1340 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:40:01.0648 1340 dmvsc - ok
15:40:01.0664 1340 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
15:40:01.0664 1340 Dnscache - ok
15:40:01.0695 1340 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:40:01.0695 1340 dot3svc - ok
15:40:01.0726 1340 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:40:01.0726 1340 DPS - ok
15:40:01.0742 1340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:40:01.0742 1340 drmkaud - ok
15:40:01.0788 1340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:40:01.0804 1340 DXGKrnl - ok
15:40:01.0820 1340 e1qexpress (d1004b64292c1a802d53cd861695ace3) C:\Windows\system32\DRIVERS\e1q62x64.sys
15:40:01.0820 1340 e1qexpress - ok
15:40:01.0835 1340 e1yexpress (1f20aeaad1be0121647257235b788224) C:\Windows\system32\DRIVERS\e1y62x64.sys
15:40:01.0835 1340 e1yexpress - ok
15:40:01.0835 1340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:40:01.0835 1340 EapHost - ok
15:40:01.0913 1340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:40:01.0944 1340 ebdrv - ok
15:40:01.0960 1340 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:40:01.0960 1340 EFS - ok
15:40:01.0991 1340 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:40:02.0007 1340 ehRecvr - ok
15:40:02.0007 1340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:40:02.0007 1340 ehSched - ok
15:40:02.0022 1340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:40:02.0038 1340 elxstor - ok
15:40:02.0054 1340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:40:02.0054 1340 ErrDev - ok
15:40:02.0069 1340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:40:02.0069 1340 EventSystem - ok
15:40:02.0085 1340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:40:02.0085 1340 exfat - ok
15:40:02.0085 1340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:40:02.0100 1340 fastfat - ok
15:40:02.0116 1340 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:40:02.0132 1340 Fax - ok
15:40:02.0132 1340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:40:02.0132 1340 fdc - ok
15:40:02.0132 1340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:40:02.0132 1340 fdPHost - ok
15:40:02.0147 1340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:40:02.0147 1340 FDResPub - ok
15:40:02.0147 1340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:40:02.0147 1340 FileInfo - ok
15:40:02.0147 1340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:40:02.0147 1340 Filetrace - ok
15:40:02.0163 1340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:40:02.0163 1340 flpydisk - ok
15:40:02.0178 1340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:40:02.0178 1340 FltMgr - ok
15:40:02.0210 1340 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:40:02.0210 1340 FontCache - ok
15:40:02.0241 1340 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:02.0241 1340 FontCache3.0.0.0 - ok
15:40:02.0241 1340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:40:02.0241 1340 FsDepends - ok
15:40:02.0241 1340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:40:02.0241 1340 Fs_Rec - ok
15:40:02.0256 1340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:40:02.0256 1340 fvevol - ok
15:40:02.0256 1340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:40:02.0256 1340 gagp30kx - ok
15:40:02.0272 1340 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:40:02.0303 1340 gpsvc - ok
15:40:02.0303 1340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:40:02.0303 1340 hcw85cir - ok
15:40:02.0319 1340 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:40:02.0319 1340 HdAudAddService - ok
15:40:02.0319 1340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:40:02.0319 1340 HDAudBus - ok
15:40:02.0334 1340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:40:02.0334 1340 HidBatt - ok
15:40:02.0334 1340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:40:02.0334 1340 HidBth - ok
15:40:02.0366 1340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:40:02.0366 1340 HidIr - ok
15:40:02.0366 1340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:40:02.0366 1340 hidserv - ok
15:40:02.0366 1340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:40:02.0366 1340 HidUsb - ok
15:40:02.0381 1340 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:40:02.0381 1340 hkmsvc - ok
15:40:02.0381 1340 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:40:02.0381 1340 HomeGroupListener - ok
15:40:02.0397 1340 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:40:02.0397 1340 HomeGroupProvider - ok
15:40:02.0412 1340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:40:02.0412 1340 HpSAMD - ok
15:40:02.0428 1340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:40:02.0444 1340 HTTP - ok
15:40:02.0444 1340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:40:02.0444 1340 hwpolicy - ok
15:40:02.0459 1340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:40:02.0459 1340 i8042prt - ok
15:40:02.0490 1340 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:40:02.0490 1340 iaStorV - ok
15:40:02.0490 1340 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:40:02.0506 1340 IDriverT - ok
15:40:02.0522 1340 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:02.0553 1340 idsvc - ok
15:40:02.0568 1340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:40:02.0568 1340 iirsp - ok
15:40:02.0584 1340 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:40:02.0600 1340 IKEEXT - ok
15:40:02.0662 1340 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
15:40:02.0678 1340 IntcAzAudAddService - ok
15:40:02.0693 1340 Intel(R) PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe
15:40:02.0709 1340 Intel(R) PROSet Monitoring Service - ok
15:40:02.0709 1340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:40:02.0709 1340 intelide - ok
15:40:02.0709 1340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:40:02.0709 1340 intelppm - ok
15:40:02.0709 1340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:40:02.0724 1340 IPBusEnum - ok
15:40:02.0740 1340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:02.0740 1340 IpFilterDriver - ok
15:40:02.0756 1340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:40:02.0756 1340 IPMIDRV - ok
15:40:02.0771 1340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:40:02.0771 1340 IPNAT - ok
15:40:02.0771 1340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:40:02.0771 1340 IRENUM - ok
15:40:02.0771 1340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:40:02.0771 1340 isapnp - ok
15:40:02.0802 1340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:40:02.0802 1340 iScsiPrt - ok
15:40:02.0802 1340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:02.0802 1340 kbdclass - ok
15:40:02.0802 1340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:40:02.0802 1340 kbdhid - ok
15:40:02.0818 1340 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:02.0818 1340 KeyIso - ok
15:40:02.0818 1340 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:40:02.0818 1340 KSecDD - ok
15:40:02.0818 1340 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:40:02.0818 1340 KSecPkg - ok
15:40:02.0834 1340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:40:02.0834 1340 ksthunk - ok
15:40:02.0834 1340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:40:02.0849 1340 KtmRm - ok
15:40:02.0865 1340 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:40:02.0865 1340 LanmanServer - ok
15:40:02.0865 1340 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:40:02.0880 1340 LanmanWorkstation - ok
15:40:02.0880 1340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:40:02.0880 1340 lltdio - ok
15:40:02.0896 1340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:40:02.0896 1340 lltdsvc - ok
15:40:02.0896 1340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:40:02.0896 1340 lmhosts - ok
15:40:02.0927 1340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:40:02.0927 1340 LSI_FC - ok
15:40:02.0943 1340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:40:02.0943 1340 LSI_SAS - ok
15:40:02.0958 1340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:40:02.0958 1340 LSI_SAS2 - ok
15:40:02.0990 1340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:40:02.0990 1340 LSI_SCSI - ok
15:40:02.0990 1340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:40:02.0990 1340 luafv - ok
15:40:03.0005 1340 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:40:03.0005 1340 MBAMProtector - ok
15:40:03.0021 1340 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:40:03.0021 1340 MBAMService - ok
15:40:03.0052 1340 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:40:03.0052 1340 Mcx2Svc - ok
15:40:03.0052 1340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:40:03.0052 1340 megasas - ok
15:40:03.0068 1340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:40:03.0083 1340 MegaSR - ok
15:40:03.0083 1340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:03.0083 1340 MMCSS - ok
15:40:03.0083 1340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:40:03.0083 1340 Modem - ok
15:40:03.0083 1340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:40:03.0083 1340 monitor - ok
15:40:03.0114 1340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:40:03.0114 1340 mouclass - ok
15:40:03.0114 1340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:40:03.0114 1340 mouhid - ok
15:40:03.0130 1340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:40:03.0130 1340 mountmgr - ok
15:40:03.0130 1340 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:40:03.0130 1340 MozillaMaintenance - ok
15:40:03.0146 1340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:40:03.0146 1340 mpio - ok
15:40:03.0177 1340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:40:03.0177 1340 mpsdrv - ok
15:40:03.0192 1340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:40:03.0192 1340 MRxDAV - ok
15:40:03.0192 1340 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:40:03.0192 1340 mrxsmb - ok
15:40:03.0208 1340 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:40:03.0208 1340 mrxsmb10 - ok
15:40:03.0239 1340 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:40:03.0239 1340 mrxsmb20 - ok
15:40:03.0239 1340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:40:03.0239 1340 msahci - ok
15:40:03.0255 1340 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:40:03.0255 1340 msdsm - ok
15:40:03.0270 1340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:40:03.0270 1340 MSDTC - ok
15:40:03.0270 1340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:40:03.0286 1340 Msfs - ok
15:40:03.0302 1340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:40:03.0302 1340 mshidkmdf - ok
15:40:03.0302 1340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:40:03.0302 1340 msisadrv - ok
15:40:03.0317 1340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:40:03.0317 1340 MSiSCSI - ok
15:40:03.0317 1340 msiserver - ok
15:40:03.0317 1340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:40:03.0317 1340 MSKSSRV - ok
15:40:03.0317 1340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:40:03.0317 1340 MSPCLOCK - ok
15:40:03.0333 1340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:40:03.0333 1340 MSPQM - ok
15:40:03.0333 1340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:40:03.0348 1340 MsRPC - ok
15:40:03.0364 1340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:40:03.0364 1340 mssmbios - ok
15:40:03.0364 1340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:40:03.0364 1340 MSTEE - ok
15:40:03.0364 1340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:40:03.0364 1340 MTConfig - ok
15:40:03.0364 1340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:40:03.0380 1340 Mup - ok
15:40:03.0380 1340 mv61xx (3bf808a71e26d88ff2bef841beeb2960) C:\Windows\system32\DRIVERS\mv61xx.sys
15:40:03.0380 1340 mv61xx - ok
15:40:03.0395 1340 mv91xx (841861addc16daf618f207efccdfbebf) C:\Windows\system32\DRIVERS\mv91xx.sys
15:40:03.0395 1340 mv91xx - ok
15:40:03.0411 1340 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:40:03.0411 1340 napagent - ok
15:40:03.0426 1340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:40:03.0442 1340 NativeWifiP - ok
15:40:03.0458 1340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:40:03.0473 1340 NDIS - ok
15:40:03.0489 1340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:03.0489 1340 NdisCap - ok
15:40:03.0489 1340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:03.0489 1340 NdisTapi - ok
15:40:03.0504 1340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:03.0504 1340 Ndisuio - ok
15:40:03.0504 1340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:03.0504 1340 NdisWan - ok
15:40:03.0504 1340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:40:03.0504 1340 NDProxy - ok
15:40:03.0520 1340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:40:03.0520 1340 NetBIOS - ok
15:40:03.0520 1340 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:40:03.0520 1340 NetBT - ok
15:40:03.0536 1340 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:03.0536 1340 Netlogon - ok
15:40:03.0551 1340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:40:03.0551 1340 Netman - ok
15:40:03.0567 1340 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:03.0567 1340 NetMsmqActivator - ok
15:40:03.0567 1340 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:03.0567 1340 NetPipeActivator - ok
15:40:03.0582 1340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:40:03.0582 1340 netprofm - ok
15:40:03.0614 1340 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:03.0614 1340 NetTcpActivator - ok
15:40:03.0614 1340 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:03.0614 1340 NetTcpPortSharing - ok
15:40:03.0629 1340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:40:03.0629 1340 nfrd960 - ok
15:40:03.0629 1340 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:40:03.0645 1340 NlaSvc - ok
15:40:03.0645 1340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:40:03.0645 1340 Npfs - ok
15:40:03.0645 1340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:40:03.0645 1340 nsi - ok
15:40:03.0660 1340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:40:03.0660 1340 nsiproxy - ok
15:40:03.0707 1340 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:40:03.0723 1340 Ntfs - ok
15:40:03.0738 1340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:40:03.0738 1340 Null - ok
15:40:03.0754 1340 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:40:03.0754 1340 nusb3hub - ok
15:40:03.0770 1340 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:40:03.0770 1340 nusb3xhc - ok
15:40:03.0801 1340 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
15:40:03.0801 1340 NVHDA - ok
15:40:04.0066 1340 nvlddmkm (7c03d09b48c212524414cd17fca4ed84) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:40:04.0175 1340 nvlddmkm - ok
15:40:04.0191 1340 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:40:04.0191 1340 nvraid - ok
15:40:04.0206 1340 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:40:04.0206 1340 nvstor - ok
15:40:04.0238 1340 NVSvc (03cee0a780ea86e11975714a490184f9) C:\Windows\system32\nvvsvc.exe
15:40:04.0238 1340 NVSvc - ok
15:40:04.0253 1340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:40:04.0253 1340 nv_agp - ok
15:40:04.0269 1340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:40:04.0269 1340 ohci1394 - ok
15:40:04.0284 1340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:40:04.0300 1340 p2pimsvc - ok
15:40:04.0300 1340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:40:04.0316 1340 p2psvc - ok
15:40:04.0331 1340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:40:04.0331 1340 Parport - ok
15:40:04.0331 1340 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:40:04.0331 1340 partmgr - ok
15:40:04.0331 1340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:40:04.0331 1340 PcaSvc - ok
15:40:04.0362 1340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:40:04.0362 1340 pci - ok
15:40:04.0362 1340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:40:04.0362 1340 pciide - ok
15:40:04.0378 1340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:40:04.0378 1340 pcmcia - ok
15:40:04.0378 1340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:40:04.0378 1340 pcw - ok
15:40:04.0394 1340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:40:04.0409 1340 PEAUTH - ok
15:40:04.0440 1340 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:40:04.0456 1340 PeerDistSvc - ok
15:40:04.0487 1340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:40:04.0487 1340 PerfHost - ok
15:40:04.0534 1340 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:40:04.0550 1340 pla - ok
15:40:04.0565 1340 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
15:40:04.0565 1340 PlugPlay - ok
15:40:04.0565 1340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:40:04.0565 1340 PNRPAutoReg - ok
15:40:04.0581 1340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:40:04.0581 1340 PNRPsvc - ok
15:40:04.0596 1340 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:40:04.0596 1340 PolicyAgent - ok
15:40:04.0612 1340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:40:04.0612 1340 Power - ok
15:40:04.0612 1340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:40:04.0612 1340 PptpMiniport - ok
15:40:04.0628 1340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:40:04.0628 1340 Processor - ok
15:40:04.0628 1340 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:40:04.0643 1340 ProfSvc - ok
15:40:04.0643 1340 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:04.0643 1340 ProtectedStorage - ok
15:40:04.0643 1340 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:40:04.0643 1340 Psched - ok
15:40:04.0674 1340 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:40:04.0674 1340 PxHlpa64 - ok
15:40:04.0706 1340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:40:04.0737 1340 ql2300 - ok
15:40:04.0768 1340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:40:04.0768 1340 ql40xx - ok
15:40:04.0768 1340 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:40:04.0768 1340 QWAVE - ok
15:40:04.0799 1340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:40:04.0799 1340 QWAVEdrv - ok
15:40:04.0799 1340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:40:04.0799 1340 RasAcd - ok
15:40:04.0799 1340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:04.0799 1340 RasAgileVpn - ok
15:40:04.0815 1340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:40:04.0815 1340 RasAuto - ok
15:40:04.0815 1340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:04.0815 1340 Rasl2tp - ok
15:40:04.0830 1340 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:40:04.0830 1340 RasMan - ok
15:40:04.0862 1340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:04.0862 1340 RasPppoe - ok
15:40:04.0862 1340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:40:04.0862 1340 RasSstp - ok
15:40:04.0877 1340 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:40:04.0877 1340 rdbss - ok
15:40:04.0877 1340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:40:04.0877 1340 rdpbus - ok
15:40:04.0877 1340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:40:04.0877 1340 RDPCDD - ok
15:40:04.0893 1340 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:40:04.0893 1340 RDPDR - ok
15:40:04.0893 1340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:40:04.0893 1340 RDPENCDD - ok
15:40:04.0924 1340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:40:04.0924 1340 RDPREFMP - ok
15:40:04.0924 1340 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:40:04.0924 1340 RDPWD - ok
15:40:04.0940 1340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:40:04.0940 1340 rdyboost - ok
15:40:04.0955 1340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:40:04.0955 1340 RemoteAccess - ok
15:40:04.0955 1340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:40:04.0955 1340 RemoteRegistry - ok
15:40:04.0986 1340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:40:04.0986 1340 RpcEptMapper - ok
15:40:04.0986 1340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:40:04.0986 1340 RpcLocator - ok
15:40:05.0002 1340 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:05.0002 1340 RpcSs - ok
15:40:05.0002 1340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:40:05.0018 1340 rspndr - ok
15:40:05.0018 1340 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:40:05.0018 1340 s3cap - ok
15:40:05.0018 1340 SaiK0CD5 (858c15a70af2900c03daa4419b973903) C:\Windows\system32\DRIVERS\SaiK0CD5.sys
15:40:05.0018 1340 SaiK0CD5 - ok
15:40:05.0049 1340 SaiMini (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
15:40:05.0049 1340 SaiMini - ok
15:40:05.0049 1340 SaiNtBus (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
15:40:05.0049 1340 SaiNtBus - ok
15:40:05.0064 1340 SaiU0CD5 (866efd804302483de27e3947b25d0fab) C:\Windows\system32\DRIVERS\SaiU0CD5.sys
15:40:05.0064 1340 SaiU0CD5 - ok
15:40:05.0064 1340 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:05.0080 1340 SamSs - ok
15:40:05.0080 1340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:40:05.0080 1340 sbp2port - ok
15:40:05.0111 1340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:40:05.0111 1340 SCardSvr - ok
15:40:05.0111 1340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:40:05.0111 1340 scfilter - ok
15:40:05.0142 1340 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:40:05.0142 1340 Schedule - ok
15:40:05.0158 1340 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:05.0158 1340 SCPolicySvc - ok
15:40:05.0174 1340 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:40:05.0174 1340 SDRSVC - ok
15:40:05.0174 1340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:40:05.0174 1340 secdrv - ok
15:40:05.0189 1340 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:40:05.0189 1340 seclogon - ok
15:40:05.0189 1340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:40:05.0189 1340 SENS - ok
15:40:05.0189 1340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:40:05.0189 1340 SensrSvc - ok
15:40:05.0205 1340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:40:05.0205 1340 Serenum - ok
15:40:05.0205 1340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:40:05.0205 1340 Serial - ok
15:40:05.0205 1340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:40:05.0205 1340 sermouse - ok
15:40:05.0236 1340 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:40:05.0236 1340 SessionEnv - ok
15:40:05.0236 1340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:40:05.0236 1340 sffdisk - ok
15:40:05.0252 1340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:40:05.0252 1340 sffp_mmc - ok
15:40:05.0252 1340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:40:05.0252 1340 sffp_sd - ok
15:40:05.0252 1340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:40:05.0252 1340 sfloppy - ok
15:40:05.0267 1340 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:40:05.0267 1340 ShellHWDetection - ok
15:40:05.0298 1340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:40:05.0298 1340 SiSRaid2 - ok
15:40:05.0298 1340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:40:05.0298 1340 SiSRaid4 - ok
15:40:05.0314 1340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:40:05.0314 1340 Smb - ok
15:40:05.0330 1340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:40:05.0330 1340 SNMPTRAP - ok
15:40:05.0330 1340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:40:05.0330 1340 spldr - ok
15:40:05.0345 1340 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:40:05.0345 1340 Spooler - ok
15:40:05.0423 1340 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:40:05.0454 1340 sppsvc - ok
15:40:05.0486 1340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:40:05.0486 1340 sppuinotify - ok
15:40:05.0501 1340 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
15:40:05.0501 1340 srv - ok
15:40:05.0517 1340 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
15:40:05.0517 1340 srv2 - ok
15:40:05.0517 1340 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
15:40:05.0517 1340 srvnet - ok
15:40:05.0532 1340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:40:05.0532 1340 SSDPSRV - ok
15:40:05.0548 1340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:40:05.0548 1340 SstpSvc - ok
15:40:05.0564 1340 Stereo Service (31ab6192005102b0a16e75f02445c266) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:40:05.0564 1340 Stereo Service - ok
15:40:05.0564 1340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:40:05.0564 1340 stexstor - ok
15:40:05.0579 1340 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:40:05.0579 1340 stisvc - ok
15:40:05.0610 1340 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:40:05.0610 1340 storflt - ok
15:40:05.0610 1340 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:40:05.0610 1340 StorSvc - ok
15:40:05.0610 1340 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:40:05.0626 1340 storvsc - ok
15:40:05.0626 1340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:40:05.0626 1340 swenum - ok
15:40:05.0642 1340 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:40:05.0642 1340 SwitchBoard - ok
15:40:05.0657 1340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:40:05.0673 1340 swprv - ok
15:40:05.0704 1340 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:40:05.0735 1340 SysMain - ok
15:40:05.0751 1340 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:40:05.0751 1340 TabletInputService - ok
15:40:05.0766 1340 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:40:05.0766 1340 TapiSrv - ok
15:40:05.0766 1340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:40:05.0766 1340 TBS - ok
15:40:05.0829 1340 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
15:40:05.0844 1340 Tcpip - ok
15:40:05.0922 1340 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
15:40:05.0922 1340 TCPIP6 - ok
15:40:05.0954 1340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:40:05.0954 1340 tcpipreg - ok
15:40:05.0954 1340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:40:05.0954 1340 TDPIPE - ok
15:40:05.0985 1340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:40:05.0985 1340 TDTCP - ok
15:40:05.0985 1340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:40:05.0985 1340 tdx - ok
15:40:05.0985 1340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:40:05.0985 1340 TermDD - ok
15:40:06.0000 1340 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:40:06.0016 1340 TermService - ok
15:40:06.0016 1340 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:40:06.0016 1340 Themes - ok
15:40:06.0016 1340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:06.0032 1340 THREADORDER - ok
15:40:06.0047 1340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:40:06.0047 1340 TrkWks - ok
15:40:06.0047 1340 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:40:06.0047 1340 TrustedInstaller - ok
15:40:06.0063 1340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:40:06.0063 1340 tssecsrv - ok
15:40:06.0063 1340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:40:06.0063 1340 TsUsbFlt - ok
15:40:06.0078 1340 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:40:06.0078 1340 TsUsbGD - ok
15:40:06.0094 1340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:40:06.0094 1340 tunnel - ok
15:40:06.0110 1340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:40:06.0110 1340 uagp35 - ok
15:40:06.0125 1340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:40:06.0125 1340 udfs - ok
15:40:06.0125 1340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:40:06.0125 1340 UI0Detect - ok
15:40:06.0141 1340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:40:06.0141 1340 uliagpkx - ok
15:40:06.0141 1340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:40:06.0141 1340 umbus - ok
15:40:06.0141 1340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:40:06.0141 1340 UmPass - ok
15:40:06.0172 1340 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:40:06.0172 1340 UmRdpService - ok
15:40:06.0188 1340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:40:06.0188 1340 upnphost - ok
15:40:06.0203 1340 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
15:40:06.0203 1340 usbccgp - ok
15:40:06.0203 1340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:40:06.0203 1340 usbcir - ok
15:40:06.0234 1340 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
15:40:06.0234 1340 usbehci - ok
15:40:06.0234 1340 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
15:40:06.0234 1340 usbhub - ok
15:40:06.0250 1340 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:40:06.0250 1340 usbohci - ok
15:40:06.0250 1340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:40:06.0250 1340 usbprint - ok
15:40:06.0266 1340 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:40:06.0266 1340 USBSTOR - ok
15:40:06.0266 1340 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:40:06.0266 1340 usbuhci - ok
15:40:06.0312 1340 uvnc_service (ac5e6b891a09d5a41ea7f72a5df0a905) C:\Program Files (x86)\UltraVNC\WinVNC.exe
15:40:06.0328 1340 uvnc_service - ok
15:40:06.0359 1340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:40:06.0359 1340 UxSms - ok
15:40:06.0375 1340 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:06.0375 1340 VaultSvc - ok
15:40:06.0375 1340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:40:06.0375 1340 vdrvroot - ok
15:40:06.0390 1340 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:40:06.0406 1340 vds - ok
15:40:06.0422 1340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:40:06.0422 1340 vga - ok
15:40:06.0422 1340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:40:06.0422 1340 VgaSave - ok
15:40:06.0437 1340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:40:06.0437 1340 vhdmp - ok
15:40:06.0437 1340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:40:06.0437 1340 viaide - ok
15:40:06.0453 1340 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:40:06.0453 1340 vmbus - ok
15:40:06.0453 1340 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:40:06.0453 1340 VMBusHID - ok
15:40:06.0468 1340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:40:06.0468 1340 volmgr - ok
15:40:06.0484 1340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:40:06.0484 1340 volmgrx - ok
15:40:06.0500 1340 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:40:06.0500 1340 volsnap - ok
15:40:06.0515 1340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:40:06.0515 1340 vsmraid - ok
15:40:06.0546 1340 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:40:06.0562 1340 VSS - ok
15:40:06.0578 1340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:40:06.0578 1340 vwifibus - ok
15:40:06.0593 1340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:40:06.0593 1340 W32Time - ok
15:40:06.0609 1340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:40:06.0609 1340 WacomPen - ok
15:40:06.0609 1340 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:40:06.0609 1340 WANARP - ok
15:40:06.0609 1340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:40:06.0609 1340 Wanarpv6 - ok
15:40:06.0640 1340 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:40:06.0671 1340 wbengine - ok
15:40:06.0687 1340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:40:06.0687 1340 WbioSrvc - ok
15:40:06.0702 1340 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:40:06.0702 1340 wcncsvc - ok
15:40:06.0702 1340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:40:06.0718 1340 WcsPlugInService - ok
15:40:06.0734 1340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:40:06.0734 1340 Wd - ok
15:40:06.0749 1340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:40:06.0749 1340 Wdf01000 - ok
15:40:06.0749 1340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:40:06.0765 1340 WdiServiceHost - ok
15:40:06.0765 1340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:40:06.0765 1340 WdiSystemHost - ok
15:40:06.0765 1340 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:40:06.0780 1340 WebClient - ok
15:40:06.0796 1340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:40:06.0796 1340 Wecsvc - ok
15:40:06.0796 1340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:40:06.0796 1340 wercplsupport - ok
15:40:06.0812 1340 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:40:06.0812 1340 WerSvc - ok
15:40:06.0812 1340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:40:06.0812 1340 WfpLwf - ok
15:40:06.0812 1340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:40:06.0827 1340 WIMMount - ok
15:40:06.0827 1340 WinHttpAutoProxySvc - ok
15:40:06.0827 1340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:40:06.0843 1340 Winmgmt - ok
15:40:06.0890 1340 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:40:06.0921 1340 WinRM - ok
15:40:06.0936 1340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:40:06.0936 1340 WinUsb - ok
15:40:06.0983 1340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:40:06.0983 1340 Wlansvc - ok
15:40:06.0983 1340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:40:06.0983 1340 WmiAcpi - ok
15:40:06.0999 1340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:40:06.0999 1340 wmiApSrv - ok
15:40:06.0999 1340 WMPNetworkSvc - ok
15:40:07.0014 1340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:40:07.0014 1340 WPCSvc - ok
15:40:07.0014 1340 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:40:07.0014 1340 WPDBusEnum - ok
15:40:07.0030 1340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:40:07.0030 1340 ws2ifsl - ok
15:40:07.0046 1340 WSearch - ok
15:40:07.0108 1340 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:40:07.0139 1340 wuauserv - ok
15:40:07.0170 1340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:40:07.0170 1340 WudfPf - ok
15:40:07.0186 1340 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:07.0186 1340 WUDFRd - ok
15:40:07.0186 1340 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:40:07.0186 1340 wudfsvc - ok
15:40:07.0202 1340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:40:07.0202 1340 WwanSvc - ok
15:40:07.0217 1340 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
15:40:07.0264 1340 \Device\Harddisk0\DR0 - ok
15:40:07.0280 1340 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
15:40:07.0592 1340 \Device\Harddisk1\DR1 - ok
15:40:07.0592 1340 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk2\DR2
15:40:07.0888 1340 \Device\Harddisk2\DR2 - ok
15:40:07.0919 1340 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk3\DR3
15:40:08.0138 1340 \Device\Harddisk3\DR3 - ok
15:40:08.0138 1340 Boot (0x1200) (dd2ff13e3bfc775e447d762246c17951) \Device\Harddisk0\DR0\Partition0
15:40:08.0138 1340 \Device\Harddisk0\DR0\Partition0 - ok
15:40:08.0153 1340 Boot (0x1200) (ea53e5ba8bedebb5b7d8cee765054e0d) \Device\Harddisk0\DR0\Partition1
15:40:08.0169 1340 \Device\Harddisk0\DR0\Partition1 - ok
15:40:08.0169 1340 Boot (0x1200) (13e918a31b083968eae1b80a0015342c) \Device\Harddisk0\DR0\Partition2
15:40:08.0169 1340 \Device\Harddisk0\DR0\Partition2 - ok
15:40:08.0169 1340 Boot (0x1200) (2da48c7063a7c3b20610be09e88fcc9b) \Device\Harddisk1\DR1\Partition0
15:40:08.0169 1340 \Device\Harddisk1\DR1\Partition0 - ok
15:40:08.0169 1340 Boot (0x1200) (572f46848f1f5c9dfab716d9d2a5f7be) \Device\Harddisk2\DR2\Partition0
15:40:08.0169 1340 \Device\Harddisk2\DR2\Partition0 - ok
15:40:08.0169 1340 Boot (0x1200) (45f2922858ba887b1b11cadec108eb38) \Device\Harddisk2\DR2\Partition1
15:40:08.0169 1340 \Device\Harddisk2\DR2\Partition1 - ok
15:40:08.0184 1340 Boot (0x1200) (7148b0ede6a33a008e6470f8da61af07) \Device\Harddisk3\DR3\Partition0
15:40:08.0184 1340 \Device\Harddisk3\DR3\Partition0 - ok
15:40:08.0184 1340 ============================================================
15:40:08.0184 1340 Scan finished
15:40:08.0184 1340 ============================================================
15:40:08.0184 0756 Detected object count: 0
15:40:08.0184 0756 Actual detected object count: 0
15:40:20.0025 1352 ============================================================
15:40:20.0025 1352 Scan started
15:40:20.0025 1352 Mode: Manual; SigCheck; TDLFS;
15:40:20.0025 1352 ============================================================
15:40:20.0945 1352 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:40:20.0976 1352 1394ohci - ok
15:40:20.0992 1352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:40:20.0992 1352 ACPI - ok
15:40:21.0008 1352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:40:21.0023 1352 AcpiPmi - ok
15:40:21.0039 1352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:40:21.0039 1352 adp94xx - ok
15:40:21.0054 1352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:40:21.0070 1352 adpahci - ok
15:40:21.0086 1352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:40:21.0101 1352 adpu320 - ok
15:40:21.0101 1352 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:40:21.0164 1352 AeLookupSvc - ok
15:40:21.0164 1352 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
15:40:21.0226 1352 AFD - ok
15:40:21.0242 1352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:40:21.0242 1352 agp440 - ok
15:40:21.0257 1352 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:40:21.0273 1352 ALG - ok
15:40:21.0273 1352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:40:21.0288 1352 aliide - ok
15:40:21.0288 1352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:40:21.0288 1352 amdide - ok
15:40:21.0304 1352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:40:21.0304 1352 AmdK8 - ok
15:40:21.0320 1352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:40:21.0335 1352 AmdPPM - ok
15:40:21.0351 1352 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:40:21.0351 1352 amdsata - ok
15:40:21.0366 1352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:40:21.0366 1352 amdsbs - ok
15:40:21.0366 1352 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:40:21.0382 1352 amdxata - ok
15:40:21.0398 1352 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:40:21.0429 1352 AppID - ok
15:40:21.0429 1352 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:40:21.0460 1352 AppIDSvc - ok
15:40:21.0460 1352 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:40:21.0491 1352 Appinfo - ok
15:40:21.0507 1352 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:40:21.0522 1352 AppMgmt - ok
15:40:21.0522 1352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:40:21.0538 1352 arc - ok
15:40:21.0538 1352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:40:21.0554 1352 arcsas - ok
15:40:21.0569 1352 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:21.0569 1352 aspnet_state - ok
15:40:21.0585 1352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:21.0616 1352 AsyncMac - ok
15:40:21.0616 1352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:40:21.0616 1352 atapi - ok
15:40:21.0632 1352 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:21.0678 1352 AudioEndpointBuilder - ok
15:40:21.0678 1352 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:21.0710 1352 AudioSrv - ok
15:40:21.0710 1352 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:40:21.0741 1352 AxInstSV - ok
15:40:21.0756 1352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:40:21.0772 1352 b06bdrv - ok
15:40:21.0772 1352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:21.0788 1352 b57nd60a - ok
15:40:21.0788 1352 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:40:21.0803 1352 BDESVC - ok
15:40:21.0803 1352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:40:21.0834 1352 Beep - ok
15:40:21.0850 1352 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:40:21.0897 1352 BITS - ok
15:40:21.0897 1352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:21.0912 1352 blbdrive - ok
15:40:21.0912 1352 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
15:40:21.0944 1352 bowser - ok
15:40:21.0959 1352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:40:21.0959 1352 BrFiltLo - ok
15:40:21.0959 1352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:40:21.0975 1352 BrFiltUp - ok
15:40:21.0975 1352 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:40:22.0006 1352 Browser - ok
15:40:22.0022 1352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:40:22.0037 1352 Brserid - ok
15:40:22.0037 1352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:22.0053 1352 BrSerWdm - ok
15:40:22.0053 1352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:22.0068 1352 BrUsbMdm - ok
15:40:22.0084 1352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:22.0084 1352 BrUsbSer - ok
15:40:22.0100 1352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:40:22.0100 1352 BTHMODEM - ok
15:40:22.0115 1352 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:40:22.0146 1352 bthserv - ok
15:40:22.0146 1352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:40:22.0178 1352 cdfs - ok
15:40:22.0209 1352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:40:22.0209 1352 cdrom - ok
15:40:22.0209 1352 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:22.0256 1352 CertPropSvc - ok
15:40:22.0271 1352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:40:22.0287 1352 circlass - ok
15:40:22.0287 1352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:40:22.0302 1352 CLFS - ok
15:40:22.0302 1352 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:22.0318 1352 clr_optimization_v2.0.50727_32 - ok
15:40:22.0334 1352 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:22.0334 1352 clr_optimization_v2.0.50727_64 - ok
15:40:22.0349 1352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:40:22.0349 1352 clr_optimization_v4.0.30319_32 - ok
15:40:22.0365 1352 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:40:22.0365 1352 clr_optimization_v4.0.30319_64 - ok
15:40:22.0365 1352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:40:22.0380 1352 CmBatt - ok
15:40:22.0396 1352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:40:22.0396 1352 cmdide - ok
15:40:22.0412 1352 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:40:22.0427 1352 CNG - ok
15:40:22.0427 1352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:40:22.0427 1352 Compbatt - ok
15:40:22.0443 1352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:40:22.0458 1352 CompositeBus - ok
15:40:22.0458 1352 COMSysApp - ok
15:40:22.0458 1352 CPoEthProt (aca9762a169028bf76a3bb6374cb82f5) C:\Windows\system32\DRIVERS\CPoEthProt.sys
15:40:23.0847 1352 CPoEthProt - ok
15:40:23.0862 1352 CPVMidi (9f09dd50ee5da60903ed20bbd09baf0d) C:\Windows\system32\DRIVERS\CPVMidi.sys
15:40:23.0862 1352 CPVMidi - ok
15:40:23.0894 1352 CPVNM (408bf9e50edc0b55d957df34bfb589e8) C:\Program Files\CopperLan\CPVNM\CPVNM.exe
15:40:23.0894 1352 CPVNM ( UnsignedFile.Multi.Generic ) - warning
15:40:23.0894 1352 CPVNM - detected UnsignedFile.Multi.Generic (1)
15:40:23.0909 1352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:40:23.0909 1352 crcdisk - ok
15:40:23.0909 1352 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:40:23.0956 1352 CryptSvc - ok
15:40:23.0956 1352 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:40:23.0972 1352 CSC - ok
15:40:23.0987 1352 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:40:24.0003 1352 CscService - ok
15:40:24.0018 1352 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:24.0065 1352 DcomLaunch - ok
15:40:24.0081 1352 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:40:24.0112 1352 defragsvc - ok
15:40:24.0128 1352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:40:24.0159 1352 DfsC - ok
15:40:24.0174 1352 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:40:24.0206 1352 Dhcp - ok
15:40:24.0206 1352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:40:24.0237 1352 discache - ok
15:40:24.0252 1352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:40:24.0252 1352 Disk - ok
15:40:24.0268 1352 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:40:24.0284 1352 dmvsc - ok
15:40:24.0284 1352 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
15:40:24.0315 1352 Dnscache - ok
15:40:24.0330 1352 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:40:24.0362 1352 dot3svc - ok
15:40:24.0362 1352 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:40:24.0393 1352 DPS - ok
15:40:24.0393 1352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:40:24.0408 1352 drmkaud - ok
15:40:24.0424 1352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:40:24.0455 1352 DXGKrnl - ok
15:40:24.0455 1352 e1qexpress (d1004b64292c1a802d53cd861695ace3) C:\Windows\system32\DRIVERS\e1q62x64.sys
15:40:24.0471 1352 e1qexpress - ok
15:40:24.0486 1352 e1yexpress (1f20aeaad1be0121647257235b788224) C:\Windows\system32\DRIVERS\e1y62x64.sys
15:40:24.0486 1352 e1yexpress - ok
15:40:24.0486 1352 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:40:24.0533 1352 EapHost - ok
15:40:24.0596 1352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:40:24.0627 1352 ebdrv - ok
15:40:24.0642 1352 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:40:24.0658 1352 EFS - ok
15:40:24.0674 1352 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:40:24.0689 1352 ehRecvr - ok
15:40:24.0705 1352 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:40:24.0705 1352 ehSched - ok
15:40:24.0720 1352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:40:24.0736 1352 elxstor - ok
15:40:24.0736 1352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:40:24.0752 1352 ErrDev - ok
15:40:24.0767 1352 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:40:24.0798 1352 EventSystem - ok
15:40:24.0830 1352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:40:24.0861 1352 exfat - ok
15:40:24.0861 1352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:40:24.0908 1352 fastfat - ok
15:40:24.0923 1352 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:40:24.0939 1352 Fax - ok
15:40:24.0954 1352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:40:24.0954 1352 fdc - ok
15:40:24.0954 1352 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:40:24.0986 1352 fdPHost - ok
15:40:25.0001 1352 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:40:25.0032 1352 FDResPub - ok
15:40:25.0032 1352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:40:25.0032 1352 FileInfo - ok
15:40:25.0032 1352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:40:25.0079 1352 Filetrace - ok
15:40:25.0079 1352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:40:25.0079 1352 flpydisk - ok
15:40:25.0095 1352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:40:25.0095 1352 FltMgr - ok
15:40:25.0126 1352 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:40:25.0173 1352 FontCache - ok
15:40:25.0173 1352 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:25.0173 1352 FontCache3.0.0.0 - ok
15:40:25.0204 1352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:40:25.0204 1352 FsDepends - ok
15:40:25.0204 1352 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:40:25.0204 1352 Fs_Rec - ok
15:40:25.0220 1352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:40:25.0235 1352 fvevol - ok
15:40:25.0235 1352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:40:25.0235 1352 gagp30kx - ok
15:40:25.0266 1352 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:40:25.0298 1352 gpsvc - ok
15:40:25.0298 1352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:40:25.0313 1352 hcw85cir - ok
15:40:25.0329 1352 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:40:25.0344 1352 HdAudAddService - ok
15:40:25.0360 1352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:40:25.0360 1352 HDAudBus - ok
15:40:25.0360 1352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:40:25.0376 1352 HidBatt - ok
15:40:25.0391 1352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:40:25.0407 1352 HidBth - ok
15:40:25.0407 1352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:40:25.0422 1352 HidIr - ok
15:40:25.0422 1352 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:40:25.0454 1352 hidserv - ok
15:40:25.0454 1352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:40:25.0469 1352 HidUsb - ok
15:40:25.0469 1352 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:40:25.0500 1352 hkmsvc - ok
15:40:25.0516 1352 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:40:25.0516 1352 HomeGroupListener - ok
15:40:25.0532 1352 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:40:25.0532 1352 HomeGroupProvider - ok
15:40:25.0547 1352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:40:25.0547 1352 HpSAMD - ok
15:40:25.0578 1352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:40:25.0625 1352 HTTP - ok
15:40:25.0641 1352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:40:25.0641 1352 hwpolicy - ok
15:40:25.0656 1352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:40:25.0656 1352 i8042prt - ok
15:40:25.0672 1352 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:40:25.0688 1352 iaStorV - ok
15:40:25.0703 1352 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:40:25.0703 1352 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:40:25.0703 1352 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:40:25.0719 1352 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:25.0734 1352 idsvc - ok
15:40:25.0766 1352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:40:25.0766 1352 iirsp - ok
15:40:25.0781 1352 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:40:25.0828 1352 IKEEXT - ok
15:40:25.0875 1352 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
15:40:25.0922 1352 IntcAzAudAddService - ok
15:40:25.0953 1352 Intel(R) PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe
15:40:25.0953 1352 Intel(R) PROSet Monitoring Service - ok
15:40:25.0953 1352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:40:25.0968 1352 intelide - ok
15:40:25.0968 1352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:40:25.0984 1352 intelppm - ok
15:40:25.0984 1352 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:40:26.0015 1352 IPBusEnum - ok
15:40:26.0031 1352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:26.0062 1352 IpFilterDriver - ok
15:40:26.0078 1352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:40:26.0078 1352 IPMIDRV - ok
15:40:26.0093 1352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:40:26.0124 1352 IPNAT - ok
15:40:26.0140 1352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:40:26.0140 1352 IRENUM - ok
15:40:26.0156 1352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:40:26.0156 1352 isapnp - ok
15:40:26.0171 1352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:40:26.0171 1352 iScsiPrt - ok
15:40:26.0171 1352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:26.0187 1352 kbdclass - ok
15:40:26.0202 1352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:40:26.0202 1352 kbdhid - ok
15:40:26.0202 1352 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:26.0218 1352 KeyIso - ok
15:40:26.0218 1352 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:40:26.0234 1352 KSecDD - ok
15:40:26.0234 1352 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:40:26.0234 1352 KSecPkg - ok
15:40:26.0249 1352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:40:26.0280 1352 ksthunk - ok
15:40:26.0280 1352 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:40:26.0327 1352 KtmRm - ok
15:40:26.0327 1352 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:40:26.0358 1352 LanmanServer - ok
15:40:26.0374 1352 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:40:26.0405 1352 LanmanWorkstation - ok
15:40:26.0405 1352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:40:26.0436 1352 lltdio - ok
15:40:26.0452 1352 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:40:26.0483 1352 lltdsvc - ok
15:40:26.0499 1352 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:40:26.0546 1352 lmhosts - ok
15:40:26.0546 1352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:40:26.0561 1352 LSI_FC - ok
15:40:26.0577 1352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:40:26.0577 1352 LSI_SAS - ok
15:40:26.0592 1352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:40:26.0592 1352 LSI_SAS2 - ok
15:40:26.0608 1352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:40:26.0624 1352 LSI_SCSI - ok
15:40:26.0639 1352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:40:26.0670 1352 luafv - ok
15:40:26.0670 1352 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:40:26.0670 1352 MBAMProtector - ok
15:40:26.0702 1352 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:40:26.0717 1352 MBAMService - ok
15:40:26.0733 1352 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:40:26.0733 1352 Mcx2Svc - ok
15:40:26.0764 1352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:40:26.0764 1352 megasas - ok
15:40:26.0780 1352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:40:26.0795 1352 MegaSR - ok
15:40:26.0795 1352 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:26.0826 1352 MMCSS - ok
15:40:26.0826 1352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:40:26.0858 1352 Modem - ok
15:40:26.0858 1352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:40:26.0873 1352 monitor - ok
15:40:26.0889 1352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:40:26.0889 1352 mouclass - ok
15:40:26.0889 1352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:40:26.0904 1352 mouhid - ok
15:40:26.0904 1352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:40:26.0904 1352 mountmgr - ok
15:40:26.0920 1352 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:40:26.0920 1352 MozillaMaintenance - ok
15:40:26.0951 1352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:40:26.0967 1352 mpio - ok
15:40:26.0967 1352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:40:26.0998 1352 mpsdrv - ok
15:40:27.0014 1352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:40:27.0029 1352 MRxDAV - ok
15:40:27.0029 1352 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:40:27.0060 1352 mrxsmb - ok
15:40:27.0076 1352 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:40:27.0107 1352 mrxsmb10 - ok
15:40:27.0107 1352 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:40:27.0154 1352 mrxsmb20 - ok
15:40:27.0170 1352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:40:27.0170 1352 msahci - ok
15:40:27.0185 1352 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:40:27.0201 1352 msdsm - ok
15:40:27.0216 1352 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:40:27.0216 1352 MSDTC - ok
15:40:27.0232 1352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:40:27.0263 1352 Msfs - ok
15:40:27.0263 1352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:40:27.0294 1352 mshidkmdf - ok
15:40:27.0294 1352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:40:27.0294 1352 msisadrv - ok
15:40:27.0310 1352 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:40:27.0341 1352 MSiSCSI - ok
15:40:27.0341 1352 msiserver - ok
15:40:27.0357 1352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:40:27.0388 1352 MSKSSRV - ok
15:40:27.0388 1352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:40:27.0419 1352 MSPCLOCK - ok
15:40:27.0419 1352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:40:27.0450 1352 MSPQM - ok
15:40:27.0466 1352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:40:27.0466 1352 MsRPC - ok
15:40:27.0466 1352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:40:27.0482 1352 mssmbios - ok
15:40:27.0482 1352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:40:27.0513 1352 MSTEE - ok
15:40:27.0513 1352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:40:27.0528 1352 MTConfig - ok
15:40:27.0528 1352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:40:27.0528 1352 Mup - ok
15:40:27.0544 1352 mv61xx (3bf808a71e26d88ff2bef841beeb2960) C:\Windows\system32\DRIVERS\mv61xx.sys
15:40:27.0544 1352 mv61xx - ok
15:40:27.0560 1352 mv91xx (841861addc16daf618f207efccdfbebf) C:\Windows\system32\DRIVERS\mv91xx.sys
15:40:27.0560 1352 mv91xx - ok
15:40:27.0575 1352 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:40:27.0606 1352 napagent - ok
15:40:27.0638 1352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:40:27.0653 1352 NativeWifiP - ok
15:40:27.0669 1352 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:40:27.0700 1352 NDIS - ok
15:40:27.0700 1352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:27.0731 1352 NdisCap - ok
15:40:27.0731 1352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:27.0762 1352 NdisTapi - ok
15:40:27.0778 1352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:27.0809 1352 Ndisuio - ok
15:40:27.0825 1352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:27.0856 1352 NdisWan - ok
15:40:27.0856 1352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:40:27.0887 1352 NDProxy - ok
15:40:27.0887 1352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:40:27.0918 1352 NetBIOS - ok
15:40:27.0934 1352 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:40:27.0965 1352 NetBT - ok
15:40:27.0965 1352 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:27.0981 1352 Netlogon - ok
15:40:27.0981 1352 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:40:28.0028 1352 Netman - ok
15:40:28.0028 1352 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:28.0043 1352 NetMsmqActivator - ok
15:40:28.0043 1352 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:28.0043 1352 NetPipeActivator - ok
15:40:28.0059 1352 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:40:28.0090 1352 netprofm - ok
15:40:28.0106 1352 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:28.0106 1352 NetTcpActivator - ok
15:40:28.0106 1352 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:28.0106 1352 NetTcpPortSharing - ok
15:40:28.0137 1352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:40:28.0137 1352 nfrd960 - ok
15:40:28.0152 1352 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:40:28.0184 1352 NlaSvc - ok
15:40:28.0199 1352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:40:28.0230 1352 Npfs - ok
15:40:28.0230 1352 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:40:28.0262 1352 nsi - ok
15:40:28.0262 1352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:40:28.0293 1352 nsiproxy - ok
15:40:28.0340 1352 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:40:28.0371 1352 Ntfs - ok
15:40:28.0386 1352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:40:28.0418 1352 Null - ok
15:40:28.0433 1352 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:40:28.0433 1352 nusb3hub - ok
15:40:28.0449 1352 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:40:28.0449 1352 nusb3xhc - ok
15:40:28.0464 1352 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
15:40:28.0464 1352 NVHDA - ok
15:40:28.0730 1352 nvlddmkm (7c03d09b48c212524414cd17fca4ed84) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:40:28.0917 1352 nvlddmkm - ok
15:40:28.0948 1352 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:40:28.0964 1352 nvraid - ok
15:40:28.0964 1352 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:40:28.0979 1352 nvstor - ok
15:40:28.0995 1352 NVSvc (03cee0a780ea86e11975714a490184f9) C:\Windows\system32\nvvsvc.exe
15:40:29.0010 1352 NVSvc - ok
15:40:29.0026 1352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:40:29.0026 1352 nv_agp - ok
15:40:29.0042 1352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:40:29.0057 1352 ohci1394 - ok
15:40:29.0073 1352 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:40:29.0088 1352 p2pimsvc - ok
15:40:29.0088 1352 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:40:29.0104 1352 p2psvc - ok
15:40:29.0120 1352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:40:29.0135 1352 Parport - ok
15:40:29.0135 1352 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:40:29.0135 1352 partmgr - ok
15:40:29.0151 1352 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:40:29.0166 1352 PcaSvc - ok
15:40:29.0166 1352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:40:29.0182 1352 pci - ok
15:40:29.0198 1352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:40:29.0198 1352 pciide - ok
15:40:29.0198 1352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:40:29.0213 1352 pcmcia - ok
15:40:29.0213 1352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:40:29.0229 1352 pcw - ok
15:40:29.0229 1352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:40:29.0276 1352 PEAUTH - ok
15:40:29.0307 1352 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:40:29.0322 1352 PeerDistSvc - ok
15:40:29.0338 1352 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:40:29.0354 1352 PerfHost - ok
15:40:29.0400 1352 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:40:29.0447 1352 pla - ok
15:40:29.0463 1352 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
15:40:29.0494 1352 PlugPlay - ok
15:40:29.0510 1352 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:40:29.0510 1352 PNRPAutoReg - ok
15:40:29.0525 1352 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:40:29.0525 1352 PNRPsvc - ok
15:40:29.0541 1352 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:40:29.0572 1352 PolicyAgent - ok
15:40:29.0588 1352 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:40:29.0619 1352 Power - ok
15:40:29.0634 1352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:40:29.0666 1352 PptpMiniport - ok
15:40:29.0666 1352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:40:29.0681 1352 Processor - ok
15:40:29.0697 1352 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:40:29.0728 1352 ProfSvc - ok
15:40:29.0728 1352 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:29.0744 1352 ProtectedStorage - ok
15:40:29.0759 1352 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:40:29.0790 1352 Psched - ok
15:40:29.0790 1352 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:40:29.0790 1352 PxHlpa64 - ok
15:40:29.0837 1352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:40:29.0868 1352 ql2300 - ok
15:40:29.0900 1352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:40:29.0900 1352 ql40xx - ok
15:40:29.0915 1352 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:40:29.0931 1352 QWAVE - ok
15:40:29.0946 1352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:40:29.0946 1352 QWAVEdrv - ok
15:40:29.0962 1352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:40:29.0993 1352 RasAcd - ok
15:40:30.0009 1352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:30.0040 1352 RasAgileVpn - ok
15:40:30.0040 1352 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:40:30.0071 1352 RasAuto - ok
15:40:30.0071 1352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:30.0118 1352 Rasl2tp - ok
15:40:30.0134 1352 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:40:30.0165 1352 RasMan - ok
15:40:30.0165 1352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:30.0212 1352 RasPppoe - ok
15:40:30.0212 1352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:40:30.0243 1352 RasSstp - ok
15:40:30.0258 1352 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:40:30.0290 1352 rdbss - ok
15:40:30.0290 1352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:40:30.0305 1352 rdpbus - ok
15:40:30.0321 1352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:40:30.0352 1352 RDPCDD - ok
15:40:30.0352 1352 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:40:30.0368 1352 RDPDR - ok
15:40:30.0368 1352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:40:30.0414 1352 RDPENCDD - ok
15:40:30.0414 1352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:40:30.0446 1352 RDPREFMP - ok
15:40:30.0446 1352 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:40:30.0492 1352 RDPWD - ok
15:40:30.0508 1352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:40:30.0508 1352 rdyboost - ok
15:40:30.0524 1352 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:40:30.0555 1352 RemoteAccess - ok
15:40:30.0570 1352 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:40:30.0602 1352 RemoteRegistry - ok
15:40:30.0602 1352 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:40:30.0633 1352 RpcEptMapper - ok
15:40:30.0633 1352 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:40:30.0648 1352 RpcLocator - ok
15:40:30.0664 1352 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:30.0695 1352 RpcSs - ok
15:40:30.0711 1352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:40:30.0742 1352 rspndr - ok
15:40:30.0758 1352 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:40:30.0758 1352 s3cap - ok
15:40:30.0773 1352 SaiK0CD5 (858c15a70af2900c03daa4419b973903) C:\Windows\system32\DRIVERS\SaiK0CD5.sys
15:40:30.0773 1352 SaiK0CD5 - ok
15:40:30.0773 1352 SaiMini (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
15:40:30.0773 1352 SaiMini - ok
15:40:30.0789 1352 SaiNtBus (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
15:40:30.0789 1352 SaiNtBus - ok
15:40:30.0804 1352 SaiU0CD5 (866efd804302483de27e3947b25d0fab) C:\Windows\system32\DRIVERS\SaiU0CD5.sys
15:40:30.0804 1352 SaiU0CD5 - ok
15:40:30.0820 1352 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:30.0820 1352 SamSs - ok
15:40:30.0836 1352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:40:30.0836 1352 sbp2port - ok
15:40:30.0851 1352 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:40:30.0882 1352 SCardSvr - ok
15:40:30.0882 1352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:40:30.0914 1352 scfilter - ok
15:40:30.0960 1352 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:40:30.0992 1352 Schedule - ok
15:40:31.0007 1352 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:31.0038 1352 SCPolicySvc - ok
15:40:31.0038 1352 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:40:31.0054 1352 SDRSVC - ok
15:40:31.0070 1352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:40:31.0101 1352 secdrv - ok
15:40:31.0101 1352 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:40:31.0132 1352 seclogon - ok
15:40:31.0132 1352 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:40:31.0163 1352 SENS - ok
15:40:31.0179 1352 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:40:31.0194 1352 SensrSvc - ok
15:40:31.0194 1352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:40:31.0210 1352 Serenum - ok
15:40:31.0210 1352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:40:31.0226 1352 Serial - ok
15:40:31.0226 1352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:40:31.0226 1352 sermouse - ok
15:40:31.0257 1352 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:40:31.0288 1352 SessionEnv - ok
15:40:31.0288 1352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:40:31.0304 1352 sffdisk - ok
15:40:31.0319 1352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:40:31.0319 1352 sffp_mmc - ok
15:40:31.0319 1352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:40:31.0335 1352 sffp_sd - ok
15:40:31.0335 1352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:40:31.0350 1352 sfloppy - ok
15:40:31.0350 1352 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:40:31.0397 1352 ShellHWDetection - ok
15:40:31.0397 1352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:40:31.0397 1352 SiSRaid2 - ok
15:40:31.0413 1352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:40:31.0413 1352 SiSRaid4 - ok
15:40:31.0428 1352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:40:31.0460 1352 Smb - ok
15:40:31.0460 1352 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:40:31.0475 1352 SNMPTRAP - ok
15:40:31.0475 1352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:40:31.0491 1352 spldr - ok
15:40:31.0506 1352 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:40:31.0553 1352 Spooler - ok
15:40:31.0631 1352 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:40:31.0694 1352 sppsvc - ok
15:40:31.0709 1352 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:40:31.0740 1352 sppuinotify - ok
15:40:31.0756 1352 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
15:40:31.0803 1352 srv - ok
15:40:31.0818 1352 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
15:40:31.0850 1352 srv2 - ok
15:40:31.0865 1352 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
15:40:31.0896 1352 srvnet - ok
15:40:31.0896 1352 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:40:31.0928 1352 SSDPSRV - ok
15:40:31.0943 1352 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:40:31.0974 1352 SstpSvc - ok
15:40:31.0974 1352 Stereo Service (31ab6192005102b0a16e75f02445c266) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:40:31.0990 1352 Stereo Service - ok
15:40:32.0006 1352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:40:32.0006 1352 stexstor - ok
15:40:32.0021 1352 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:40:32.0037 1352 stisvc - ok
15:40:32.0037 1352 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:40:32.0052 1352 storflt - ok
15:40:32.0068 1352 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:40:32.0068 1352 StorSvc - ok
15:40:32.0068 1352 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:40:32.0084 1352 storvsc - ok
15:40:32.0084 1352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:40:32.0084 1352 swenum - ok
15:40:32.0099 1352 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:40:32.0115 1352 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:40:32.0115 1352 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:40:32.0130 1352 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:40:32.0177 1352 swprv - ok
15:40:32.0224 1352 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:40:32.0255 1352 SysMain - ok
15:40:32.0271 1352 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:40:32.0286 1352 TabletInputService - ok
15:40:32.0286 1352 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:40:32.0333 1352 TapiSrv - ok
15:40:32.0349 1352 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:40:32.0380 1352 TBS - ok
15:40:32.0411 1352 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
15:40:32.0442 1352 Tcpip - ok
15:40:32.0505 1352 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
15:40:32.0536 1352 TCPIP6 - ok
15:40:32.0567 1352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:40:32.0598 1352 tcpipreg - ok
15:40:32.0598 1352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:40:32.0630 1352 TDPIPE - ok
15:40:32.0630 1352 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:40:32.0661 1352 TDTCP - ok
15:40:32.0676 1352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:40:32.0708 1352 tdx - ok
15:40:32.0723 1352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:40:32.0723 1352 TermDD - ok
15:40:32.0739 1352 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:40:32.0770 1352 TermService - ok
15:40:32.0786 1352 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:40:32.0801 1352 Themes - ok
15:40:32.0817 1352 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:32.0848 1352 THREADORDER - ok
15:40:32.0848 1352 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:40:32.0879 1352 TrkWks - ok
15:40:32.0895 1352 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:40:32.0926 1352 TrustedInstaller - ok
15:40:32.0942 1352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:40:32.0973 1352 tssecsrv - ok
15:40:32.0973 1352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:40:32.0988 1352 TsUsbFlt - ok
15:40:33.0004 1352 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:40:33.0004 1352 TsUsbGD - ok
15:40:33.0020 1352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:40:33.0051 1352 tunnel - ok
15:40:33.0066 1352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:40:33.0066 1352 uagp35 - ok
15:40:33.0082 1352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:40:33.0113 1352 udfs - ok
15:40:33.0129 1352 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:40:33.0129 1352 UI0Detect - ok
15:40:33.0144 1352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:40:33.0144 1352 uliagpkx - ok
15:40:33.0160 1352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:40:33.0160 1352 umbus - ok
15:40:33.0160 1352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:40:33.0176 1352 UmPass - ok
15:40:33.0191 1352 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:40:33.0191 1352 UmRdpService - ok
15:40:33.0207 1352 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:40:33.0238 1352 upnphost - ok
15:40:33.0254 1352 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
15:40:33.0269 1352 usbccgp - ok
15:40:33.0269 1352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:40:33.0285 1352 usbcir - ok
15:40:33.0285 1352 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
15:40:33.0300 1352 usbehci - ok
15:40:33.0316 1352 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
15:40:33.0332 1352 usbhub - ok
15:40:33.0332 1352 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:40:33.0332 1352 usbohci - ok
15:40:33.0347 1352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:40:33.0347 1352 usbprint - ok
15:40:33.0363 1352 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:40:33.0378 1352 USBSTOR - ok
15:40:33.0378 1352 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:40:33.0394 1352 usbuhci - ok
15:40:33.0425 1352 uvnc_service (ac5e6b891a09d5a41ea7f72a5df0a905) C:\Program Files (x86)\UltraVNC\WinVNC.exe
15:40:33.0472 1352 uvnc_service - ok
15:40:33.0488 1352 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:40:33.0534 1352 UxSms - ok
15:40:33.0534 1352 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:33.0550 1352 VaultSvc - ok
15:40:33.0566 1352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:40:33.0566 1352 vdrvroot - ok
15:40:33.0581 1352 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:40:33.0612 1352 vds - ok
15:40:33.0628 1352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:40:33.0628 1352 vga - ok
15:40:33.0628 1352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:40:33.0675 1352 VgaSave - ok
15:40:33.0690 1352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:40:33.0706 1352 vhdmp - ok
15:40:33.0706 1352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:40:33.0706 1352 viaide - ok
15:40:33.0722 1352 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:40:33.0722 1352 vmbus - ok
15:40:33.0737 1352 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:40:33.0753 1352 VMBusHID - ok
15:40:33.0753 1352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:40:33.0753 1352 volmgr - ok
15:40:33.0768 1352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:40:33.0784 1352 volmgrx - ok
15:40:33.0784 1352 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:40:33.0800 1352 volsnap - ok
15:40:33.0815 1352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:40:33.0831 1352 vsmraid - ok
15:40:33.0862 1352 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:40:33.0909 1352 VSS - ok
15:40:33.0924 1352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:40:33.0940 1352 vwifibus - ok
15:40:33.0956 1352 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:40:33.0987 1352 W32Time - ok
15:40:34.0002 1352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:40:34.0002 1352 WacomPen - ok
15:40:34.0002 1352 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:40:34.0049 1352 WANARP - ok
15:40:34.0049 1352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:40:34.0096 1352 Wanarpv6 - ok
15:40:34.0127 1352 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:40:34.0143 1352 wbengine - ok
15:40:34.0158 1352 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:40:34.0174 1352 WbioSrvc - ok
15:40:34.0190 1352 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:40:34.0205 1352 wcncsvc - ok
15:40:34.0205 1352 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:40:34.0221 1352 WcsPlugInService - ok
15:40:34.0221 1352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:40:34.0221 1352 Wd - ok
15:40:34.0252 1352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:40:34.0268 1352 Wdf01000 - ok
15:40:34.0268 1352 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:40:34.0299 1352 WdiServiceHost - ok
15:40:34.0299 1352 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:40:34.0314 1352 WdiSystemHost - ok
15:40:34.0330 1352 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:40:34.0346 1352 WebClient - ok
15:40:34.0346 1352 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:40:34.0392 1352 Wecsvc - ok
15:40:34.0392 1352 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:40:34.0424 1352 wercplsupport - ok
15:40:34.0439 1352 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:40:34.0470 1352 WerSvc - ok
15:40:34.0470 1352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:40:34.0502 1352 WfpLwf - ok
15:40:34.0502 1352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:40:34.0517 1352 WIMMount - ok
15:40:34.0517 1352 WinHttpAutoProxySvc - ok
15:40:34.0533 1352 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:40:34.0564 1352 Winmgmt - ok
15:40:34.0595 1352 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:40:34.0658 1352 WinRM - ok
15:40:34.0689 1352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:40:34.0689 1352 WinUsb - ok
15:40:34.0720 1352 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:40:34.0736 1352 Wlansvc - ok
15:40:34.0751 1352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:40:34.0751 1352 WmiAcpi - ok
15:40:34.0767 1352 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:40:34.0767 1352 wmiApSrv - ok
15:40:34.0767 1352 WMPNetworkSvc - ok
15:40:34.0782 1352 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:40:34.0782 1352 WPCSvc - ok
15:40:34.0782 1352 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:40:34.0798 1352 WPDBusEnum - ok
15:40:34.0814 1352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:40:34.0845 1352 ws2ifsl - ok
15:40:34.0845 1352 WSearch - ok
15:40:34.0892 1352 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:40:34.0938 1352 wuauserv - ok
15:40:34.0970 1352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:40:35.0016 1352 WudfPf - ok
15:40:35.0016 1352 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:35.0048 1352 WUDFRd - ok
15:40:35.0063 1352 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:40:35.0094 1352 wudfsvc - ok
15:40:35.0094 1352 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:40:35.0110 1352 WwanSvc - ok
15:40:35.0126 1352 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
15:40:35.0188 1352 \Device\Harddisk0\DR0 - ok
15:40:35.0204 1352 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
15:40:35.0406 1352 \Device\Harddisk1\DR1 - ok
15:40:35.0422 1352 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk2\DR2
15:40:35.0703 1352 \Device\Harddisk2\DR2 - ok
15:40:35.0718 1352 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk3\DR3
15:40:35.0843 1352 \Device\Harddisk3\DR3 - ok
15:40:35.0843 1352 Boot (0x1200) (dd2ff13e3bfc775e447d762246c17951) \Device\Harddisk0\DR0\Partition0
15:40:35.0843 1352 \Device\Harddisk0\DR0\Partition0 - ok
15:40:35.0843 1352 Boot (0x1200) (ea53e5ba8bedebb5b7d8cee765054e0d) \Device\Harddisk0\DR0\Partition1
15:40:35.0843 1352 \Device\Harddisk0\DR0\Partition1 - ok
15:40:35.0843 1352 Boot (0x1200) (13e918a31b083968eae1b80a0015342c) \Device\Harddisk0\DR0\Partition2
15:40:35.0843 1352 \Device\Harddisk0\DR0\Partition2 - ok
15:40:35.0843 1352 Boot (0x1200) (2da48c7063a7c3b20610be09e88fcc9b) \Device\Harddisk1\DR1\Partition0
15:40:35.0843 1352 \Device\Harddisk1\DR1\Partition0 - ok
15:40:35.0843 1352 Boot (0x1200) (572f46848f1f5c9dfab716d9d2a5f7be) \Device\Harddisk2\DR2\Partition0
15:40:35.0859 1352 \Device\Harddisk2\DR2\Partition0 - ok
15:40:35.0874 1352 Boot (0x1200) (45f2922858ba887b1b11cadec108eb38) \Device\Harddisk2\DR2\Partition1
15:40:35.0874 1352 \Device\Harddisk2\DR2\Partition1 - ok
15:40:35.0874 1352 Boot (0x1200) (7148b0ede6a33a008e6470f8da61af07) \Device\Harddisk3\DR3\Partition0
15:40:35.0874 1352 \Device\Harddisk3\DR3\Partition0 - ok
15:40:35.0874 1352 ============================================================
15:40:35.0874 1352 Scan finished
15:40:35.0874 1352 ============================================================
15:40:35.0874 1360 Detected object count: 3
15:40:35.0874 1360 Actual detected object count: 3
15:40:47.0294 1360 CPVNM ( UnsignedFile.Multi.Generic ) - skipped by user
15:40:47.0294 1360 CPVNM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:40:47.0294 1360 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:40:47.0294 1360 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:40:47.0294 1360 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:40:47.0294 1360 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.06.2012, 15:05
| #4 | |
| /// Malwareteam | Trojan.Dropper und TR/ATRAPS.Gen2 Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
12.06.2012, 15:24
| #5 |
| | Trojan.Dropper und TR/ATRAPS.Gen2 Na das scheint gut gelaufen zu sein... lief einwandfrei durch und er hat einige Dateien gelöscht... Combofix Logfile: Code:
ATTFilter ComboFix 12-06-12.01 - VD 12.06.2012 16:16:41.1.12 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.24565.22874 [GMT 2:00]
ausgef¸hrt von:: c:\users\VD\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Lˆschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000004.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000008.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000004.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\000000cb.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000000.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000032.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@
F:\install.exe
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-12 bis 2012-06-12 ))))))))))))))))))))))))))))))
.
.
2012-06-12 09:59 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 09:30 . 2012-06-12 09:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:11 . 2012-06-11 16:11 -------- d-----w- c:\program files (x86)\ESET
2012-05-30 14:28 . 2012-05-30 14:28 -------- d-----w- c:\users\VD\AppData\Roaming\Malwarebytes
2012-05-30 14:07 . 2012-05-30 14:07 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\users\VD\AppData\Roaming\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\users\VD\AppData\Local\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-05-23 11:45 . 2012-05-23 11:45 -------- d-----w- c:\users\VD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-14 09:30 . 2012-05-14 09:39 -------- d-----w- c:\users\VD\AppData\Roaming\CopperLan Manager
2012-05-14 09:30 . 2012-05-14 09:30 -------- d-----w- c:\users\VD\AppData\Roaming\CopperLan
2012-05-14 09:30 . 2011-09-21 14:12 31992 ----a-w- c:\windows\system32\drivers\CHAILinkOverUSB.sys
2012-05-14 09:28 . 2012-05-14 09:30 -------- d-----w- c:\program files\CopperLan
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 08:56 . 2012-05-11 14:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 08:56 . 2012-05-11 14:14 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 15:13 . 2012-05-11 15:13 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 15:29 . 2012-05-11 14:19 960000 ----a-w- c:\program files (x86)\TouchOSCEditor.exe
2012-04-20 20:53 . 2012-04-20 20:54 199168 ----a-w- c:\windows\system32\PegReg64.dll
2012-04-20 20:40 . 2012-04-20 20:40 53248 ----a-r- c:\users\VD\AppData\Roaming\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe
2012-04-04 16:47 . 2012-05-10 09:52 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2012-05-10 09:52 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 CPVNM;CPVNM Service;c:\program files\CopperLan\CPVNM\CPVNM.exe [2012-02-15 1084928]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2012-02-14 2015968]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 CPoEthProt;CopperLan over Ethernet Protocol Driver;c:\windows\system32\DRIVERS\CPoEthProt.sys [x]
S3 CPVMidi;CopperLan Virtual Midi Driver Service;c:\windows\system32\DRIVERS\CPVMidi.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [x]
S3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{1A534221-FA4A-4F9E-BF37-B3251CD45298}: NameServer = 192.168.1.1
TCP: Interfaces\{2AE774EF-AF85-4F74-B82B-FDB9F96B78E8}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\VD\AppData\Roaming\Mozilla\Firefox\Profiles\jl8okgrm.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-12 16:20:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-12 14:20
.
Vor Suchlauf: 11 Verzeichnis(se), 27.183.947.776 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 26.914.533.376 Bytes frei
.
- - End Of File - - F5CA4B89FA1441192A0F8DDC5FE7FFB2
|
|
12.06.2012, 15:27
| #6 |
| /// Malwareteam | Trojan.Dropper und TR/ATRAPS.Gen2 CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DIRLOOK::
c:\users\VD\AppData\Local\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}
Wichtig:
__________________ --> Trojan.Dropper und TR/ATRAPS.Gen2 |
|
12.06.2012, 15:37
| #7 |
| | Trojan.Dropper und TR/ATRAPS.Gen2 Das lief auch ohne Fehler durch... Combofix Logfile: Code:
ATTFilter ComboFix 12-06-12.01 - VD 12.06.2012 16:32:40.2.12 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.24565.22939 [GMT 2:00]
ausgef¸hrt von:: G:\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\VD\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-12 bis 2012-06-12 ))))))))))))))))))))))))))))))
.
.
2012-06-12 14:34 . 2012-06-12 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 09:59 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 09:30 . 2012-06-12 09:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:11 . 2012-06-11 16:11 -------- d-----w- c:\program files (x86)\ESET
2012-05-30 14:28 . 2012-05-30 14:28 -------- d-----w- c:\users\VD\AppData\Roaming\Malwarebytes
2012-05-30 14:07 . 2012-05-30 14:07 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\users\VD\AppData\Roaming\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\users\VD\AppData\Local\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-05-23 11:45 . 2012-05-23 11:45 -------- d-----w- c:\users\VD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-14 09:30 . 2012-05-14 09:39 -------- d-----w- c:\users\VD\AppData\Roaming\CopperLan Manager
2012-05-14 09:30 . 2012-05-14 09:30 -------- d-----w- c:\users\VD\AppData\Roaming\CopperLan
2012-05-14 09:30 . 2011-09-21 14:12 31992 ----a-w- c:\windows\system32\drivers\CHAILinkOverUSB.sys
2012-05-14 09:28 . 2012-05-14 09:30 -------- d-----w- c:\program files\CopperLan
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 08:56 . 2012-05-11 14:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 08:56 . 2012-05-11 14:14 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 15:13 . 2012-05-11 15:13 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 15:29 . 2012-05-11 14:19 960000 ----a-w- c:\program files (x86)\TouchOSCEditor.exe
2012-04-20 20:53 . 2012-04-20 20:54 199168 ----a-w- c:\windows\system32\PegReg64.dll
2012-04-20 20:40 . 2012-04-20 20:40 53248 ----a-r- c:\users\VD\AppData\Roaming\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe
2012-04-04 16:47 . 2012-05-10 09:52 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2012-05-10 09:52 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\VD\AppData\Local\{bd88c031-bed1-daf1-9bce-e96ac356f0c7} ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-12_14.19.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-21 01:08 . 2012-06-12 14:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-21 01:08 . 2012-06-12 09:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-21 01:08 . 2012-06-12 09:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-21 01:08 . 2012-06-12 14:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-12 14:19 . 2012-06-12 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-12 14:35 . 2012-06-12 14:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-12 14:31 651450 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-01 03:34 651450 c:\windows\system32\perfh009.dat
+ 2011-04-12 07:43 . 2012-06-12 14:31 696132 c:\windows\system32\perfh007.dat
- 2011-04-12 07:43 . 2012-06-01 03:34 696132 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-12 14:31 120382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-01 03:34 120382 c:\windows\system32\perfc009.dat
- 2011-04-12 07:43 . 2012-06-01 03:34 147428 c:\windows\system32\perfc007.dat
+ 2011-04-12 07:43 . 2012-06-12 14:31 147428 c:\windows\system32\perfc007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 CPVNM;CPVNM Service;c:\program files\CopperLan\CPVNM\CPVNM.exe [2012-02-15 1084928]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2012-02-14 2015968]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 CPoEthProt;CopperLan over Ethernet Protocol Driver;c:\windows\system32\DRIVERS\CPoEthProt.sys [x]
S3 CPVMidi;CopperLan Virtual Midi Driver Service;c:\windows\system32\DRIVERS\CPVMidi.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [x]
S3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{1A534221-FA4A-4F9E-BF37-B3251CD45298}: NameServer = 192.168.1.1
TCP: Interfaces\{2AE774EF-AF85-4F74-B82B-FDB9F96B78E8}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\VD\AppData\Roaming\Mozilla\Firefox\Profiles\jl8okgrm.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-12 16:36:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-12 14:36
ComboFix2.txt 2012-06-12 14:20
.
Vor Suchlauf: 14 Verzeichnis(se), 27.011.080.192 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 26.915.348.480 Bytes frei
.
- - End Of File - - 723BCE237BD1B639DF7572DF8AD67D94
Danke schon mal für die Hilfe, aber ist das Thema jetzt durch? und wenn ja, welche Einstellungen/tools/programme sind die besten um eine erneute Infizierung zu verhindern? Gruß Neon |
|
13.06.2012, 06:05
| #8 |
| /// Malwareteam | Trojan.Dropper und TR/ATRAPS.Gen2 Hab ein wenig mehr Geduld - ich habe auch ein Privatleben! Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FOLDER::
c:\users\VD\AppData\Local\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}
CLEARJAVACACHE::
Wichtig:
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
13.06.2012, 11:11
| #9 |
| | Trojan.Dropper und TR/ATRAPS.Gen2 Hat beides funktioniert, anbei die Log Dateien... Srry für den Druck, hatte gedacht wir hätten es schon :-) ich musste übrigens feststellen, dass fast alle services auf reaktiv stehen... ich weiß aber nicht seit welchem schritt das so ist, war auf jeden fall nach den ersten tests noch nicht so... Combofix Logfile: Code:
ATTFilter ComboFix 12-06-12.01 - VD 13.06.2012 11:13:55.3.12 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.24565.22919 [GMT 2:00]
ausgef¸hrt von:: c:\users\VD\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\VD\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-13 bis 2012-06-13 ))))))))))))))))))))))))))))))
.
.
2012-06-13 09:15 . 2012-06-13 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 09:59 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 09:30 . 2012-06-12 09:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:11 . 2012-06-11 16:11 -------- d-----w- c:\program files (x86)\ESET
2012-05-30 14:28 . 2012-05-30 14:28 -------- d-----w- c:\users\VD\AppData\Roaming\Malwarebytes
2012-05-30 14:07 . 2012-05-30 14:07 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\users\VD\AppData\Roaming\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\users\VD\AppData\Local\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-05-23 11:45 . 2012-05-23 11:45 -------- d-----w- c:\users\VD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-14 09:30 . 2012-05-14 09:39 -------- d-----w- c:\users\VD\AppData\Roaming\CopperLan Manager
2012-05-14 09:30 . 2012-05-14 09:30 -------- d-----w- c:\users\VD\AppData\Roaming\CopperLan
2012-05-14 09:30 . 2011-09-21 14:12 31992 ----a-w- c:\windows\system32\drivers\CHAILinkOverUSB.sys
2012-05-14 09:28 . 2012-05-14 09:30 -------- d-----w- c:\program files\CopperLan
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 08:56 . 2012-05-11 14:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 08:56 . 2012-05-11 14:14 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 15:13 . 2012-05-11 15:13 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 15:29 . 2012-05-11 14:19 960000 ----a-w- c:\program files (x86)\TouchOSCEditor.exe
2012-04-20 20:53 . 2012-04-20 20:54 199168 ----a-w- c:\windows\system32\PegReg64.dll
2012-04-20 20:40 . 2012-04-20 20:40 53248 ----a-r- c:\users\VD\AppData\Roaming\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe
2012-04-04 16:47 . 2012-05-10 09:52 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2012-05-10 09:52 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-12_14.19.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 19:46 . 2012-06-12 15:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-20 19:46 . 2012-05-29 13:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-20 19:46 . 2012-05-29 13:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-20 19:46 . 2012-06-12 15:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 15:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-29 13:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-21 01:08 . 2012-06-13 09:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-21 01:08 . 2012-06-12 09:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-21 01:08 . 2012-06-13 09:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-21 01:08 . 2012-06-12 09:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-12 14:19 . 2012-06-12 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-13 09:16 . 2012-06-13 09:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-01 03:34 651450 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-12 14:31 651450 c:\windows\system32\perfh009.dat
+ 2011-04-12 07:43 . 2012-06-12 14:31 696132 c:\windows\system32\perfh007.dat
- 2011-04-12 07:43 . 2012-06-01 03:34 696132 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-12 14:31 120382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-01 03:34 120382 c:\windows\system32\perfc009.dat
- 2011-04-12 07:43 . 2012-06-01 03:34 147428 c:\windows\system32\perfc007.dat
+ 2011-04-12 07:43 . 2012-06-12 14:31 147428 c:\windows\system32\perfc007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 CPVNM;CPVNM Service;c:\program files\CopperLan\CPVNM\CPVNM.exe [2012-02-15 1084928]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2012-02-14 2015968]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 CPoEthProt;CopperLan over Ethernet Protocol Driver;c:\windows\system32\DRIVERS\CPoEthProt.sys [x]
S3 CPVMidi;CopperLan Virtual Midi Driver Service;c:\windows\system32\DRIVERS\CPVMidi.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [x]
S3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{1A534221-FA4A-4F9E-BF37-B3251CD45298}: NameServer = 192.168.1.1
TCP: Interfaces\{2AE774EF-AF85-4F74-B82B-FDB9F96B78E8}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\VD\AppData\Roaming\Mozilla\Firefox\Profiles\jl8okgrm.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-13 11:17:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-13 09:17
ComboFix2.txt 2012-06-12 14:36
ComboFix3.txt 2012-06-12 14:20
.
Vor Suchlauf: 14 Verzeichnis(se), 26.702.008.320 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 26.613.030.912 Bytes frei
.
- - End Of File - - 72C3C08013790D0F3A0640709367CF50
Malwarebytes Log Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.12.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 VD :: VDC [Administrator] Schutz: Deaktiviert 13.06.2012 11:20:08 mbam-log-2012-06-13 (11-20-08).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 739505 Laufzeit: 43 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Qoobox\Quarantine\C\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000008.@.vir (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
13.06.2012, 11:16
| #10 | |
| /// Malwareteam | Trojan.Dropper und TR/ATRAPS.Gen2Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
13.06.2012, 11:31
| #11 |
| | Trojan.Dropper und TR/ATRAPS.Gen2 tippfehler... :-) services.msc -> ca 75% der Dienste sind deaktiviert... dadurch funktionieren halt viele Sachen nicht... Netzwerkverbindungen etc. ist das normal durch die Reparaturen??? |
|
13.06.2012, 12:54
| #12 |
| /// Malwareteam | Trojan.Dropper und TR/ATRAPS.Gen2 Du hast momentan keine Internetverbindung, oder was willst du mir damit sagen? 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
13.06.2012, 12:58
| #13 |
| | Trojan.Dropper und TR/ATRAPS.Gen2 das war nur eine nebenfrage, ob das von der Bereinigung kommt??? ich werd einfach alle Dienste wieder vernünftig einstellen, dann wird schon wieder alles gehen... sind ansonsten jetzt alle Bösewichte weg? |
|
13.06.2012, 13:05
| #14 |
| /// Malwareteam | Trojan.Dropper und TR/ATRAPS.Gen2 Das Problem ist, dass dieser Schädling dafür bekannt ist, in manchen Fällen den TCP-Stack zu versauen - was in einer nicht mehr vorhandenen Netzwerkverbindung resultiert! FSS Downloade dir bitte Farbar's Service Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
14.06.2012, 09:08
| #15 |
| | Trojan.Dropper und TR/ATRAPS.Gen2Code:
ATTFilter Farbar Service Scanner Version: 09-06-2012
Ran by VD (administrator) on 14-06-2012 at 10:07:06
Running from "C:\Users\VD\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Nsi Service is not running. Checking service configuration:
The start type of Nsi service is set to Disabled. The default start type is Auto.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blokked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-21 05:24] - [2010-11-21 05:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-11-21 05:24] - [2010-11-21 05:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D
C:\Windows\System32\dnsrslvr.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
| Themen zu Trojan.Dropper und TR/ATRAPS.Gen2 |
| .dll, 00000008.@, administrator, adobe, alternate, aufrufe, dateisystem, desktop, error, explorer, fehler, flash player, heuristiks/extra, heuristiks/shuriken, install.exe, internet, logfile, mozilla, nt.dll, programm, prozesse, realtek, registry, richtlinie, rundll, scan, security, server, software, spyware, super, system, temp, tr/atraps.gen2, trojan.dropper, trojan.dropper.bcminer, trojaner, usb 3.0, win32/sirefef.ez, windows |
Linear-Darstellung
