| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rootkit Befall C:\Windows\InstallerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.07.2012, 20:26
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Rootkit Befall C:\Windows\Installer Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.07.2012, 07:29
| #17 |
 | Rootkit Befall C:\Windows\Installer Hier der Log
__________________Code:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/11/2012 at 08:28:05
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : user - pcuser
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bw8mt4vh.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1222 octets] - [11/07/2012 08:28:05]
########## EOF - C:\AdwCleaner[R1].txt - [1350 octets] ##########
|
|
11.07.2012, 10:36
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Befall C:\Windows\Installer Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
11.07.2012, 13:07
| #19 |
| | Rootkit Befall C:\Windows\Installer Hier der Log vom TDSSKiller Code:
ATTFilter 14:05:00.0520 3000 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
14:05:00.0613 3000 ============================================================
14:05:00.0613 3000 Current date / time: 2012/07/11 14:05:00.0613
14:05:00.0613 3000 SystemInfo:
14:05:00.0613 3000
14:05:00.0613 3000 OS Version: 6.1.7601 ServicePack: 1.0
14:05:00.0613 3000 Product type: Workstation
14:05:00.0613 3000 ComputerName: pcuser
14:05:00.0613 3000 UserName: user
14:05:00.0613 3000 Windows directory: C:\Windows
14:05:00.0613 3000 System windows directory: C:\Windows
14:05:00.0613 3000 Running under WOW64
14:05:00.0613 3000 Processor architecture: Intel x64
14:05:00.0613 3000 Number of processors: 4
14:05:00.0613 3000 Page size: 0x1000
14:05:00.0613 3000 Boot type: Normal boot
14:05:00.0613 3000 ============================================================
14:05:00.0754 3000 Drive \Device\Harddisk0\DR0 - Size: 0x1AC882A000 (107.13 Gb), SectorSize: 0x200, Cylinders: 0x3A0B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:05:00.0769 3000 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:05:00.0785 3000 ============================================================
14:05:00.0785 3000 \Device\Harddisk0\DR0:
14:05:00.0785 3000 MBR partitions:
14:05:00.0785 3000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD642971
14:05:00.0785 3000 \Device\Harddisk1\DR1:
14:05:00.0785 3000 MBR partitions:
14:05:00.0785 3000 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
14:05:00.0785 3000 ============================================================
14:05:00.0785 3000 C: <-> \Device\Harddisk0\DR0\Partition0
14:05:00.0816 3000 D: <-> \Device\Harddisk1\DR1\Partition0
14:05:00.0816 3000 ============================================================
14:05:00.0816 3000 Initialize success
14:05:00.0816 3000 ============================================================
14:05:26.0946 3100 ============================================================
14:05:26.0946 3100 Scan started
14:05:26.0946 3100 Mode: Manual; SigCheck; TDLFS;
14:05:26.0946 3100 ============================================================
14:05:27.0118 3100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:05:27.0165 3100 1394ohci - ok
14:05:27.0180 3100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:05:27.0196 3100 ACPI - ok
14:05:27.0196 3100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:05:27.0211 3100 AcpiPmi - ok
14:05:27.0211 3100 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
14:05:27.0227 3100 adfs - ok
14:05:27.0243 3100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:05:27.0243 3100 AdobeARMservice - ok
14:05:27.0258 3100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:05:27.0274 3100 adp94xx - ok
14:05:27.0289 3100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:05:27.0289 3100 adpahci - ok
14:05:27.0305 3100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:05:27.0305 3100 adpu320 - ok
14:05:27.0321 3100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:05:27.0336 3100 AeLookupSvc - ok
14:05:27.0352 3100 afcdp (3f5fdc12ffa4794fc3a178a26d48e7cf) C:\Windows\system32\DRIVERS\afcdp.sys
14:05:27.0367 3100 afcdp - ok
14:05:27.0399 3100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:05:27.0414 3100 AFD - ok
14:05:27.0414 3100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:05:27.0414 3100 agp440 - ok
14:05:27.0430 3100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:05:27.0430 3100 ALG - ok
14:05:27.0430 3100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:05:27.0445 3100 aliide - ok
14:05:27.0461 3100 AMD External Events Utility (012365a0a24b4c875169ac05e7c79b7b) C:\Windows\system32\atiesrxx.exe
14:05:27.0461 3100 AMD External Events Utility - ok
14:05:27.0461 3100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:05:27.0477 3100 amdide - ok
14:05:27.0477 3100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:05:27.0477 3100 AmdK8 - ok
14:05:27.0695 3100 amdkmdag (2c428ed33f53ff61a2e271d6b2bb7654) C:\Windows\system32\DRIVERS\atipmdag.sys
14:05:27.0757 3100 amdkmdag - ok
14:05:27.0789 3100 amdkmdap (57c25e7c1220804e92483ae84c8e7734) C:\Windows\system32\DRIVERS\atikmpag.sys
14:05:27.0804 3100 amdkmdap - ok
14:05:27.0804 3100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:05:27.0820 3100 AmdPPM - ok
14:05:27.0820 3100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:05:27.0835 3100 amdsata - ok
14:05:27.0835 3100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:05:27.0851 3100 amdsbs - ok
14:05:27.0851 3100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:05:27.0851 3100 amdxata - ok
14:05:27.0882 3100 Amsp (25e9c505a8db1b5efe631e43718fdb22) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:05:27.0882 3100 Amsp - ok
14:05:27.0898 3100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:05:27.0913 3100 AppID - ok
14:05:27.0913 3100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:05:27.0929 3100 AppIDSvc - ok
14:05:27.0945 3100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:05:27.0960 3100 Appinfo - ok
14:05:27.0976 3100 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:05:27.0976 3100 AppMgmt - ok
14:05:27.0991 3100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:05:27.0991 3100 arc - ok
14:05:28.0007 3100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:05:28.0007 3100 arcsas - ok
14:05:28.0023 3100 asmthub3 (e3b9c89d2ed4a538ab2fc6ec76fa2b17) C:\Windows\system32\DRIVERS\asmthub3.sys
14:05:28.0023 3100 asmthub3 - ok
14:05:28.0054 3100 asmtxhci (88ce83be5176020be39194a6369af2c2) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:05:28.0054 3100 asmtxhci - ok
14:05:28.0069 3100 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:05:28.0069 3100 aspnet_state - ok
14:05:28.0085 3100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:05:28.0101 3100 AsyncMac - ok
14:05:28.0101 3100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:05:28.0101 3100 atapi - ok
14:05:28.0116 3100 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
14:05:28.0116 3100 AtiHdmiService - ok
14:05:28.0179 3100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:05:28.0194 3100 AudioEndpointBuilder - ok
14:05:28.0210 3100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:05:28.0225 3100 AudioSrv - ok
14:05:28.0241 3100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:05:28.0241 3100 AxInstSV - ok
14:05:28.0272 3100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:05:28.0288 3100 b06bdrv - ok
14:05:28.0303 3100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:05:28.0303 3100 b57nd60a - ok
14:05:28.0319 3100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:05:28.0319 3100 BDESVC - ok
14:05:28.0319 3100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:05:28.0350 3100 Beep - ok
14:05:28.0350 3100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:05:28.0350 3100 blbdrive - ok
14:05:28.0366 3100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:05:28.0366 3100 bowser - ok
14:05:28.0366 3100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:05:28.0381 3100 BrFiltLo - ok
14:05:28.0381 3100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:05:28.0397 3100 BrFiltUp - ok
14:05:28.0397 3100 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:05:28.0428 3100 Browser - ok
14:05:28.0444 3100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:05:28.0444 3100 Brserid - ok
14:05:28.0459 3100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:05:28.0459 3100 BrSerWdm - ok
14:05:28.0459 3100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:05:28.0475 3100 BrUsbMdm - ok
14:05:28.0475 3100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:05:28.0475 3100 BrUsbSer - ok
14:05:28.0491 3100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:05:28.0491 3100 BTHMODEM - ok
14:05:28.0506 3100 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:05:28.0522 3100 bthserv - ok
14:05:28.0537 3100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:05:28.0553 3100 cdfs - ok
14:05:28.0569 3100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:05:28.0569 3100 cdrom - ok
14:05:28.0569 3100 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:05:28.0600 3100 CertPropSvc - ok
14:05:28.0600 3100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:05:28.0615 3100 circlass - ok
14:05:28.0631 3100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:05:28.0647 3100 CLFS - ok
14:05:28.0662 3100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:05:28.0662 3100 clr_optimization_v2.0.50727_32 - ok
14:05:28.0662 3100 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:05:28.0678 3100 clr_optimization_v2.0.50727_64 - ok
14:05:28.0693 3100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:05:28.0693 3100 clr_optimization_v4.0.30319_32 - ok
14:05:28.0709 3100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:05:28.0709 3100 clr_optimization_v4.0.30319_64 - ok
14:05:28.0709 3100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:05:28.0725 3100 CmBatt - ok
14:05:28.0725 3100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:05:28.0725 3100 cmdide - ok
14:05:28.0756 3100 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:05:28.0771 3100 CNG - ok
14:05:28.0771 3100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:05:28.0771 3100 Compbatt - ok
14:05:28.0787 3100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:05:28.0787 3100 CompositeBus - ok
14:05:28.0787 3100 COMSysApp - ok
14:05:28.0803 3100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:05:28.0803 3100 crcdisk - ok
14:05:28.0818 3100 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:05:28.0834 3100 CryptSvc - ok
14:05:28.0881 3100 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:05:28.0881 3100 CSC - ok
14:05:28.0912 3100 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:05:28.0927 3100 CscService - ok
14:05:28.0927 3100 ctietfjaipsz - ok
14:05:28.0959 3100 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:05:28.0990 3100 DcomLaunch - ok
14:05:29.0005 3100 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:05:29.0021 3100 defragsvc - ok
14:05:29.0037 3100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:05:29.0052 3100 DfsC - ok
14:05:29.0068 3100 dgderdrv - ok
14:05:29.0068 3100 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
14:05:29.0068 3100 dg_ssudbus - ok
14:05:29.0099 3100 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:05:29.0115 3100 Dhcp - ok
14:05:29.0115 3100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:05:29.0146 3100 discache - ok
14:05:29.0146 3100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:05:29.0146 3100 Disk - ok
14:05:29.0161 3100 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:05:29.0161 3100 dmvsc - ok
14:05:29.0177 3100 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:05:29.0193 3100 Dnscache - ok
14:05:29.0208 3100 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:05:29.0224 3100 dot3svc - ok
14:05:29.0239 3100 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:05:29.0255 3100 DPS - ok
14:05:29.0271 3100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:05:29.0271 3100 drmkaud - ok
14:05:29.0286 3100 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:05:29.0302 3100 dtsoftbus01 - ok
14:05:29.0364 3100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:05:29.0380 3100 DXGKrnl - ok
14:05:29.0395 3100 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:05:29.0411 3100 EapHost - ok
14:05:29.0520 3100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:05:29.0551 3100 ebdrv - ok
14:05:29.0583 3100 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:05:29.0583 3100 EFS - ok
14:05:29.0614 3100 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:05:29.0629 3100 ehRecvr - ok
14:05:29.0645 3100 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:05:29.0645 3100 ehSched - ok
14:05:29.0676 3100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:05:29.0692 3100 elxstor - ok
14:05:29.0692 3100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:05:29.0707 3100 ErrDev - ok
14:05:29.0739 3100 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:05:29.0754 3100 EventSystem - ok
14:05:29.0770 3100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:05:29.0801 3100 exfat - ok
14:05:29.0801 3100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:05:29.0832 3100 fastfat - ok
14:05:29.0879 3100 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:05:29.0895 3100 Fax - ok
14:05:29.0895 3100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:05:29.0895 3100 fdc - ok
14:05:29.0895 3100 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:05:29.0926 3100 fdPHost - ok
14:05:29.0926 3100 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:05:29.0941 3100 FDResPub - ok
14:05:29.0957 3100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:05:29.0957 3100 FileInfo - ok
14:05:29.0957 3100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:05:29.0973 3100 Filetrace - ok
14:05:30.0004 3100 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:05:30.0019 3100 FLEXnet Licensing Service - ok
14:05:30.0019 3100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:05:30.0035 3100 flpydisk - ok
14:05:30.0051 3100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:05:30.0051 3100 FltMgr - ok
14:05:30.0129 3100 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:05:30.0144 3100 FontCache - ok
14:05:30.0144 3100 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:05:30.0144 3100 FontCache3.0.0.0 - ok
14:05:30.0160 3100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:05:30.0160 3100 FsDepends - ok
14:05:30.0175 3100 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:05:30.0175 3100 Fs_Rec - ok
14:05:30.0191 3100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:05:30.0207 3100 fvevol - ok
14:05:30.0207 3100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:05:30.0207 3100 gagp30kx - ok
14:05:30.0269 3100 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:05:30.0300 3100 gpsvc - ok
14:05:30.0300 3100 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
14:05:30.0300 3100 hcmon - ok
14:05:30.0300 3100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:05:30.0316 3100 hcw85cir - ok
14:05:30.0331 3100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:05:30.0331 3100 HDAudBus - ok
14:05:30.0331 3100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:05:30.0347 3100 HidBatt - ok
14:05:30.0347 3100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:05:30.0363 3100 HidBth - ok
14:05:30.0363 3100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:05:30.0378 3100 HidIr - ok
14:05:30.0378 3100 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:05:30.0394 3100 hidserv - ok
14:05:30.0409 3100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:05:30.0409 3100 HidUsb - ok
14:05:30.0409 3100 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:05:30.0441 3100 hkmsvc - ok
14:05:30.0456 3100 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:05:30.0456 3100 HomeGroupListener - ok
14:05:30.0472 3100 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:05:30.0487 3100 HomeGroupProvider - ok
14:05:30.0487 3100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:05:30.0503 3100 HpSAMD - ok
14:05:30.0550 3100 HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:05:30.0565 3100 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:05:30.0565 3100 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:05:30.0612 3100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:05:30.0643 3100 HTTP - ok
14:05:30.0643 3100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:05:30.0643 3100 hwpolicy - ok
14:05:30.0659 3100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:05:30.0659 3100 i8042prt - ok
14:05:30.0690 3100 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
14:05:30.0706 3100 iaStor - ok
14:05:30.0721 3100 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:05:30.0721 3100 IAStorDataMgrSvc - ok
14:05:30.0737 3100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:05:30.0753 3100 iaStorV - ok
14:05:30.0784 3100 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:05:30.0799 3100 idsvc - ok
14:05:30.0799 3100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:05:30.0815 3100 iirsp - ok
14:05:30.0846 3100 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:05:30.0877 3100 IKEEXT - ok
14:05:30.0987 3100 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
14:05:31.0018 3100 IntcAzAudAddService - ok
14:05:31.0049 3100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:05:31.0065 3100 intelide - ok
14:05:31.0065 3100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:05:31.0080 3100 intelppm - ok
14:05:31.0080 3100 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:05:31.0096 3100 IPBusEnum - ok
14:05:31.0111 3100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:05:31.0127 3100 IpFilterDriver - ok
14:05:31.0127 3100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:05:31.0143 3100 IPMIDRV - ok
14:05:31.0143 3100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:05:31.0174 3100 IPNAT - ok
14:05:31.0174 3100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:05:31.0174 3100 IRENUM - ok
14:05:31.0189 3100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:05:31.0189 3100 isapnp - ok
14:05:31.0205 3100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:05:31.0221 3100 iScsiPrt - ok
14:05:31.0221 3100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:05:31.0236 3100 kbdclass - ok
14:05:31.0236 3100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:05:31.0236 3100 kbdhid - ok
14:05:31.0252 3100 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:31.0252 3100 KeyIso - ok
14:05:31.0252 3100 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:05:31.0267 3100 KSecDD - ok
14:05:31.0283 3100 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:05:31.0283 3100 KSecPkg - ok
14:05:31.0283 3100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:05:31.0314 3100 ksthunk - ok
14:05:31.0330 3100 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:05:31.0361 3100 KtmRm - ok
14:05:31.0377 3100 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:05:31.0392 3100 LanmanServer - ok
14:05:31.0408 3100 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:05:31.0423 3100 LanmanWorkstation - ok
14:05:31.0439 3100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:05:31.0455 3100 lltdio - ok
14:05:31.0470 3100 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:05:31.0501 3100 lltdsvc - ok
14:05:31.0501 3100 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:05:31.0517 3100 lmhosts - ok
14:05:31.0533 3100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:05:31.0533 3100 LSI_FC - ok
14:05:31.0548 3100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:05:31.0548 3100 LSI_SAS - ok
14:05:31.0548 3100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:05:31.0564 3100 LSI_SAS2 - ok
14:05:31.0564 3100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:05:31.0579 3100 LSI_SCSI - ok
14:05:31.0579 3100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:05:31.0611 3100 luafv - ok
14:05:31.0611 3100 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:05:31.0611 3100 MBAMProtector - ok
14:05:31.0657 3100 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:05:31.0673 3100 MBAMService - ok
14:05:31.0673 3100 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:05:31.0689 3100 Mcx2Svc - ok
14:05:31.0704 3100 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
14:05:31.0720 3100 MDM ( UnsignedFile.Multi.Generic ) - warning
14:05:31.0720 3100 MDM - detected UnsignedFile.Multi.Generic (1)
14:05:31.0720 3100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:05:31.0720 3100 megasas - ok
14:05:31.0751 3100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:05:31.0751 3100 MegaSR - ok
14:05:31.0767 3100 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:05:31.0767 3100 MEIx64 - ok
14:05:31.0767 3100 MEMSWEEP2 - ok
14:05:31.0782 3100 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:05:31.0782 3100 Microsoft Office Groove Audit Service - ok
14:05:31.0782 3100 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:05:31.0813 3100 MMCSS - ok
14:05:31.0813 3100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:05:31.0829 3100 Modem - ok
14:05:31.0829 3100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:05:31.0845 3100 monitor - ok
14:05:31.0845 3100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:05:31.0860 3100 mouclass - ok
14:05:31.0860 3100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
14:05:31.0860 3100 mouhid - ok
14:05:31.0876 3100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:05:31.0876 3100 mountmgr - ok
14:05:31.0891 3100 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:05:31.0891 3100 MozillaMaintenance - ok
14:05:31.0907 3100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:05:31.0907 3100 mpio - ok
14:05:31.0923 3100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:05:31.0938 3100 mpsdrv - ok
14:05:31.0954 3100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:05:31.0954 3100 MRxDAV - ok
14:05:31.0969 3100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:05:31.0969 3100 mrxsmb - ok
14:05:32.0001 3100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:05:32.0001 3100 mrxsmb10 - ok
14:05:32.0016 3100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:05:32.0016 3100 mrxsmb20 - ok
14:05:32.0032 3100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:05:32.0032 3100 msahci - ok
14:05:32.0032 3100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:05:32.0047 3100 msdsm - ok
14:05:32.0063 3100 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:05:32.0063 3100 MSDTC - ok
14:05:32.0063 3100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:05:32.0094 3100 Msfs - ok
14:05:32.0094 3100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:05:32.0110 3100 mshidkmdf - ok
14:05:32.0110 3100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:05:32.0110 3100 msisadrv - ok
14:05:32.0125 3100 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:05:32.0157 3100 MSiSCSI - ok
14:05:32.0157 3100 msiserver - ok
14:05:32.0157 3100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:05:32.0172 3100 MSKSSRV - ok
14:05:32.0172 3100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:05:32.0188 3100 MSPCLOCK - ok
14:05:32.0203 3100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:05:32.0219 3100 MSPQM - ok
14:05:32.0250 3100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:05:32.0250 3100 MsRPC - ok
14:05:32.0250 3100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:05:32.0266 3100 mssmbios - ok
14:05:32.0266 3100 MSSQL$DAVID - ok
14:05:32.0266 3100 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:05:32.0281 3100 MSSQLServerADHelper - ok
14:05:32.0281 3100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:05:32.0297 3100 MSTEE - ok
14:05:32.0297 3100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:05:32.0313 3100 MTConfig - ok
14:05:32.0313 3100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:05:32.0313 3100 Mup - ok
14:05:32.0344 3100 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\drivers\mv91xx.sys
14:05:32.0344 3100 mv91xx - ok
14:05:32.0375 3100 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:05:32.0406 3100 napagent - ok
14:05:32.0422 3100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:05:32.0437 3100 NativeWifiP - ok
14:05:32.0500 3100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:05:32.0515 3100 NDIS - ok
14:05:32.0515 3100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:05:32.0547 3100 NdisCap - ok
14:05:32.0547 3100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:05:32.0562 3100 NdisTapi - ok
14:05:32.0578 3100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:05:32.0593 3100 Ndisuio - ok
14:05:32.0609 3100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:05:32.0625 3100 NdisWan - ok
14:05:32.0625 3100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:05:32.0640 3100 NDProxy - ok
14:05:32.0656 3100 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
14:05:32.0656 3100 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:05:32.0656 3100 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:05:32.0656 3100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:05:32.0671 3100 NetBIOS - ok
14:05:32.0703 3100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:05:32.0718 3100 NetBT - ok
14:05:32.0718 3100 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:32.0734 3100 Netlogon - ok
14:05:32.0749 3100 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:05:32.0781 3100 Netman - ok
14:05:32.0796 3100 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:32.0796 3100 NetMsmqActivator - ok
14:05:32.0796 3100 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:32.0812 3100 NetPipeActivator - ok
14:05:32.0843 3100 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:05:32.0859 3100 netprofm - ok
14:05:32.0859 3100 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:32.0874 3100 NetTcpActivator - ok
14:05:32.0874 3100 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:05:32.0874 3100 NetTcpPortSharing - ok
14:05:32.0890 3100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:05:32.0890 3100 nfrd960 - ok
14:05:32.0905 3100 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:05:32.0937 3100 NlaSvc - ok
14:05:32.0937 3100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:05:32.0952 3100 Npfs - ok
14:05:32.0968 3100 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:05:32.0983 3100 nsi - ok
14:05:32.0983 3100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:05:32.0999 3100 nsiproxy - ok
14:05:33.0108 3100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:05:33.0139 3100 Ntfs - ok
14:05:33.0171 3100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:05:33.0202 3100 Null - ok
14:05:33.0202 3100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:05:33.0217 3100 nvraid - ok
14:05:33.0233 3100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:05:33.0233 3100 nvstor - ok
14:05:33.0249 3100 nvsvc (97f1a24ac0255c6e0a075c9cc772784a) C:\Windows\system32\nvvsvc.exe
14:05:33.0249 3100 nvsvc - ok
14:05:33.0264 3100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:05:33.0264 3100 nv_agp - ok
14:05:33.0295 3100 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:05:33.0311 3100 odserv - ok
14:05:33.0311 3100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:05:33.0327 3100 ohci1394 - ok
14:05:33.0342 3100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:05:33.0342 3100 ose - ok
14:05:33.0545 3100 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:05:33.0623 3100 osppsvc - ok
14:05:33.0670 3100 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:05:33.0670 3100 p2pimsvc - ok
14:05:33.0701 3100 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:05:33.0717 3100 p2psvc - ok
14:05:33.0717 3100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:05:33.0732 3100 Parport - ok
14:05:33.0732 3100 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:05:33.0732 3100 partmgr - ok
14:05:33.0748 3100 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:05:33.0763 3100 PcaSvc - ok
14:05:33.0779 3100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:05:33.0795 3100 pci - ok
14:05:33.0795 3100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:05:33.0795 3100 pciide - ok
14:05:33.0810 3100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:05:33.0810 3100 pcmcia - ok
14:05:33.0826 3100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:05:33.0826 3100 pcw - ok
14:05:33.0873 3100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:05:33.0904 3100 PEAUTH - ok
14:05:33.0951 3100 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:05:33.0982 3100 PeerDistSvc - ok
14:05:34.0013 3100 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:05:34.0013 3100 PerfHost - ok
14:05:34.0138 3100 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:05:34.0169 3100 pla - ok
14:05:34.0200 3100 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:05:34.0200 3100 PlugPlay - ok
14:05:34.0216 3100 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
14:05:34.0216 3100 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:05:34.0216 3100 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:05:34.0216 3100 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:05:34.0231 3100 PNRPAutoReg - ok
14:05:34.0247 3100 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:05:34.0263 3100 PNRPsvc - ok
14:05:34.0278 3100 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:05:34.0309 3100 PolicyAgent - ok
14:05:34.0325 3100 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:05:34.0341 3100 Power - ok
14:05:34.0356 3100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:05:34.0372 3100 PptpMiniport - ok
14:05:34.0387 3100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:05:34.0387 3100 Processor - ok
14:05:34.0403 3100 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:05:34.0419 3100 ProfSvc - ok
14:05:34.0434 3100 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:34.0434 3100 ProtectedStorage - ok
14:05:34.0450 3100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:05:34.0465 3100 Psched - ok
14:05:34.0481 3100 PSI_SVC_2 (0b6dea0a1662cab8f2bf339dc0752ef4) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:05:34.0497 3100 PSI_SVC_2 - ok
14:05:34.0497 3100 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys
14:05:34.0497 3100 PxHlpa64 - ok
14:05:34.0559 3100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:05:34.0575 3100 ql2300 - ok
14:05:34.0621 3100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:05:34.0621 3100 ql40xx - ok
14:05:34.0637 3100 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:05:34.0653 3100 QWAVE - ok
14:05:34.0653 3100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:05:34.0668 3100 QWAVEdrv - ok
14:05:34.0668 3100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:05:34.0684 3100 RasAcd - ok
14:05:34.0699 3100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:05:34.0715 3100 RasAgileVpn - ok
14:05:34.0715 3100 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:05:34.0746 3100 RasAuto - ok
14:05:34.0762 3100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:05:34.0777 3100 Rasl2tp - ok
14:05:34.0793 3100 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:05:34.0809 3100 RasMan - ok
14:05:34.0824 3100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:05:34.0840 3100 RasPppoe - ok
14:05:34.0855 3100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:05:34.0871 3100 RasSstp - ok
14:05:34.0887 3100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:05:34.0918 3100 rdbss - ok
14:05:34.0918 3100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:05:34.0918 3100 rdpbus - ok
14:05:34.0933 3100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:05:34.0949 3100 RDPCDD - ok
14:05:34.0965 3100 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:05:34.0965 3100 RDPDR - ok
14:05:34.0965 3100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:05:34.0996 3100 RDPENCDD - ok
14:05:34.0996 3100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:05:35.0011 3100 RDPREFMP - ok
14:05:35.0027 3100 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:05:35.0027 3100 RDPWD - ok
14:05:35.0043 3100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:05:35.0058 3100 rdyboost - ok
14:05:35.0058 3100 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:05:35.0089 3100 RemoteAccess - ok
14:05:35.0105 3100 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:05:35.0121 3100 RemoteRegistry - ok
14:05:35.0121 3100 RimUsb - ok
14:05:35.0121 3100 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:05:35.0152 3100 RpcEptMapper - ok
14:05:35.0152 3100 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:05:35.0152 3100 RpcLocator - ok
14:05:35.0183 3100 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:05:35.0199 3100 RpcSs - ok
14:05:35.0199 3100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:05:35.0230 3100 rspndr - ok
14:05:35.0261 3100 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:05:35.0261 3100 RTL8167 - ok
14:05:35.0261 3100 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:05:35.0277 3100 s3cap - ok
14:05:35.0277 3100 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:35.0277 3100 SamSs - ok
14:05:35.0277 3100 SAVRKBootTasks - ok
14:05:35.0292 3100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:05:35.0292 3100 sbp2port - ok
14:05:35.0308 3100 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:05:35.0323 3100 SCardSvr - ok
14:05:35.0339 3100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:05:35.0355 3100 scfilter - ok
14:05:35.0417 3100 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:05:35.0448 3100 Schedule - ok
14:05:35.0464 3100 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:05:35.0479 3100 SCPolicySvc - ok
14:05:35.0495 3100 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:05:35.0495 3100 SDRSVC - ok
14:05:35.0511 3100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:05:35.0526 3100 secdrv - ok
14:05:35.0526 3100 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:05:35.0542 3100 seclogon - ok
14:05:35.0557 3100 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:05:35.0573 3100 SENS - ok
14:05:35.0573 3100 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:05:35.0589 3100 SensrSvc - ok
14:05:35.0589 3100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:05:35.0589 3100 Serenum - ok
14:05:35.0604 3100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:05:35.0604 3100 Serial - ok
14:05:35.0620 3100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:05:35.0620 3100 sermouse - ok
14:05:35.0635 3100 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:05:35.0651 3100 SessionEnv - ok
14:05:35.0651 3100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:05:35.0667 3100 sffdisk - ok
14:05:35.0667 3100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:05:35.0667 3100 sffp_mmc - ok
14:05:35.0667 3100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:05:35.0682 3100 sffp_sd - ok
14:05:35.0682 3100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:05:35.0682 3100 sfloppy - ok
14:05:35.0713 3100 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:05:35.0729 3100 ShellHWDetection - ok
14:05:35.0745 3100 silabenm (75f3c451d41b35089e92d368ee190aca) C:\Windows\system32\DRIVERS\silabenm.sys
14:05:35.0745 3100 silabenm - ok
14:05:35.0745 3100 silabser (b816d865910e8f5b7e12d593ec584d91) C:\Windows\system32\DRIVERS\silabser.sys
14:05:35.0760 3100 silabser - ok
14:05:35.0760 3100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:05:35.0760 3100 SiSRaid2 - ok
14:05:35.0776 3100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:05:35.0776 3100 SiSRaid4 - ok
14:05:35.0791 3100 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:05:35.0807 3100 SkypeUpdate - ok
14:05:35.0807 3100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:05:35.0823 3100 Smb - ok
14:05:35.0838 3100 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:05:35.0838 3100 SNMPTRAP - ok
14:05:35.0838 3100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:05:35.0854 3100 spldr - ok
14:05:35.0885 3100 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:05:35.0916 3100 Spooler - ok
14:05:36.0135 3100 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:05:36.0181 3100 sppsvc - ok
14:05:36.0213 3100 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:05:36.0244 3100 sppuinotify - ok
14:05:36.0244 3100 sptd - ok
14:05:36.0259 3100 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:05:36.0259 3100 SQLBrowser - ok
14:05:36.0291 3100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:05:36.0306 3100 srv - ok
14:05:36.0322 3100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:05:36.0337 3100 srv2 - ok
14:05:36.0353 3100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:05:36.0353 3100 srvnet - ok
14:05:36.0369 3100 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:05:36.0384 3100 SSDPSRV - ok
14:05:36.0400 3100 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:05:36.0415 3100 SstpSvc - ok
14:05:36.0431 3100 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
14:05:36.0431 3100 ssudmdm - ok
14:05:36.0447 3100 Stereo Service (6a36a1ce6e6c71559569a965183ff612) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:05:36.0447 3100 Stereo Service - ok
14:05:36.0462 3100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:05:36.0462 3100 stexstor - ok
14:05:36.0462 3100 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:05:36.0478 3100 StillCam - ok
14:05:36.0493 3100 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:05:36.0509 3100 stisvc - ok
14:05:36.0525 3100 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:05:36.0525 3100 storflt - ok
14:05:36.0525 3100 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:05:36.0540 3100 StorSvc - ok
14:05:36.0540 3100 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:05:36.0540 3100 storvsc - ok
14:05:36.0540 3100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:05:36.0556 3100 swenum - ok
14:05:36.0571 3100 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:05:36.0587 3100 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:05:36.0587 3100 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:05:36.0603 3100 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:05:36.0665 3100 swprv - ok
14:05:36.0759 3100 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:05:36.0790 3100 SysMain - ok
14:05:36.0837 3100 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:05:36.0837 3100 TabletInputService - ok
14:05:36.0852 3100 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:05:36.0883 3100 TapiSrv - ok
14:05:36.0883 3100 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:05:36.0915 3100 TBS - ok
14:05:36.0977 3100 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:05:37.0008 3100 Tcpip - ok
14:05:37.0102 3100 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:05:37.0117 3100 TCPIP6 - ok
14:05:37.0149 3100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:05:37.0164 3100 tcpipreg - ok
14:05:37.0180 3100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:05:37.0180 3100 TDPIPE - ok
14:05:37.0242 3100 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
14:05:37.0258 3100 tdrpman258 - ok
14:05:37.0289 3100 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:05:37.0289 3100 TDTCP - ok
14:05:37.0305 3100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:05:37.0320 3100 tdx - ok
14:05:37.0336 3100 TeamViewer5 (213723e1a736910c644b457de6d095e2) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
14:05:37.0351 3100 TeamViewer5 - ok
14:05:37.0351 3100 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:05:37.0351 3100 teamviewervpn - ok
14:05:37.0367 3100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:05:37.0367 3100 TermDD - ok
14:05:37.0398 3100 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:05:37.0414 3100 TermService - ok
14:05:37.0429 3100 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:05:37.0429 3100 Themes - ok
14:05:37.0445 3100 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:05:37.0461 3100 THREADORDER - ok
14:05:37.0461 3100 tmactmon (ba4030f56aacecd0e6d413565b4aed75) C:\Windows\system32\DRIVERS\tmactmon.sys
14:05:37.0476 3100 tmactmon - ok
14:05:37.0492 3100 tmcomm (ed866799ca62626341632da9edecfd04) C:\Windows\system32\DRIVERS\tmcomm.sys
14:05:37.0492 3100 tmcomm - ok
14:05:37.0492 3100 tmevtmgr (84fb4b5c8dcd78163c440431fef3e096) C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:05:37.0507 3100 tmevtmgr - ok
14:05:37.0539 3100 TmListen (14aad1604c9386899485758c05a1757e) C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
14:05:37.0554 3100 TmListen - ok
14:05:37.0570 3100 tmtdi (77b9bebb0769f45ef770297196ef3506) C:\Windows\system32\DRIVERS\tmtdi.sys
14:05:37.0570 3100 tmtdi - ok
14:05:37.0585 3100 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:05:37.0601 3100 TrkWks - ok
14:05:37.0617 3100 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:05:37.0632 3100 TrustedInstaller - ok
14:05:37.0648 3100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:05:37.0663 3100 tssecsrv - ok
14:05:37.0663 3100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:05:37.0679 3100 TsUsbFlt - ok
14:05:37.0679 3100 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:05:37.0679 3100 TsUsbGD - ok
14:05:37.0819 3100 TuneUp.UtilitiesSvc (6ad9517c083d88bde53dc9f5ead8a0d9) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
14:05:37.0835 3100 TuneUp.UtilitiesSvc - ok
14:05:37.0851 3100 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
14:05:37.0851 3100 TuneUpUtilitiesDrv - ok
14:05:37.0897 3100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:05:37.0913 3100 tunnel - ok
14:05:37.0913 3100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:05:37.0929 3100 uagp35 - ok
14:05:37.0944 3100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:05:37.0960 3100 udfs - ok
14:05:37.0975 3100 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:05:37.0975 3100 UI0Detect - ok
14:05:37.0991 3100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:05:37.0991 3100 uliagpkx - ok
14:05:37.0991 3100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:05:38.0007 3100 umbus - ok
14:05:38.0007 3100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:05:38.0007 3100 UmPass - ok
14:05:38.0022 3100 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:05:38.0038 3100 UmRdpService - ok
14:05:38.0053 3100 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:05:38.0069 3100 upnphost - ok
14:05:38.0085 3100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:05:38.0085 3100 usbccgp - ok
14:05:38.0100 3100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:05:38.0100 3100 usbcir - ok
14:05:38.0116 3100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:05:38.0116 3100 usbehci - ok
14:05:38.0131 3100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:05:38.0147 3100 usbhub - ok
14:05:38.0147 3100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:05:38.0163 3100 usbohci - ok
14:05:38.0163 3100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:05:38.0163 3100 usbprint - ok
14:05:38.0178 3100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:05:38.0178 3100 USBSTOR - ok
14:05:38.0194 3100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:05:38.0194 3100 usbuhci - ok
14:05:38.0194 3100 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:05:38.0209 3100 UxSms - ok
14:05:38.0225 3100 UxTuneUp (69af1428fe0e790f31cc2f10483b40c9) C:\Windows\System32\uxtuneup.dll
14:05:38.0225 3100 UxTuneUp - ok
14:05:38.0225 3100 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:05:38.0241 3100 VaultSvc - ok
14:05:38.0241 3100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:05:38.0241 3100 vdrvroot - ok
14:05:38.0256 3100 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:05:38.0287 3100 vds - ok
14:05:38.0287 3100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:05:38.0303 3100 vga - ok
14:05:38.0303 3100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:05:38.0319 3100 VgaSave - ok
14:05:38.0334 3100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:05:38.0350 3100 vhdmp - ok
14:05:38.0350 3100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:05:38.0350 3100 viaide - ok
14:05:38.0365 3100 VMAuthdService (94cf2d157c8fd9089afa5da78aa64c65) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
14:05:38.0365 3100 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
14:05:38.0365 3100 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
14:05:38.0381 3100 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:05:38.0381 3100 vmbus - ok
14:05:38.0397 3100 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:05:38.0397 3100 VMBusHID - ok
14:05:38.0412 3100 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
14:05:38.0412 3100 vmci - ok
14:05:38.0412 3100 VMnetAdapter - ok
14:05:38.0412 3100 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
14:05:38.0428 3100 VMnetBridge - ok
14:05:38.0428 3100 VMnetDHCP - ok
14:05:38.0428 3100 VMnetuserif (ec9456d3e0e194d67d7430c7ab4eab2c) C:\Windows\system32\drivers\vmnetuserif.sys
14:05:38.0428 3100 VMnetuserif - ok
14:05:38.0475 3100 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
14:05:38.0490 3100 VMUSBArbService - ok
14:05:38.0490 3100 VMware NAT Service - ok
14:05:38.0865 3100 VMwareHostd (8c01ae115e9e6806a25a9b5136fd6fc0) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
14:05:38.0958 3100 VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
14:05:38.0958 3100 VMwareHostd - detected UnsignedFile.Multi.Generic (1)
14:05:38.0989 3100 vmx86 (940933def15495d50dc1232e28c70b48) C:\Windows\system32\drivers\vmx86.sys
14:05:38.0989 3100 vmx86 - ok
14:05:38.0989 3100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:05:39.0005 3100 volmgr - ok
14:05:39.0036 3100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:05:39.0036 3100 volmgrx - ok
14:05:39.0067 3100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:05:39.0067 3100 volsnap - ok
14:05:39.0083 3100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:05:39.0083 3100 vsmraid - ok
14:05:39.0145 3100 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:05:39.0177 3100 VSS - ok
14:05:39.0208 3100 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
14:05:39.0223 3100 vstor2-mntapi10-shared - ok
14:05:39.0255 3100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:05:39.0255 3100 vwifibus - ok
14:05:39.0286 3100 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:05:39.0317 3100 W32Time - ok
14:05:39.0317 3100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:05:39.0333 3100 WacomPen - ok
14:05:39.0333 3100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:05:39.0348 3100 WANARP - ok
14:05:39.0364 3100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:05:39.0379 3100 Wanarpv6 - ok
14:05:39.0426 3100 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:05:39.0457 3100 WatAdminSvc - ok
14:05:39.0520 3100 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:05:39.0535 3100 wbengine - ok
14:05:39.0582 3100 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:05:39.0582 3100 WbioSrvc - ok
14:05:39.0598 3100 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:05:39.0613 3100 wcncsvc - ok
14:05:39.0629 3100 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:05:39.0629 3100 WcsPlugInService - ok
14:05:39.0645 3100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:05:39.0645 3100 Wd - ok
14:05:39.0691 3100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:05:39.0707 3100 Wdf01000 - ok
14:05:39.0707 3100 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:05:39.0723 3100 WdiServiceHost - ok
14:05:39.0723 3100 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:05:39.0738 3100 WdiSystemHost - ok
14:05:39.0754 3100 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:05:39.0769 3100 WebClient - ok
14:05:39.0769 3100 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:05:39.0801 3100 Wecsvc - ok
14:05:39.0801 3100 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:05:39.0832 3100 wercplsupport - ok
14:05:39.0832 3100 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:05:39.0847 3100 WerSvc - ok
14:05:39.0863 3100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:05:39.0879 3100 WfpLwf - ok
14:05:39.0879 3100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:05:39.0894 3100 WIMMount - ok
14:05:39.0910 3100 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:05:39.0941 3100 Winmgmt - ok
14:05:40.0035 3100 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:05:40.0066 3100 WinRM - ok
14:05:40.0113 3100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:05:40.0128 3100 WinUsb - ok
14:05:40.0175 3100 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:05:40.0191 3100 Wlansvc - ok
14:05:40.0191 3100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:05:40.0191 3100 WmiAcpi - ok
14:05:40.0222 3100 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:05:40.0222 3100 wmiApSrv - ok
14:05:40.0237 3100 WMPNetworkSvc - ok
14:05:40.0237 3100 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:05:40.0237 3100 WPCSvc - ok
14:05:40.0253 3100 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:05:40.0253 3100 WPDBusEnum - ok
14:05:40.0253 3100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:05:40.0284 3100 ws2ifsl - ok
14:05:40.0284 3100 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:05:40.0300 3100 wscsvc - ok
14:05:40.0300 3100 WSearch - ok
14:05:40.0315 3100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:05:40.0331 3100 WudfPf - ok
14:05:40.0347 3100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:05:40.0362 3100 WUDFRd - ok
14:05:40.0362 3100 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:05:40.0393 3100 wudfsvc - ok
14:05:40.0409 3100 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:05:40.0425 3100 WwanSvc - ok
14:05:40.0425 3100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:05:40.0534 3100 \Device\Harddisk0\DR0 - ok
14:05:40.0534 3100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:05:40.0643 3100 \Device\Harddisk1\DR1 - ok
14:05:40.0643 3100 Boot (0x1200) (14b71b7dadc4d16655b2d5af1bee8784) \Device\Harddisk0\DR0\Partition0
14:05:40.0643 3100 \Device\Harddisk0\DR0\Partition0 - ok
14:05:40.0643 3100 Boot (0x1200) (2f83157ee79d0d973fabfdadfb5e14d5) \Device\Harddisk1\DR1\Partition0
14:05:40.0643 3100 \Device\Harddisk1\DR1\Partition0 - ok
14:05:40.0643 3100 ============================================================
14:05:40.0643 3100 Scan finished
14:05:40.0643 3100 ============================================================
14:05:40.0643 3956 Detected object count: 7
14:05:40.0643 3956 Actual detected object count: 7
14:05:51.0204 3956 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0204 3956 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:05:51.0204 3956 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0204 3956 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:05:51.0204 3956 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0204 3956 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:05:51.0204 3956 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0204 3956 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:05:51.0220 3956 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0220 3956 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:05:51.0220 3956 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0220 3956 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:05:51.0220 3956 VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
14:05:51.0220 3956 VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.07.2012, 14:11
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Befall C:\Windows\Installer Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2012, 08:59
| #21 |
| | Rootkit Befall C:\Windows\Installer Hier der Log vom Kombo Fix Was mir jetzt auffällt ist dass meine Desktop Icons sich in letzter zeit nicht verschieben haben lassen nach jedem neustart oder aktualisierung via F5 waren alle icon links am Bild Sortiert. Jetzt nach dem Combofix sind die Icons so wie ich sie mal angeordnet habe Code:
ATTFilter ComboFix 12-07-11.03 - user 12.07.2012 9:40.1.4 - x64
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\tmp\U
c:\windows\SysWow64\drivers\str.sys
c:\windows\SysWow64\muzapp.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-12 bis 2012-07-12 ))))))))))))))))))))))))))))))
.
.
2012-07-12 07:42 . 2012-07-12 07:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-10 09:59 . 2012-07-10 09:59 -------- d-----w- C:\_OTL
2012-07-09 12:11 . 2012-07-09 12:11 -------- d-----w- c:\program files (x86)\JPEG Recovery Pro
2012-07-06 08:15 . 2012-07-06 08:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 08:15 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 06:41 . 2012-06-27 06:41 -------- d-----w- c:\program files (x86)\Audacity
2012-06-22 06:50 . 2012-06-22 07:06 -------- d-----w- c:\program files (x86)\MozBackup
2012-06-22 06:38 . 2012-07-12 07:43 -------- d-----w- c:\users\user
2012-06-22 06:19 . 2012-06-22 06:19 -------- d-----w- c:\users\Administrator
2012-06-20 07:44 . 2009-06-18 10:55 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-06-19 08:25 . 2012-06-19 08:25 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2012-06-15 07:15 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\Sophos
2012-06-15 06:39 . 2012-06-15 06:39 251488 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-06-15 06:39 . 2012-06-15 06:39 1477728 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2012-06-13 06:25 . 2012-06-13 06:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 06:25 . 2012-06-13 06:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 14:41 . 2012-06-12 14:41 -------- d-----w- c:\programdata\IObit
2012-06-12 14:41 . 2012-06-12 14:41 -------- d-----w- c:\program files (x86)\IObit
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 14:16 . 2011-03-02 08:59 4354048 ----a-w- c:\windows\DVAPI32.DLL
2012-06-18 14:56 . 2011-03-02 08:59 9611264 ----a-w- c:\windows\TOBITCLT.DLL
2012-06-14 06:17 . 2012-04-03 06:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 06:17 . 2011-05-18 08:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-30 18:56 . 2012-06-06 13:31 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-04-30 18:56 . 2012-06-06 13:31 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-04-30 18:56 . 2012-06-06 13:31 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-04-30 18:56 . 2012-06-06 13:31 433264 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-04-30 18:54 . 2012-06-06 13:31 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-04-30 16:26 . 2012-04-30 16:26 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-04-30 15:22 . 2012-04-30 15:22 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-04-30 15:22 . 2012-04-30 15:22 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 15:22 . 2012-04-30 15:22 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-16 107000]
"Second Copy"="c:\program files (x86)\SecCopy\SecCopy.exe" [2008-12-22 2794496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"DV4TS.EXE"="c:\windows\system32\DV4TS.EXE" [2011-10-21 193536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2011-10-10 7101952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DV4TS.EXE"=c:\windows\system32\DV4TS.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ctietfjaipsz;ctietfjaipsz;c:\users\user\AppData\Local\Temp\DAT1BE9.tmp.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-15 251488]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\738.tmp [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-24 52224]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-24 72192]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 mv91xx;mv91xx;c:\windows\System32\drivers\mv91xx.sys [2011-04-26 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2012-06-15 1477728]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-19 202752]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 MSSQL$DAVID;SQL Server (DAVID);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-02-25 69904]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-04-30 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-19 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-19 186880]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-15 121832]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-15 364520]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - IPNAT
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-26 204584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bw8mt4vh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\738.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7f,ff,79,e5,06,3f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}]
@Denied: (Full) (Administrators)
@Denied: (Full) (Owner)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Administrators)
@Denied: (Full) (Users)
@="CLSID_SearchFolder"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-12 09:45:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-12 07:45
.
Vor Suchlauf: 11 Verzeichnis(se), 56.103.964.672 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 55.943.475.200 Bytes frei
.
- - End Of File - - 3F9CD111A8153917A28381959593D719
Geändert von f6user (12.07.2012 um 09:16 Uhr) |
|
12.07.2012, 10:56
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Befall C:\Windows\Installer Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Firefox::
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bw8mt4vh.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
File::
c:\users\user\AppData\Local\Temp\DAT1BE9.tmp.exe
c:\windows\system32\738.tmp
Driver::
ctietfjaipsz
MEMSWEEP2
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2012, 13:38
| #23 |
| | Rootkit Befall C:\Windows\Installer Combofix Logfile: Code:
ATTFilter ComboFix 12-07-12.02 - user 12.07.2012 14:24:45.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6125.4411 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\MALWARE_Tools\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\user\Desktop\CFScript.txt
AV: Trend Micro Security Agent *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\user\AppData\Local\Temp\DAT1BE9.tmp.exe"
"c:\windows\system32\738.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ctietfjaipsz
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-12 bis 2012-07-12 ))))))))))))))))))))))))))))))
.
.
2012-07-12 12:27 . 2012-07-12 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 07:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-12 07:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-12 07:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-12 07:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-12 07:46 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-12 07:46 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-12 07:46 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-12 07:46 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-12 07:46 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-10 09:59 . 2012-07-10 09:59 -------- d-----w- C:\_OTL
2012-07-09 12:11 . 2012-07-09 12:11 -------- d-----w- c:\program files (x86)\JPEG Recovery Pro
2012-07-06 08:15 . 2012-07-06 08:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 08:15 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 06:41 . 2012-06-27 06:41 -------- d-----w- c:\program files (x86)\Audacity
2012-06-22 06:50 . 2012-06-22 07:06 -------- d-----w- c:\program files (x86)\MozBackup
2012-06-22 06:38 . 2012-07-12 07:55 -------- d-----w- c:\users\user
2012-06-22 06:19 . 2012-06-22 06:19 -------- d-----w- c:\users\Administrator
2012-06-20 07:44 . 2009-06-18 10:55 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-06-19 08:25 . 2012-06-19 08:25 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2012-06-15 07:15 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\Sophos
2012-06-15 06:39 . 2012-06-15 06:39 251488 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-06-15 06:39 . 2012-06-15 06:39 1477728 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2012-06-13 06:25 . 2012-06-13 06:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 06:25 . 2012-06-13 06:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 14:41 . 2012-06-12 14:41 -------- d-----w- c:\programdata\IObit
2012-06-12 14:41 . 2012-06-12 14:41 -------- d-----w- c:\program files (x86)\IObit
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 14:16 . 2011-03-02 08:59 4354048 ----a-w- c:\windows\DVAPI32.DLL
2012-06-18 14:56 . 2011-03-02 08:59 9611264 ----a-w- c:\windows\TOBITCLT.DLL
2012-06-14 06:17 . 2012-04-03 06:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 06:17 . 2011-05-18 08:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-30 18:56 . 2012-06-06 13:31 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-04-30 18:56 . 2012-06-06 13:31 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-04-30 18:56 . 2012-06-06 13:31 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-04-30 18:56 . 2012-06-06 13:31 433264 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-04-30 18:54 . 2012-06-06 13:31 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-04-30 16:26 . 2012-04-30 16:26 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-04-30 15:22 . 2012-04-30 15:22 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-04-30 15:22 . 2012-04-30 15:22 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-04-30 15:22 . 2012-04-30 15:22 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-12_07.43.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-12 07:56 44558 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-12 07:56 40536 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-07 06:44 . 2011-02-25 10:09 69904 c:\windows\system32\drivers\tmevtmgr.sys
+ 2012-05-07 06:44 . 2011-06-23 09:34 69904 c:\windows\system32\drivers\tmevtmgr.sys
+ 2012-05-07 06:44 . 2011-06-23 09:34 90896 c:\windows\system32\drivers\tmactmon.sys
- 2012-05-07 06:44 . 2011-02-25 10:10 90896 c:\windows\system32\drivers\tmactmon.sys
+ 2012-06-02 13:19 . 2012-06-02 13:19 79232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2011-10-05 11:24 . 2012-07-12 07:56 9028 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4097306890-2138770997-1041978500-1118_UserData.bin
+ 2012-07-12 12:27 . 2012-07-12 12:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-12 07:43 . 2012-07-12 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-12 08:03 715792 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-21 13:09 715792 c:\windows\system32\perfh009.dat
+ 2010-11-21 06:50 . 2012-07-12 08:03 761080 c:\windows\system32\perfh007.dat
- 2010-11-21 06:50 . 2012-06-21 13:09 761080 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-07-12 08:03 144164 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-21 13:09 144164 c:\windows\system32\perfc009.dat
- 2010-11-21 06:50 . 2012-06-21 13:09 171376 c:\windows\system32\perfc007.dat
+ 2010-11-21 06:50 . 2012-07-12 08:03 171376 c:\windows\system32\perfc007.dat
- 2012-05-07 06:44 . 2011-02-25 10:09 146192 c:\windows\system32\drivers\tmcomm.sys
+ 2012-05-07 06:44 . 2011-06-23 09:34 146192 c:\windows\system32\drivers\tmcomm.sys
+ 2009-07-14 04:46 . 2012-07-12 07:57 109704 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-07-12 12:27 966952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-12 07:42 966952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-07-12 07:57 7584621 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-15 06:42 7584621 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-07-10 11:49 . 2012-07-12 12:27 2518424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4097306890-2138770997-1041978500-1118-8192.dat
+ 2009-07-14 02:34 . 2012-07-12 07:54 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-05-09 09:06 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-11-22 20:53 . 2011-11-22 20:53 12086784 c:\windows\Installer\214c12.msi
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-16 107000]
"Second Copy"="c:\program files (x86)\SecCopy\SecCopy.exe" [2008-12-22 2794496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"DV4TS.EXE"="c:\windows\system32\DV4TS.EXE" [2011-10-21 193536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2011-10-10 7101952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DV4TS.EXE"=c:\windows\system32\DV4TS.EXE
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-15 251488]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-24 52224]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-24 72192]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 mv91xx;mv91xx;c:\windows\System32\drivers\mv91xx.sys [2011-04-26 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2012-06-15 1477728]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-19 202752]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 MSSQL$DAVID;SQL Server (DAVID);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-06-23 69904]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-04-30 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-19 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-19 186880]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-15 121832]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-15 364520]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-17 219480]
"combofix"="c:\combofix\CF342.3XE" [2010-11-21 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bw8mt4vh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7f,ff,79,e5,06,3f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}]
@Denied: (Full) (Administrators)
@Denied: (Full) (Owner)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Administrators)
@Denied: (Full) (Users)
@="CLSID_SearchFolder"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-12 14:29:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-12 12:29
ComboFix2.txt 2012-07-12 07:45
.
Vor Suchlauf: 17 Verzeichnis(se), 55.199.891.456 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 54.914.842.624 Bytes frei
.
- - End Of File - - 13F212861F80BA9E01BA3CB852DDECA6
|
|
12.07.2012, 14:57
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Befall C:\Windows\Installer Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2012, 15:40
| #25 |
| | Rootkit Befall C:\Windows\Installer GMER hatt abgeschlossen ohne Funde OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:29:54 on 12.07.2012 OS: Windows 7 Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Try&Decide and Restore Points filter (build 258)" (tdrpman258) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm258.sys "adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys "afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys "BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb_AMD64.sys (File not found) "Boot Tasks Driver" (SAVRKBootTasks) - ? - C:\Windows\system32\SAVRKBootTasks.sys (File not found) "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys (File not found) "tmactmon" (tmactmon) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmactmon.sys "tmcomm" (tmcomm) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmcomm.sys "tmevtmgr" (tmevtmgr) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmevtmgr.sys "Trend Micro TDI Driver" (tmtdi) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmtdi.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys "VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys "VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys "VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\Windows\System32\DRIVERS\vmnetadapter.sys (File not found) "VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\drivers\vmx86.sys "Vstor2 MntApi 1.0 Driver (shared)" (vstor2-mntapi10-shared) - "VMware, Inc." - C:\Windows\SysWOW64\drivers\vstor2-mntapi10-shared.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {8EF5DC20-419C-4E43-A088-DE5B5625CA47} "{8EF5DC20-419C-4E43-A088-DE5B5625CA47}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll {0B37915C-8B98-4B9E-80D4-464D2C830D10} "TBProtocol Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll {0E526CB5-7446-41D1-A403-19BFE95E8C23} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\SDShelEx-win32.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&RoboForm" - "Siber Systems Inc." - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {0D41B8C5-2599-4893-8183-00195EC8D5F9} "asusTek_sysctrl Class" - ? - C:\Windows\DOWNLO~1\asusTek_sys_ctrl.dll / hxxp://support.asus.de/common/asusTek_sys_ctrl.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} "Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00" - "Pegasus Software, LLC." - C:\Windows\SysWOW64\IMW32O40.OCX / hxxp://192.168.13.150/LNetCam.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? - (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&RoboForm" - "Siber Systems Inc." - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL {F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll {1CA1377B-DC1D-4A52-9585-6E06050FAC53} "TmIEPlugInBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {724d43a9-0d85-11d4-9908-00400523e39a} "{724d43a9-0d85-11d4-9908-00400523e39a}" - "Siber Systems Inc." - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "TK-Suite Client.lnk" - "AGFEO " - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RoboForm" - "Siber Systems" - "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" "Second Copy" - "Centered Systems" - "C:\Program Files (x86)\SecCopy\SecCopy.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "DV4TS.EXE" - ? - c:\windows\system32\DV4TS.EXE (File not found) "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Fax-Image Monitor" - "Tobit Software" - C:\Windows\faximgmo.dll "FaxWare Monitor" - "Tobit Software" - C:\Windows\faxwarmo.dll "KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJL64.DLL "Tobit Color Monitor" - ? - C:\Windows\IMGMSGMO.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "SQL Server (DAVID)" (MSSQL$DAVID) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe "Trend Micro Security Agent Communicator" (TmListen) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Security Agent\tmlisten.exe "Trend Micro Solution Platform" (Amsp) - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe "VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe "VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe "VMware Workstation Server" (VMwareHostd) - ? - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "VMCI sockets DGRAM" - "VMware, Inc." - C:\Windows\system32\vsocklib.dll "VMCI sockets STREAM" - "VMware, Inc." - C:\Windows\system32\vsocklib.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/CODE] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 16:37:20
-----------------------------
16:37:20.231 OS Version: Windows x64 6.1.7601 Service Pack 1
16:37:20.232 Number of processors: 4 586 0x2A07
16:37:20.232 ComputerName: PCUSER UserName: user
16:37:20.510 Initialize success
16:37:23.250 AVAST engine defs: 12071200
16:37:28.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:37:28.589 Disk 0 Vendor: OCZ-VERT 1.35 Size: 109704MB BusType: 3
16:37:28.590 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:37:28.591 Disk 1 Vendor: ST350041 CC44 Size: 476940MB BusType: 3
16:37:28.596 Disk 0 MBR read successfully
16:37:28.598 Disk 0 MBR scan
16:37:28.600 Disk 0 Windows 7 default MBR code
16:37:28.602 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 109701 MB offset 63
16:37:28.609 Disk 0 scanning C:\Windows\system32\drivers
16:37:31.944 Service scanning
16:37:38.520 Modules scanning
16:37:38.524 Disk 0 trace - called modules:
16:37:38.528 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:37:38.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008806060]
16:37:38.533 3 CLASSPNP.SYS[fffff88001fa043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f87050]
16:37:38.535 Scan finished successfully
16:38:09.899 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
16:38:09.902 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
|
|
12.07.2012, 18:09
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Befall C:\Windows\Installer Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 10:37
| #27 |
| | Rootkit Befall C:\Windows\Installer Ich habe jetzt auf der C partition Ordner wie _OTL und Qoodox was kann ich jetzt mit diesen ordnern machen kann ich die Löschen oder wie soll ich damit umgehen? Malwarebytes hatt nichts gefunden hier der Log vom SuperAntiSpyware Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/13/2012 at 10:57 AM
Application Version : 5.5.1006
Core Rules Database Version : 8894
Trace Rules Database Version: 6706
Scan type : Complete Scan
Total Scan Time : 01:26:22
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 621
Memory threats detected : 0
Registry items scanned : 72370
Registry threats detected : 0
File items scanned : 419486
File threats detected : 5
Adware.Tracking Cookie
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KYSVSN0G.txt [ /doubleclick.net ]
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KWNXWQ1C.txt [ /xiti.com ]
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WFR4QXAM.txt [ /de.sitestat.com ]
C:\USERS\user\Cookies\KWNXWQ1C.txt [ Cookie:user@xiti.com/ ]
C:\USERS\user\Cookies\WFR4QXAM.txt [ Cookie:user@de.sitestat.com/idgcom-de/channelpartner/ ]
|
|
13.07.2012, 20:26
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Befall C:\Windows\Installer Das Log von Malwarebytes will ich trotzdem sehen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2012, 08:02
| #29 |
| | Rootkit Befall C:\Windows\Installer ok kein problem habs nochmal durchlaufen lassen Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 user :: PCUSER [Administrator] 16.07.2012 08:23:17 mbam-log-2012-07-16 (08-23-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 428439 Laufzeit: 37 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
16.07.2012, 16:06
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Befall C:\Windows\Installer Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Rootkit Befall C:\Windows\Installer |
| 800000cb.@, abgebrochen, anti-malware, autostart, befall, c:\windows, code, dateien, escan, explorer, free, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, hook, iexplore.exe, micro, online, quarantäne, rootkit, service, speicher, trend, trojan, version, win7, windows |
Linear-Darstellung
