Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspicious processes and other various problems


  • This topic is locked This topic is locked
34 replies to this topic

#1 madarivi

madarivi

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 02 May 2012 - 12:04 PM

I first noticed problems with windows media player, it constantly gave pop ups with an error message (i can't remember the exact error). I turned windows media player off as I don't really use it and that seems to have helped.

But before that i checked the task manager to see if it helped to shut down the process and i noticed two processes. The first named conhost.exe with description "Console Windows Host" and the second cxz.exe*32 with description "bitcoin-minor". I found them a bit suspicious as they both had about 8 copies.
I updated and ran Malwarbites' Anti Malware and it found multiple threads. I clicked remove and restarted and ran MBAM again. It still found (less) threads and i removed and restarted again.

I'm also having problems with deleting some folders (I created in the past), it gave an error which said something like "folder is in use" and "thumbs" while I was only running the explorer to delete them. This is really anoying as i'm trying to clean up my computer a bit. I tried Lockhunter but that didn't help. Then I used a tip I found on the internet copying cmd.exe to C:\\ running it and typing "del /ash /s thumbs.db", which helped,

I'm sorry if I complicated things a bit by trying on my own :P and i'm not sure if everything I noticed is relevant to the infections MBAM detects. Thanks for the help in advance.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Marius at 18:23:45 on 2012-05-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.4095.2998 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxebcoms.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Users\Marius\AppData\Roaming\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\cxz.exe
C:\ProgramData\cxz.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://localhost:8080/sabnzbd/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
uRun: [© Skype Technologies S.A.] C:\Users\Marius\AppData\Roaming\Windows Sidebar\sidebar.exe
uRun: [plugin] C:\Users\Marius\Local Settings\Temp\plugin.exe
mRun: [© Skype Technologies S.A.] C:\Users\Marius\AppData\Roaming\Windows Sidebar\sidebar.exe
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mExplorerRun: [© Skype Technologies S.A.] C:\Users\Marius\AppData\Roaming\Windows Sidebar\sidebar.exe
StartupFolder: C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4103.exe
StartupFolder: C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5267.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{FACBA18C-7C49-4434-8A9F-1A476DC14E63} : DhcpNameServer = 192.168.2.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Lexmark : {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
mRun-x64: [© Skype Technologies S.A.] C:\Users\Marius\AppData\Roaming\Windows Sidebar\sidebar.exe
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/20 23:36:35];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-3-8 1127944]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2012-2-18 45736]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-2 253088]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);C:\Windows\system32\drivers\wfeaglxt.sys --> C:\Windows\system32\drivers\wfeaglxt.sys [?]
.
=============== Created Last 30 ================
.
2012-05-02 16:08:14 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 15:53:51 282624 ----a-w- C:\ProgramData\cxz.exe
2012-05-02 15:17:47 -------- d-----w- C:\Program Files\LockHunter
2012-05-02 15:10:11 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-02 15:03:32 -------- d-----w- C:\Program Files (x86)\Unlocker
2012-04-25 20:36:03 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 20:36:02 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 20:36:02 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-02 16:08:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-07 09:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 18:24:11,22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 03 May 2012 - 01:16 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 madarivi

madarivi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 May 2012 - 11:53 AM

Thnx for the fast reply. No problems with combofix or securitycheck and I haven't noticed any other problems with my computer yet. I did notice that the processes (cxz.exe and conhost.exe) are still running.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 11.2.202.233
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


ComboFix 12-05-03.01 - Marius 03-05-2012 17:58:58.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.4095.2806 [GMT 2:00]
Gestart vanuit: c:\users\Marius\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cxz.exe
c:\users\Marius\AppData\Roaming\301171.exe
c:\users\Marius\AppData\Roaming\306381.exe
c:\users\Marius\AppData\Roaming\4103.exe
c:\users\Marius\AppData\Roaming\41031.exe
c:\users\Marius\AppData\Roaming\5267.exe
c:\users\Marius\AppData\Roaming\52671.exe
c:\users\Marius\AppData\Roaming\622361.exe
c:\users\Marius\AppData\Roaming\643351.exe
c:\users\Marius\AppData\Roaming\699141.exe
c:\users\Marius\AppData\Roaming\753271.exe
c:\users\Marius\AppData\Roaming\828441.exe
c:\users\Marius\AppData\Roaming\895961.exe
c:\users\Marius\AppData\Roaming\943531.exe
c:\users\Marius\AppData\Roaming\IGZSVYWYU2VDrar.exe
c:\users\Marius\AppData\Roaming\taskmgr.exe
c:\users\Marius\AppData\Roaming\Windows Sidebar\sidebar.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-03 to 2012-05-03 ))))))))))))))))))))))))))))))
.
.
2012-05-03 16:17 . 2012-05-03 16:17 -------- d-----w- c:\users\Wytske\AppData\Local\temp
2012-05-03 16:17 . 2012-05-03 16:17 -------- d-----w- c:\users\Wim\AppData\Local\temp
2012-05-03 16:17 . 2012-05-03 16:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-03 16:17 . 2012-05-03 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 16:17 . 2012-05-03 16:17 -------- d-----w- c:\users\Anja\AppData\Local\temp
2012-05-02 16:08 . 2012-05-02 16:08 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 15:18 . 2012-05-02 15:18 -------- d-----w- c:\users\Marius\AppData\Roaming\LockHunter
2012-05-02 15:17 . 2012-05-02 15:17 -------- d-----w- c:\program files\LockHunter
2012-05-02 15:10 . 2012-05-02 16:08 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-02 15:03 . 2012-05-02 15:16 -------- d-----w- c:\program files (x86)\Unlocker
2012-05-01 19:50 . 2012-05-01 19:50 117760 ----a-w- c:\users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4103.exe
2012-04-29 21:53 . 2012-04-29 21:53 117760 ----a-w- c:\users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5267.exe
2012-04-25 20:36 . 2012-04-25 20:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 20:36 . 2012-04-25 20:36 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 20:36 . 2012-04-25 20:36 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-12 22:05 . 2012-04-12 22:05 -------- d-----w- c:\users\Anja\AppData\Local\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-03 16:40 . 2012-05-03 16:40 282624 ----a-w- c:\programdata\cxz.exe
2012-05-03 16:40 . 2012-05-03 16:40 6656 ----a-w- c:\users\Marius\AppData\Roaming\52671.exe
2012-05-03 16:40 . 2012-05-03 16:40 6656 ----a-w- c:\users\Marius\AppData\Roaming\41031.exe
2012-05-03 16:40 . 2012-05-03 16:40 2560 ----a-w- c:\users\Marius\AppData\Roaming\taskmgr.exe
2012-05-02 16:08 . 2011-07-12 17:35 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 19:50 . 2012-05-03 16:40 117760 ----a-w- c:\users\Marius\AppData\Roaming\4103.exe
2012-04-29 21:53 . 2012-05-03 16:40 117760 ----a-w- c:\users\Marius\AppData\Roaming\5267.exe
2012-04-04 13:56 . 2011-07-17 22:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 14:01 . 2012-04-03 14:01 0 ----a-w- c:\users\Marius\AppData\Roaming\V6J0J1HUVG8bJbpPqbKpFFvLc2gxHjoi6ZpxkcE.exe
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 253088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/20 23:36];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 146928]
S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2009-09-02 1127944]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 16:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://localhost:8080/sabnzbd/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath -
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{f4e6547e-325b-403c-a3bb-ad29ed37a92f} - (no file)
Wow6432Node-HKCU-Run-© Skype Technologies S.A. - c:\users\Marius\AppData\Roaming\Windows Sidebar\sidebar.exe
Wow6432Node-HKCU-Run-plugin - c:\users\Marius\Local Settings\Temp\plugin.exe
Wow6432Node-HKLM-Run-© Skype Technologies S.A. - c:\users\Marius\AppData\Roaming\Windows Sidebar\sidebar.exe
Wow6432Node-HKLM-Run-UnlockerAssistant - c:\program files (x86)\Unlocker\UnlockerAssistant.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\programdata\cxz.exe
c:\programdata\cxz.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-03 18:43:33 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-03 16:43
.
Pre-Run: 52.761.767.936 bytes free
Post-Run: 53.141.745.664 bytes free
.
- - End Of File - - 5ACB1675A09C007D737F7DB3BCE82960

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 03 May 2012 - 12:15 PM

Greetings

just so you know conhost.exe is a legit file.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 madarivi

madarivi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 May 2012 - 05:47 PM

No problems running the tdsskiller, I accidentally clicked save log by the aswMBR scan to early (I thought it was finished). I ran it again and you can find both the logs in this post.

00:17:18.0156 0668 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
00:17:18.0219 0668 ============================================================
00:17:18.0219 0668 Current date / time: 2012/05/04 00:17:18.0219
00:17:18.0219 0668 SystemInfo:
00:17:18.0219 0668
00:17:18.0219 0668 OS Version: 6.1.7600 ServicePack: 0.0
00:17:18.0219 0668 Product type: Workstation
00:17:18.0219 0668 ComputerName: WM-TELRAAM
00:17:18.0219 0668 UserName: Marius
00:17:18.0219 0668 Windows directory: C:\Windows
00:17:18.0219 0668 System windows directory: C:\Windows
00:17:18.0219 0668 Running under WOW64
00:17:18.0219 0668 Processor architecture: Intel x64
00:17:18.0219 0668 Number of processors: 2
00:17:18.0219 0668 Page size: 0x1000
00:17:18.0219 0668 Boot type: Normal boot
00:17:18.0219 0668 ============================================================
00:17:19.0373 0668 Drive \Device\Harddisk0\DR0 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:17:19.0404 0668 ============================================================
00:17:19.0404 0668 \Device\Harddisk0\DR0:
00:17:19.0404 0668 MBR partitions:
00:17:19.0404 0668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EF2A84
00:17:19.0404 0668 ============================================================
00:17:19.0420 0668 C: <-> \Device\Harddisk0\DR0\Partition0
00:17:19.0420 0668 ============================================================
00:17:19.0420 0668 Initialize success
00:17:19.0420 0668 ============================================================
00:18:00.0853 1984 ============================================================
00:18:00.0853 1984 Scan started
00:18:00.0853 1984 Mode: Manual;
00:18:00.0853 1984 ============================================================
00:18:01.0306 1984 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:18:01.0306 1984 1394ohci - ok
00:18:01.0368 1984 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
00:18:01.0399 1984 61883 - ok
00:18:01.0431 1984 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:18:01.0431 1984 ACPI - ok
00:18:01.0477 1984 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:18:01.0493 1984 AcpiPmi - ok
00:18:01.0696 1984 Active@ Disk Monitor (0465625cc5804192e412d5c122a79732) C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
00:18:01.0711 1984 Active@ Disk Monitor - ok
00:18:01.0883 1984 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:18:01.0899 1984 AdobeFlashPlayerUpdateSvc - ok
00:18:02.0070 1984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:18:02.0117 1984 adp94xx - ok
00:18:02.0148 1984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:18:02.0179 1984 adpahci - ok
00:18:02.0211 1984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:18:02.0211 1984 adpu320 - ok
00:18:02.0398 1984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:18:02.0413 1984 AeLookupSvc - ok
00:18:02.0460 1984 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
00:18:02.0476 1984 AFD - ok
00:18:02.0507 1984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:18:02.0507 1984 agp440 - ok
00:18:02.0538 1984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:18:02.0554 1984 ALG - ok
00:18:02.0585 1984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:18:02.0585 1984 aliide - ok
00:18:02.0601 1984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:18:02.0601 1984 amdide - ok
00:18:02.0616 1984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:18:02.0632 1984 AmdK8 - ok
00:18:02.0647 1984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:18:02.0647 1984 AmdPPM - ok
00:18:02.0710 1984 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
00:18:02.0725 1984 amdsata - ok
00:18:02.0772 1984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:18:02.0788 1984 amdsbs - ok
00:18:02.0819 1984 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
00:18:02.0819 1984 amdxata - ok
00:18:02.0835 1984 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:18:02.0866 1984 AppID - ok
00:18:02.0881 1984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:18:02.0897 1984 AppIDSvc - ok
00:18:02.0913 1984 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
00:18:02.0913 1984 Appinfo - ok
00:18:03.0006 1984 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:18:03.0006 1984 Apple Mobile Device - ok
00:18:03.0037 1984 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:18:03.0053 1984 AppMgmt - ok
00:18:03.0084 1984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:18:03.0100 1984 arc - ok
00:18:03.0115 1984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:18:03.0131 1984 arcsas - ok
00:18:03.0256 1984 AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
00:18:03.0256 1984 AsIO - ok
00:18:03.0271 1984 AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
00:18:03.0271 1984 AsUpIO - ok
00:18:03.0287 1984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:18:03.0287 1984 AsyncMac - ok
00:18:03.0303 1984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:18:03.0303 1984 atapi - ok
00:18:03.0490 1984 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
00:18:03.0630 1984 atikmdag - ok
00:18:03.0739 1984 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:18:03.0755 1984 AudioEndpointBuilder - ok
00:18:03.0755 1984 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:18:03.0771 1984 AudioSrv - ok
00:18:03.0849 1984 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
00:18:03.0864 1984 Avc - ok
00:18:03.0880 1984 AVCSTRM (155f536d6181508929f4fe177f4167ce) C:\Windows\system32\DRIVERS\avcstrm.sys
00:18:03.0895 1984 AVCSTRM - ok
00:18:03.0942 1984 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
00:18:03.0958 1984 AxInstSV - ok
00:18:03.0989 1984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:18:04.0005 1984 b06bdrv - ok
00:18:04.0036 1984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:18:04.0051 1984 b57nd60a - ok
00:18:04.0067 1984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:18:04.0083 1984 BDESVC - ok
00:18:04.0098 1984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:18:04.0098 1984 Beep - ok
00:18:04.0176 1984 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
00:18:04.0192 1984 BFE - ok
00:18:04.0239 1984 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
00:18:04.0239 1984 BITS - ok
00:18:04.0317 1984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:18:04.0317 1984 blbdrive - ok
00:18:04.0441 1984 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:18:04.0457 1984 Bonjour Service - ok
00:18:04.0473 1984 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
00:18:04.0473 1984 bowser - ok
00:18:04.0488 1984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:18:04.0488 1984 BrFiltLo - ok
00:18:04.0504 1984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:18:04.0504 1984 BrFiltUp - ok
00:18:04.0519 1984 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:18:04.0535 1984 BridgeMP - ok
00:18:04.0551 1984 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
00:18:04.0551 1984 Browser - ok
00:18:04.0582 1984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:18:04.0597 1984 Brserid - ok
00:18:04.0597 1984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:18:04.0597 1984 BrSerWdm - ok
00:18:04.0597 1984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:18:04.0597 1984 BrUsbMdm - ok
00:18:04.0613 1984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:18:04.0613 1984 BrUsbSer - ok
00:18:04.0629 1984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:18:04.0629 1984 BTHMODEM - ok
00:18:04.0660 1984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:18:04.0675 1984 bthserv - ok
00:18:04.0691 1984 catchme - ok
00:18:04.0707 1984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:18:04.0722 1984 cdfs - ok
00:18:04.0738 1984 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:18:04.0738 1984 cdrom - ok
00:18:04.0753 1984 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:18:04.0769 1984 CertPropSvc - ok
00:18:04.0769 1984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:18:04.0785 1984 circlass - ok
00:18:04.0816 1984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:18:04.0831 1984 CLFS - ok
00:18:04.0909 1984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:18:04.0909 1984 clr_optimization_v2.0.50727_32 - ok
00:18:04.0972 1984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:18:04.0987 1984 clr_optimization_v2.0.50727_64 - ok
00:18:05.0097 1984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:18:05.0097 1984 clr_optimization_v4.0.30319_32 - ok
00:18:05.0206 1984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:18:05.0221 1984 clr_optimization_v4.0.30319_64 - ok
00:18:05.0221 1984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:18:05.0237 1984 CmBatt - ok
00:18:05.0237 1984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:18:05.0253 1984 cmdide - ok
00:18:05.0284 1984 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
00:18:05.0299 1984 CNG - ok
00:18:05.0299 1984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:18:05.0315 1984 Compbatt - ok
00:18:05.0331 1984 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:18:05.0331 1984 CompositeBus - ok
00:18:05.0346 1984 COMSysApp - ok
00:18:05.0346 1984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:18:05.0362 1984 crcdisk - ok
00:18:05.0393 1984 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
00:18:05.0393 1984 CryptSvc - ok
00:18:05.0440 1984 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
00:18:05.0455 1984 CSC - ok
00:18:05.0487 1984 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
00:18:05.0502 1984 CscService - ok
00:18:05.0549 1984 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:18:05.0549 1984 DcomLaunch - ok
00:18:05.0580 1984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:18:05.0596 1984 defragsvc - ok
00:18:05.0643 1984 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
00:18:05.0658 1984 DfsC - ok
00:18:05.0689 1984 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
00:18:05.0705 1984 Dhcp - ok
00:18:05.0721 1984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:18:05.0721 1984 discache - ok
00:18:05.0736 1984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:18:05.0752 1984 Disk - ok
00:18:05.0752 1984 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
00:18:05.0767 1984 Dnscache - ok
00:18:05.0783 1984 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
00:18:05.0799 1984 dot3svc - ok
00:18:05.0814 1984 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
00:18:05.0814 1984 DPS - ok
00:18:05.0861 1984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:18:05.0861 1984 drmkaud - ok
00:18:05.0908 1984 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
00:18:05.0908 1984 DXGKrnl - ok
00:18:05.0939 1984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:18:05.0955 1984 EapHost - ok
00:18:06.0111 1984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:18:06.0204 1984 ebdrv - ok
00:18:06.0360 1984 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
00:18:06.0360 1984 EFS - ok
00:18:06.0501 1984 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
00:18:06.0516 1984 ehRecvr - ok
00:18:06.0547 1984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:18:06.0563 1984 ehSched - ok
00:18:06.0641 1984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:18:06.0657 1984 elxstor - ok
00:18:06.0688 1984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:18:06.0688 1984 ErrDev - ok
00:18:06.0719 1984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:18:06.0719 1984 EventSystem - ok
00:18:06.0735 1984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:18:06.0750 1984 exfat - ok
00:18:06.0766 1984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:18:06.0781 1984 fastfat - ok
00:18:06.0828 1984 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
00:18:06.0844 1984 Fax - ok
00:18:06.0859 1984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:18:06.0859 1984 fdc - ok
00:18:06.0891 1984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:18:06.0906 1984 fdPHost - ok
00:18:06.0906 1984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:18:06.0922 1984 FDResPub - ok
00:18:06.0937 1984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:18:06.0937 1984 FileInfo - ok
00:18:06.0953 1984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:18:06.0953 1984 Filetrace - ok
00:18:06.0969 1984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:18:06.0969 1984 flpydisk - ok
00:18:06.0984 1984 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:18:07.0000 1984 FltMgr - ok
00:18:07.0047 1984 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
00:18:07.0078 1984 FontCache - ok
00:18:07.0171 1984 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:18:07.0187 1984 FontCache3.0.0.0 - ok
00:18:07.0218 1984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:18:07.0218 1984 FsDepends - ok
00:18:07.0234 1984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:18:07.0234 1984 Fs_Rec - ok
00:18:07.0265 1984 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:18:07.0265 1984 fvevol - ok
00:18:07.0296 1984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:18:07.0296 1984 gagp30kx - ok
00:18:07.0343 1984 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
00:18:07.0374 1984 gpsvc - ok
00:18:07.0374 1984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:18:07.0405 1984 hcw85cir - ok
00:18:07.0437 1984 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:18:07.0452 1984 HdAudAddService - ok
00:18:07.0468 1984 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:18:07.0483 1984 HDAudBus - ok
00:18:07.0483 1984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:18:07.0499 1984 HidBatt - ok
00:18:07.0499 1984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:18:07.0530 1984 HidBth - ok
00:18:07.0530 1984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:18:07.0546 1984 HidIr - ok
00:18:07.0561 1984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:18:07.0577 1984 hidserv - ok
00:18:07.0593 1984 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:18:07.0608 1984 HidUsb - ok
00:18:07.0624 1984 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
00:18:07.0639 1984 hkmsvc - ok
00:18:07.0655 1984 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
00:18:07.0671 1984 HomeGroupListener - ok
00:18:07.0686 1984 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
00:18:07.0702 1984 HomeGroupProvider - ok
00:18:07.0749 1984 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:18:07.0764 1984 HpSAMD - ok
00:18:07.0811 1984 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:18:07.0827 1984 HTTP - ok
00:18:07.0842 1984 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:18:07.0842 1984 hwpolicy - ok
00:18:07.0905 1984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:18:07.0920 1984 i8042prt - ok
00:18:07.0951 1984 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
00:18:07.0967 1984 iaStorV - ok
00:18:08.0061 1984 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:18:08.0092 1984 idsvc - ok
00:18:08.0107 1984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:18:08.0123 1984 iirsp - ok
00:18:08.0170 1984 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
00:18:08.0201 1984 IKEEXT - ok
00:18:08.0217 1984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:18:08.0232 1984 intelide - ok
00:18:08.0248 1984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:18:08.0248 1984 intelppm - ok
00:18:08.0279 1984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:18:08.0279 1984 IPBusEnum - ok
00:18:08.0295 1984 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:18:08.0310 1984 IpFilterDriver - ok
00:18:08.0357 1984 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
00:18:08.0388 1984 iphlpsvc - ok
00:18:08.0388 1984 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:18:08.0404 1984 IPMIDRV - ok
00:18:08.0404 1984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:18:08.0419 1984 IPNAT - ok
00:18:08.0451 1984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:18:08.0466 1984 IRENUM - ok
00:18:08.0482 1984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:18:08.0497 1984 isapnp - ok
00:18:08.0513 1984 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:18:08.0529 1984 iScsiPrt - ok
00:18:08.0544 1984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:18:08.0544 1984 kbdclass - ok
00:18:08.0560 1984 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:18:08.0575 1984 kbdhid - ok
00:18:08.0607 1984 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:18:08.0607 1984 KeyIso - ok
00:18:08.0622 1984 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
00:18:08.0622 1984 KSecDD - ok
00:18:08.0669 1984 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
00:18:08.0669 1984 KSecPkg - ok
00:18:08.0685 1984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:18:08.0685 1984 ksthunk - ok
00:18:08.0716 1984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:18:08.0716 1984 KtmRm - ok
00:18:08.0763 1984 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
00:18:08.0763 1984 L1E - ok
00:18:08.0841 1984 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
00:18:08.0856 1984 LanmanServer - ok
00:18:08.0887 1984 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
00:18:08.0887 1984 LanmanWorkstation - ok
00:18:09.0043 1984 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:18:09.0059 1984 LightScribeService - ok
00:18:09.0075 1984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:18:09.0090 1984 lltdio - ok
00:18:09.0121 1984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:18:09.0137 1984 lltdsvc - ok
00:18:09.0168 1984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:18:09.0184 1984 lmhosts - ok
00:18:09.0231 1984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:18:09.0231 1984 LSI_FC - ok
00:18:09.0246 1984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:18:09.0262 1984 LSI_SAS - ok
00:18:09.0293 1984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:18:09.0309 1984 LSI_SAS2 - ok
00:18:09.0340 1984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:18:09.0340 1984 LSI_SCSI - ok
00:18:09.0371 1984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:18:09.0387 1984 luafv - ok
00:18:09.0465 1984 lxebCATSCustConnectService (f6963e48385a5637fc4e51dc0f8234a0) C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
00:18:09.0465 1984 lxebCATSCustConnectService - ok
00:18:09.0465 1984 lxeb_device - ok
00:18:09.0496 1984 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
00:18:09.0496 1984 Mcx2Svc - ok
00:18:09.0511 1984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:18:09.0527 1984 megasas - ok
00:18:09.0558 1984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:18:09.0574 1984 MegaSR - ok
00:18:09.0621 1984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:18:09.0621 1984 MMCSS - ok
00:18:09.0667 1984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:18:09.0667 1984 Modem - ok
00:18:09.0699 1984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:18:09.0699 1984 monitor - ok
00:18:09.0714 1984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:18:09.0714 1984 mouclass - ok
00:18:09.0730 1984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:18:09.0745 1984 mouhid - ok
00:18:09.0761 1984 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:18:09.0777 1984 mountmgr - ok
00:18:09.0870 1984 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:18:09.0870 1984 MozillaMaintenance - ok
00:18:09.0917 1984 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:18:09.0917 1984 mpio - ok
00:18:09.0948 1984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:18:09.0964 1984 mpsdrv - ok
00:18:10.0011 1984 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
00:18:10.0057 1984 MpsSvc - ok
00:18:10.0089 1984 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:18:10.0089 1984 MRxDAV - ok
00:18:10.0120 1984 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:18:10.0120 1984 mrxsmb - ok
00:18:10.0135 1984 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:18:10.0151 1984 mrxsmb10 - ok
00:18:10.0167 1984 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:18:10.0182 1984 mrxsmb20 - ok
00:18:10.0182 1984 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:18:10.0198 1984 msahci - ok
00:18:10.0213 1984 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:18:10.0229 1984 msdsm - ok
00:18:10.0245 1984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:18:10.0291 1984 MSDTC - ok
00:18:10.0369 1984 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
00:18:10.0385 1984 MSDV - ok
00:18:10.0432 1984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:18:10.0432 1984 Msfs - ok
00:18:10.0447 1984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:18:10.0447 1984 mshidkmdf - ok
00:18:10.0463 1984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:18:10.0463 1984 msisadrv - ok
00:18:10.0510 1984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:18:10.0510 1984 MSiSCSI - ok
00:18:10.0510 1984 msiserver - ok
00:18:10.0541 1984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:18:10.0541 1984 MSKSSRV - ok
00:18:10.0557 1984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:18:10.0557 1984 MSPCLOCK - ok
00:18:10.0572 1984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:18:10.0572 1984 MSPQM - ok
00:18:10.0588 1984 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:18:10.0603 1984 MsRPC - ok
00:18:10.0619 1984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:18:10.0619 1984 mssmbios - ok
00:18:10.0681 1984 MSTAPE (966ec55988d580b9823c453781309450) C:\Windows\system32\DRIVERS\mstape.sys
00:18:10.0697 1984 MSTAPE - ok
00:18:10.0713 1984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:18:10.0713 1984 MSTEE - ok
00:18:10.0744 1984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:18:10.0759 1984 MTConfig - ok
00:18:10.0806 1984 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
00:18:10.0806 1984 MTsensor - ok
00:18:10.0822 1984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:18:10.0822 1984 Mup - ok
00:18:10.0853 1984 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
00:18:10.0884 1984 napagent - ok
00:18:10.0915 1984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:18:10.0931 1984 NativeWifiP - ok
00:18:10.0993 1984 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:18:10.0993 1984 NDIS - ok
00:18:11.0025 1984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:18:11.0025 1984 NdisCap - ok
00:18:11.0056 1984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:18:11.0056 1984 NdisTapi - ok
00:18:11.0087 1984 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:18:11.0103 1984 Ndisuio - ok
00:18:11.0134 1984 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:18:11.0149 1984 NdisWan - ok
00:18:11.0165 1984 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:18:11.0181 1984 NDProxy - ok
00:18:11.0196 1984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:18:11.0196 1984 NetBIOS - ok
00:18:11.0212 1984 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:18:11.0227 1984 NetBT - ok
00:18:11.0243 1984 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:18:11.0243 1984 Netlogon - ok
00:18:11.0274 1984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:18:11.0290 1984 Netman - ok
00:18:11.0305 1984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:18:11.0337 1984 netprofm - ok
00:18:11.0415 1984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:18:11.0430 1984 NetTcpPortSharing - ok
00:18:11.0461 1984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:18:11.0477 1984 nfrd960 - ok
00:18:11.0493 1984 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
00:18:11.0508 1984 NlaSvc - ok
00:18:11.0524 1984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:18:11.0524 1984 Npfs - ok
00:18:11.0539 1984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:18:11.0539 1984 nsi - ok
00:18:11.0555 1984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:18:11.0555 1984 nsiproxy - ok
00:18:11.0617 1984 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
00:18:11.0633 1984 Ntfs - ok
00:18:11.0727 1984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:18:11.0727 1984 Null - ok
00:18:11.0758 1984 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
00:18:11.0758 1984 nvraid - ok
00:18:11.0789 1984 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
00:18:11.0805 1984 nvstor - ok
00:18:11.0820 1984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:18:11.0867 1984 nv_agp - ok
00:18:11.0976 1984 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:18:11.0992 1984 odserv - ok
00:18:12.0023 1984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:18:12.0039 1984 ohci1394 - ok
00:18:12.0085 1984 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:18:12.0101 1984 ose - ok
00:18:12.0132 1984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:18:12.0148 1984 p2pimsvc - ok
00:18:12.0179 1984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:18:12.0195 1984 p2psvc - ok
00:18:12.0195 1984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:18:12.0210 1984 Parport - ok
00:18:12.0226 1984 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:18:12.0241 1984 partmgr - ok
00:18:12.0241 1984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:18:12.0273 1984 PcaSvc - ok
00:18:12.0288 1984 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:18:12.0288 1984 pci - ok
00:18:12.0304 1984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:18:12.0304 1984 pciide - ok
00:18:12.0319 1984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:18:12.0335 1984 pcmcia - ok
00:18:12.0351 1984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:18:12.0351 1984 pcw - ok
00:18:12.0382 1984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:18:12.0397 1984 PEAUTH - ok
00:18:12.0460 1984 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:18:12.0491 1984 PeerDistSvc - ok
00:18:12.0553 1984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:18:12.0569 1984 PerfHost - ok
00:18:12.0959 1984 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
00:18:13.0006 1984 pla - ok
00:18:13.0053 1984 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
00:18:13.0068 1984 PlugPlay - ok
00:18:13.0084 1984 PnkBstrA - ok
00:18:13.0084 1984 PnkBstrB - ok
00:18:13.0099 1984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:18:13.0115 1984 PNRPAutoReg - ok
00:18:13.0146 1984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:18:13.0146 1984 PNRPsvc - ok
00:18:13.0193 1984 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
00:18:13.0209 1984 PolicyAgent - ok
00:18:13.0224 1984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:18:13.0240 1984 Power - ok
00:18:13.0271 1984 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:18:13.0287 1984 PptpMiniport - ok
00:18:13.0287 1984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:18:13.0302 1984 Processor - ok
00:18:13.0349 1984 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
00:18:13.0365 1984 ProfSvc - ok
00:18:13.0411 1984 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:18:13.0411 1984 ProtectedStorage - ok
00:18:13.0443 1984 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:18:13.0458 1984 Psched - ok
00:18:13.0521 1984 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:18:13.0521 1984 PxHlpa64 - ok
00:18:13.0583 1984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:18:13.0630 1984 ql2300 - ok
00:18:13.0739 1984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:18:13.0786 1984 ql40xx - ok
00:18:13.0833 1984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:18:13.0848 1984 QWAVE - ok
00:18:13.0848 1984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:18:13.0864 1984 QWAVEdrv - ok
00:18:13.0895 1984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:18:13.0911 1984 RasAcd - ok
00:18:13.0942 1984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:18:13.0942 1984 RasAgileVpn - ok
00:18:13.0973 1984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:18:13.0973 1984 RasAuto - ok
00:18:13.0989 1984 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:18:14.0004 1984 Rasl2tp - ok
00:18:14.0020 1984 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
00:18:14.0035 1984 RasMan - ok
00:18:14.0051 1984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:18:14.0067 1984 RasPppoe - ok
00:18:14.0067 1984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:18:14.0082 1984 RasSstp - ok
00:18:14.0098 1984 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:18:14.0113 1984 rdbss - ok
00:18:14.0129 1984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:18:14.0129 1984 rdpbus - ok
00:18:14.0145 1984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:18:14.0145 1984 RDPCDD - ok
00:18:14.0176 1984 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
00:18:14.0191 1984 RDPDR - ok
00:18:14.0207 1984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:18:14.0207 1984 RDPENCDD - ok
00:18:14.0223 1984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:18:14.0223 1984 RDPREFMP - ok
00:18:14.0238 1984 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
00:18:14.0254 1984 RDPWD - ok
00:18:14.0269 1984 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:18:14.0269 1984 rdyboost - ok
00:18:14.0301 1984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:18:14.0316 1984 RemoteAccess - ok
00:18:14.0363 1984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:18:14.0363 1984 RemoteRegistry - ok
00:18:14.0410 1984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:18:14.0410 1984 RpcEptMapper - ok
00:18:14.0457 1984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:18:14.0457 1984 RpcLocator - ok
00:18:14.0503 1984 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
00:18:14.0503 1984 RpcSs - ok
00:18:14.0519 1984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:18:14.0535 1984 rspndr - ok
00:18:14.0535 1984 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
00:18:14.0535 1984 s3cap - ok
00:18:14.0566 1984 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:18:14.0566 1984 SamSs - ok
00:18:14.0581 1984 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:18:14.0581 1984 sbp2port - ok
00:18:14.0613 1984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:18:14.0613 1984 SCardSvr - ok
00:18:14.0628 1984 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:18:14.0628 1984 scfilter - ok
00:18:14.0722 1984 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
00:18:14.0722 1984 Schedule - ok
00:18:14.0753 1984 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:18:14.0753 1984 SCPolicySvc - ok
00:18:14.0753 1984 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
00:18:14.0769 1984 SDRSVC - ok
00:18:14.0815 1984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:18:14.0831 1984 secdrv - ok
00:18:14.0847 1984 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
00:18:14.0847 1984 seclogon - ok
00:18:14.0862 1984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:18:14.0878 1984 SENS - ok
00:18:14.0878 1984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:18:14.0893 1984 SensrSvc - ok
00:18:14.0909 1984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:18:14.0925 1984 Serenum - ok
00:18:14.0940 1984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:18:14.0940 1984 Serial - ok
00:18:14.0971 1984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:18:14.0987 1984 sermouse - ok
00:18:15.0003 1984 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
00:18:15.0081 1984 SessionEnv - ok
00:18:15.0127 1984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:18:15.0143 1984 sffdisk - ok
00:18:15.0143 1984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:18:15.0159 1984 sffp_mmc - ok
00:18:15.0159 1984 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:18:15.0159 1984 sffp_sd - ok
00:18:15.0174 1984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:18:15.0174 1984 sfloppy - ok
00:18:15.0221 1984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:18:15.0237 1984 SharedAccess - ok
00:18:15.0252 1984 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
00:18:15.0268 1984 ShellHWDetection - ok
00:18:15.0299 1984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:18:15.0299 1984 SiSRaid2 - ok
00:18:15.0346 1984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:18:15.0346 1984 SiSRaid4 - ok
00:18:15.0377 1984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:18:15.0393 1984 Smb - ok
00:18:15.0455 1984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:18:15.0455 1984 SNMPTRAP - ok
00:18:15.0471 1984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:18:15.0471 1984 spldr - ok
00:18:15.0549 1984 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
00:18:15.0549 1984 Spooler - ok
00:18:15.0658 1984 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
00:18:15.0767 1984 sppsvc - ok
00:18:15.0845 1984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:18:15.0861 1984 sppuinotify - ok
00:18:15.0923 1984 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
00:18:15.0939 1984 srv - ok
00:18:15.0954 1984 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
00:18:15.0970 1984 srv2 - ok
00:18:16.0032 1984 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
00:18:16.0032 1984 srvnet - ok
00:18:16.0063 1984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:18:16.0079 1984 SSDPSRV - ok
00:18:16.0079 1984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:18:16.0095 1984 SstpSvc - ok
00:18:16.0110 1984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:18:16.0126 1984 stexstor - ok
00:18:16.0173 1984 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
00:18:16.0188 1984 StillCam - ok
00:18:16.0235 1984 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
00:18:16.0282 1984 stisvc - ok
00:18:16.0313 1984 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
00:18:16.0313 1984 storflt - ok
00:18:16.0329 1984 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
00:18:16.0344 1984 storvsc - ok
00:18:16.0360 1984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:18:16.0360 1984 swenum - ok
00:18:16.0531 1984 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:18:16.0563 1984 SwitchBoard - ok
00:18:16.0594 1984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:18:16.0609 1984 swprv - ok
00:18:16.0687 1984 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
00:18:16.0719 1984 SysMain - ok
00:18:16.0797 1984 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
00:18:16.0812 1984 TabletInputService - ok
00:18:16.0875 1984 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
00:18:16.0875 1984 TapiSrv - ok
00:18:16.0890 1984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:18:16.0937 1984 TBS - ok
00:18:17.0046 1984 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
00:18:17.0046 1984 Tcpip - ok
00:18:17.0187 1984 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
00:18:17.0187 1984 TCPIP6 - ok
00:18:17.0265 1984 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:18:17.0280 1984 tcpipreg - ok
00:18:17.0296 1984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:18:17.0311 1984 TDPIPE - ok
00:18:17.0327 1984 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:18:17.0327 1984 TDTCP - ok
00:18:17.0343 1984 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:18:17.0343 1984 tdx - ok
00:18:17.0358 1984 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:18:17.0358 1984 TermDD - ok
00:18:17.0405 1984 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
00:18:17.0421 1984 TermService - ok
00:18:17.0421 1984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:18:17.0436 1984 Themes - ok
00:18:17.0452 1984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:18:17.0452 1984 THREADORDER - ok
00:18:17.0467 1984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:18:17.0499 1984 TrkWks - ok
00:18:17.0530 1984 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
00:18:17.0530 1984 TrustedInstaller - ok
00:18:17.0545 1984 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:18:17.0545 1984 tssecsrv - ok
00:18:17.0577 1984 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:18:17.0577 1984 tunnel - ok
00:18:17.0592 1984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:18:17.0592 1984 uagp35 - ok
00:18:17.0623 1984 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
00:18:17.0639 1984 udfs - ok
00:18:17.0655 1984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:18:17.0670 1984 UI0Detect - ok
00:18:17.0670 1984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:18:17.0686 1984 uliagpkx - ok
00:18:17.0717 1984 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:18:17.0733 1984 umbus - ok
00:18:17.0733 1984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:18:17.0733 1984 UmPass - ok
00:18:17.0795 1984 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
00:18:17.0795 1984 UmRdpService - ok
00:18:17.0826 1984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:18:17.0842 1984 upnphost - ok
00:18:17.0920 1984 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
00:18:17.0935 1984 usbaudio - ok
00:18:17.0982 1984 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
00:18:17.0998 1984 usbccgp - ok
00:18:18.0029 1984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:18:18.0045 1984 usbcir - ok
00:18:18.0060 1984 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
00:18:18.0076 1984 usbehci - ok
00:18:18.0107 1984 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
00:18:18.0138 1984 usbhub - ok
00:18:18.0138 1984 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:18:18.0154 1984 usbohci - ok
00:18:18.0169 1984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:18:18.0169 1984 usbprint - ok
00:18:18.0216 1984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:18:18.0232 1984 usbscan - ok
00:18:18.0247 1984 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:18:18.0247 1984 USBSTOR - ok
00:18:18.0247 1984 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:18:18.0263 1984 usbuhci - ok
00:18:18.0294 1984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:18:18.0294 1984 UxSms - ok
00:18:18.0310 1984 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:18:18.0325 1984 VaultSvc - ok
00:18:18.0325 1984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:18:18.0325 1984 vdrvroot - ok
00:18:18.0372 1984 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
00:18:18.0435 1984 vds - ok
00:18:18.0450 1984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:18:18.0450 1984 vga - ok
00:18:18.0466 1984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:18:18.0481 1984 VgaSave - ok
00:18:18.0513 1984 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:18:18.0528 1984 vhdmp - ok
00:18:18.0544 1984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:18:18.0559 1984 viaide - ok
00:18:18.0606 1984 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
00:18:18.0622 1984 vmbus - ok
00:18:18.0622 1984 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
00:18:18.0637 1984 VMBusHID - ok
00:18:18.0653 1984 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:18:18.0669 1984 volmgr - ok
00:18:18.0684 1984 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:18:18.0700 1984 volmgrx - ok
00:18:18.0715 1984 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:18:18.0731 1984 volsnap - ok
00:18:18.0747 1984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:18:18.0762 1984 vsmraid - ok
00:18:18.0840 1984 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
00:18:18.0887 1984 VSS - ok
00:18:19.0059 1984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:18:19.0059 1984 vwifibus - ok
00:18:19.0090 1984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:18:19.0105 1984 W32Time - ok
00:18:19.0121 1984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:18:19.0137 1984 WacomPen - ok
00:18:19.0168 1984 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:18:19.0183 1984 WANARP - ok
00:18:19.0183 1984 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:18:19.0183 1984 Wanarpv6 - ok
00:18:19.0277 1984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:18:19.0308 1984 WatAdminSvc - ok
00:18:19.0386 1984 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
00:18:19.0464 1984 wbengine - ok
00:18:19.0511 1984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:18:19.0527 1984 WbioSrvc - ok
00:18:19.0558 1984 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
00:18:19.0573 1984 wcncsvc - ok
00:18:19.0573 1984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:18:19.0589 1984 WcsPlugInService - ok
00:18:19.0620 1984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:18:19.0636 1984 Wd - ok
00:18:19.0667 1984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:18:19.0698 1984 Wdf01000 - ok
00:18:19.0729 1984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:18:19.0729 1984 WdiServiceHost - ok
00:18:19.0729 1984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:18:19.0745 1984 WdiSystemHost - ok
00:18:19.0761 1984 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
00:18:19.0776 1984 WebClient - ok
00:18:19.0792 1984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:18:19.0823 1984 Wecsvc - ok
00:18:19.0839 1984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:18:19.0839 1984 wercplsupport - ok
00:18:19.0870 1984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:18:19.0870 1984 WerSvc - ok
00:18:19.0948 1984 WFLR6654 (4c47c55502806f8fec5b523f24e8dc22) C:\Windows\system32\drivers\wfeaglxt.sys
00:18:19.0979 1984 WFLR6654 - ok
00:18:19.0995 1984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:18:19.0995 1984 WfpLwf - ok
00:18:20.0026 1984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:18:20.0026 1984 WIMMount - ok
00:18:20.0057 1984 WinDefend - ok
00:18:20.0073 1984 WinHttpAutoProxySvc - ok
00:18:20.0151 1984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:18:20.0166 1984 Winmgmt - ok
00:18:20.0244 1984 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
00:18:20.0307 1984 WinRM - ok
00:18:20.0494 1984 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:18:20.0572 1984 WinUsb - ok
00:18:20.0634 1984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:18:20.0650 1984 Wlansvc - ok
00:18:20.0665 1984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:18:20.0665 1984 WmiAcpi - ok
00:18:20.0697 1984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:18:20.0697 1984 wmiApSrv - ok
00:18:20.0728 1984 WMPNetworkSvc - ok
00:18:20.0743 1984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:18:20.0759 1984 WPCSvc - ok
00:18:20.0775 1984 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
00:18:20.0775 1984 WPDBusEnum - ok
00:18:20.0790 1984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:18:20.0821 1984 ws2ifsl - ok
00:18:20.0837 1984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:18:20.0837 1984 wscsvc - ok
00:18:20.0853 1984 WSearch - ok
00:18:20.0931 1984 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
00:18:20.0993 1984 wuauserv - ok
00:18:21.0071 1984 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:18:21.0102 1984 WudfPf - ok
00:18:21.0118 1984 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:18:21.0133 1984 WUDFRd - ok
00:18:21.0133 1984 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
00:18:21.0165 1984 wudfsvc - ok
00:18:21.0180 1984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:18:21.0196 1984 WwanSvc - ok
00:18:21.0352 1984 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
00:18:21.0367 1984 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
00:18:21.0367 1984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:18:21.0399 1984 \Device\Harddisk0\DR0 - ok
00:18:21.0399 1984 Boot (0x1200) (122d91844266a49f85716ad23b38ab91) \Device\Harddisk0\DR0\Partition0
00:18:21.0399 1984 \Device\Harddisk0\DR0\Partition0 - ok
00:18:21.0399 1984 ============================================================
00:18:21.0399 1984 Scan finished
00:18:21.0399 1984 ============================================================
00:18:21.0414 3532 Detected object count: 0
00:18:21.0414 3532 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 00:22:10
-----------------------------
00:22:10.532 OS Version: Windows x64 6.1.7600
00:22:10.532 Number of processors: 2 586 0x1706
00:22:10.532 ComputerName: WM-TELRAAM UserName: Marius
00:22:11.156 Initialize success
00:22:47.145 AVAST engine defs: 12050301
00:22:54.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
00:22:54.976 Disk 0 Vendor: Maxtor_6B300S0 BANC1B10 Size: 286188MB BusType: 3
00:22:54.992 Disk 0 MBR read successfully
00:22:54.992 Disk 0 MBR scan
00:22:54.992 Disk 0 Windows 7 default MBR code
00:22:55.008 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286181 MB offset 63
00:22:55.008 Disk 0 scanning C:\Windows\system32\drivers
00:23:09.063 Service scanning
00:23:26.332 Modules scanning
00:23:26.332 Disk 0 trace - called modules:
00:23:26.364 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:23:26.364 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004919060]
00:23:26.364 3 CLASSPNP.SYS[fffff880018a743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800446b680]
00:23:26.988 AVAST engine scan C:\Windows
00:23:29.312 AVAST engine scan C:\Windows\system32
00:25:59.603 AVAST engine scan C:\Windows\system32\drivers
00:26:09.290 AVAST engine scan C:\Users\Marius
00:26:54.811 Disk 0 MBR has been saved successfully to "C:\Users\Marius\Desktop\MBR.dat"
00:26:54.811 The log file has been saved successfully to "C:\Users\Marius\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 00:27:27
-----------------------------
00:27:27.197 OS Version: Windows x64 6.1.7600
00:27:27.197 Number of processors: 2 586 0x1706
00:27:27.197 ComputerName: WM-TELRAAM UserName: Marius
00:27:28.195 Initialize success
00:27:31.596 AVAST engine defs: 12050301
00:27:31.892 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
00:27:31.892 Disk 0 Vendor: Maxtor_6B300S0 BANC1B10 Size: 286188MB BusType: 3
00:27:31.924 Disk 0 MBR read successfully
00:27:31.924 Disk 0 MBR scan
00:27:31.924 Disk 0 Windows 7 default MBR code
00:27:31.924 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286181 MB offset 63
00:27:31.939 Disk 0 scanning C:\Windows\system32\drivers
00:27:41.018 Service scanning
00:27:59.083 Modules scanning
00:27:59.083 Disk 0 trace - called modules:
00:27:59.083 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:27:59.083 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004919060]
00:27:59.099 3 CLASSPNP.SYS[fffff880018a743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800446b680]
00:27:59.848 AVAST engine scan C:\Windows
00:28:02.375 AVAST engine scan C:\Windows\system32
00:30:34.366 AVAST engine scan C:\Windows\system32\drivers
00:30:43.414 AVAST engine scan C:\Users\Marius
00:31:52.850 File: C:\Users\Marius\AppData\Roaming\41031.exe **INFECTED** MSIL:Agent-FF [Trj]
00:31:52.928 File: C:\Users\Marius\AppData\Roaming\52671.exe **INFECTED** MSIL:Agent-FF [Trj]
00:33:06.045 AVAST engine scan C:\ProgramData
00:34:20.114 Scan finished successfully
00:42:30.719 Disk 0 MBR has been saved successfully to "C:\Users\Marius\Desktop\MBR.dat"
00:42:30.719 The log file has been saved successfully to "C:\Users\Marius\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 03 May 2012 - 09:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Users\Marius\AppData\Roaming\41031.exe
C:\Users\Marius\AppData\Roaming\52671.exe 
c:\users\Marius\AppData\Roaming\taskmgr.exe
c:\programdata\cxz.exe
c:\users\Marius\AppData\Roaming\V6J0J1HUVG8bJbpPqbKpFFvLc2gxHjoi6ZpxkcE.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 madarivi

madarivi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2012 - 05:04 AM

I'm still having trouble moving and deleting folders (In particular the shared folders on my computer which I can access from other computers on this network). Also the cxz.exe *32 process is still running. Combofix ran fine.

ComboFix 12-05-03.03 - Marius 04-05-2012 11:32:17.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.4095.2361 [GMT 2:00]
Gestart vanuit: c:\users\Marius\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Marius\Desktop\CFscript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\cxz.exe"
"c:\users\Marius\AppData\Roaming\41031.exe"
"c:\users\Marius\AppData\Roaming\52671.exe"
"c:\users\Marius\AppData\Roaming\taskmgr.exe"
"c:\users\Marius\AppData\Roaming\V6J0J1HUVG8bJbpPqbKpFFvLc2gxHjoi6ZpxkcE.exe"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cxz.exe
c:\users\Marius\AppData\Roaming\4103.exe
c:\users\Marius\AppData\Roaming\41031.exe
c:\users\Marius\AppData\Roaming\5267.exe
c:\users\Marius\AppData\Roaming\52671.exe
c:\users\Marius\AppData\Roaming\taskmgr.exe
c:\users\Marius\AppData\Roaming\V6J0J1HUVG8bJbpPqbKpFFvLc2gxHjoi6ZpxkcE.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-04 to 2012-05-04 ))))))))))))))))))))))))))))))
.
.
2012-05-04 09:45 . 2012-05-04 09:45 6656 ----a-w- c:\users\Marius\AppData\Roaming\52671.exe
2012-05-04 09:45 . 2012-05-04 09:45 6656 ----a-w- c:\users\Marius\AppData\Roaming\41031.exe
2012-05-04 09:45 . 2012-05-04 09:45 2560 ----a-w- c:\users\Marius\AppData\Roaming\taskmgr.exe
2012-05-02 16:08 . 2012-05-02 16:08 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 15:18 . 2012-05-02 15:18 -------- d-----w- c:\users\Marius\AppData\Roaming\LockHunter
2012-05-02 15:17 . 2012-05-02 15:17 -------- d-----w- c:\program files\LockHunter
2012-05-02 15:10 . 2012-05-02 16:08 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-02 15:03 . 2012-05-02 15:16 -------- d-----w- c:\program files (x86)\Unlocker
2012-05-01 19:50 . 2012-05-01 19:50 117760 ----a-w- c:\users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4103.exe
2012-04-29 21:53 . 2012-04-29 21:53 117760 ----a-w- c:\users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5267.exe
2012-04-25 20:36 . 2012-04-25 20:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 20:36 . 2012-04-25 20:36 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 20:36 . 2012-04-25 20:36 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-12 22:05 . 2012-04-12 22:05 -------- d-----w- c:\users\Anja\AppData\Local\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 09:45 . 2012-05-04 09:45 282624 ----a-w- c:\programdata\cxz.exe
2012-05-02 16:08 . 2011-07-12 17:35 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2011-07-17 22:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 08:18 . 2010-08-29 14:20 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-03_16.39.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-29 14:31 . 2012-05-04 09:46 31240 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-03 16:43 41370 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-08-29 14:11 . 2012-05-03 16:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-29 14:11 . 2012-05-04 09:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-05-04 09:41 71464 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-05-03 16:21 71464 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-29 14:11 . 2012-05-04 09:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-29 14:11 . 2012-05-04 09:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-29 14:11 . 2012-05-04 09:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-29 14:11 . 2012-05-04 09:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-01 21:38 . 2012-05-03 16:45 7154 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3157286681-3811045524-2669837648-1004_UserData.bin
- 2012-05-03 16:18 . 2012-05-03 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 09:39 . 2012-05-04 09:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 09:39 . 2012-05-04 09:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-03 16:18 . 2012-05-03 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-03 16:22 616032 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-04 09:43 616032 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-04 09:43 106412 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-03 16:22 106412 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-03 16:17 422444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-04 09:38 422444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-26 01:04 . 2012-05-03 16:17 666748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3157286681-3811045524-2669837648-1004-8192.dat
+ 2011-03-26 01:04 . 2012-05-04 09:38 666748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3157286681-3811045524-2669837648-1004-8192.dat
- 2009-07-14 04:45 . 2012-05-03 16:20 3662049 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-04 09:41 3662049 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2012-05-03 16:31 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-04 01:01 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 253088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/20 23:36];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 146928]
S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2009-09-02 1127944]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 16:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://localhost:8080/sabnzbd/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath -
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\programdata\cxz.exe
c:\programdata\cxz.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-04 11:50:12 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-04 09:50
.
Pre-Run: 52.719.767.552 bytes free
Post-Run: 52.640.014.336 bytes free
.
- - End Of File - - 20E617D2C54436C3651CD67EBC41E564

Edited by madarivi, 04 May 2012 - 05:04 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 04 May 2012 - 07:42 AM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
"c:\programdata\cxz.exe"
"c:\users\Marius\AppData\Roaming\4103.exe"
"c:\users\Marius\AppData\Roaming\41031.exe"
"c:\users\Marius\AppData\Roaming\5267.exe"
"c:\users\Marius\AppData\Roaming\52671.exe"
"c:\users\Marius\AppData\Roaming\taskmgr.exe"

  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

Edited by gringo_pr, 04 May 2012 - 02:37 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 madarivi

madarivi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2012 - 08:21 AM

I'm getting an error reading: "syntax error in line 9, Invalid file path".

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 04 May 2012 - 12:52 PM

I have changed it a little try again



gringo9
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 madarivi

madarivi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2012 - 01:42 PM

It now says: "syntax error in line 8, Invalid file path".

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 04 May 2012 - 02:38 PM

I changed it once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 madarivi

madarivi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2012 - 03:54 PM

This time it worked, I did get a pop-up after rebooting which said something like: 5267 stopped working, windows is looking for a solution" (not sure about the number).

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\programdata\cxz.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\users\marius\appdata\roaming\4103.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\users\marius\appdata\roaming\41031.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\users\marius\appdata\roaming\5267.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\users\marius\appdata\roaming\52671.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\users\marius\appdata\roaming\taskmgr.exe", destinationFile = "(null)", replaceWithDummy = 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 04 May 2012 - 04:26 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
killAll::
File::
c:\users\Marius\AppData\Roaming\V6J0J1HUVG8bJbpPqbKpFFvLc2gxHjoi6ZpxkcE.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 madarivi

madarivi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2012 - 05:51 PM

It ran fine (got a pop up again saing 4103.exe stopped working), and deleting the folders I was talking about earlier is working now (no thumbs.db error). The cxz process is still running though.

ComboFix 12-05-04.03 - Marius 05-05-2012 0:26.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.4095.2888 [GMT 2:00]
Gestart vanuit: c:\users\Marius\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Marius\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Marius\AppData\Roaming\V6J0J1HUVG8bJbpPqbKpFFvLc2gxHjoi6ZpxkcE.exe"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cxz.exe
c:\users\Marius\AppData\Roaming\4103.exe
c:\users\Marius\AppData\Roaming\41031.exe
c:\users\Marius\AppData\Roaming\taskmgr.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-04 to 2012-05-04 ))))))))))))))))))))))))))))))
.
.
2012-05-04 22:39 . 2012-05-04 22:39 282624 ----a-w- c:\programdata\cxz.exe
2012-05-04 22:39 . 2012-05-04 22:39 6656 ----a-w- c:\users\Marius\AppData\Roaming\52671.exe
2012-05-04 22:39 . 2012-04-29 21:53 117760 ----a-w- c:\users\Marius\AppData\Roaming\5267.exe
2012-05-04 22:39 . 2012-05-04 22:39 2560 ----a-w- c:\users\Marius\AppData\Roaming\taskmgr.exe
2012-05-04 22:32 . 2012-05-04 22:32 -------- d-----w- c:\users\Wytske\AppData\Local\temp
2012-05-04 22:32 . 2012-05-04 22:32 -------- d-----w- c:\users\Wim\AppData\Local\temp
2012-05-04 22:32 . 2012-05-04 22:32 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-05-04 22:32 . 2012-05-04 22:32 -------- d-----w- c:\users\TEMP.WM-TELRAAM\AppData\Local\temp
2012-05-04 22:32 . 2012-05-04 22:32 -------- d-----w- c:\users\TEMP.WM-TELRAAM.000\AppData\Local\temp
2012-05-04 22:32 . 2012-05-04 22:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-04 22:32 . 2012-05-04 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 22:32 . 2012-05-04 22:32 -------- d-----w- c:\users\Anja\AppData\Local\temp
2012-05-04 20:39 . 2012-04-18 01:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A521776-848E-45F0-BA9F-BBFE8B38B5A0}\mpengine.dll
2012-05-02 16:08 . 2012-05-04 19:08 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 15:18 . 2012-05-02 15:18 -------- d-----w- c:\users\Marius\AppData\Roaming\LockHunter
2012-05-02 15:17 . 2012-05-02 15:17 -------- d-----w- c:\program files\LockHunter
2012-05-02 15:10 . 2012-05-04 19:08 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-02 15:03 . 2012-05-02 15:16 -------- d-----w- c:\program files (x86)\Unlocker
2012-05-01 19:50 . 2012-05-01 19:50 117760 ----a-w- c:\users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4103.exe
2012-04-29 21:53 . 2012-04-29 21:53 117760 ----a-w- c:\users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5267.exe
2012-04-25 20:36 . 2012-04-25 20:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 20:36 . 2012-04-25 20:36 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 20:36 . 2012-04-25 20:36 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-12 22:05 . 2012-04-12 22:05 -------- d-----w- c:\users\Anja\AppData\Local\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:08 . 2011-07-12 17:35 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2011-07-17 22:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 08:18 . 2010-08-29 14:20 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-03_16.39.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-02 16:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-04 19:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-04 19:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-02 16:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-02 16:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 19:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-29 14:31 . 2012-05-04 22:40 31594 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-04 22:40 41418 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-08-29 14:00 . 2012-05-02 16:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-29 14:00 . 2012-05-04 19:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 08:50 . 2012-05-02 16:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-23 08:50 . 2012-05-04 19:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-02 16:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 19:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-29 14:11 . 2012-05-04 22:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-05-04 20:46 71672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-08-29 14:11 . 2012-05-04 22:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-29 14:11 . 2012-05-04 22:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-29 14:11 . 2012-05-04 22:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-29 14:11 . 2012-05-04 22:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-29 14:11 . 2012-05-03 16:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-01 21:38 . 2012-05-04 22:40 7226 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3157286681-3811045524-2669837648-1004_UserData.bin
+ 2012-05-04 22:33 . 2012-05-04 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-03 16:18 . 2012-05-03 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 22:33 . 2012-05-04 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-03 16:18 . 2012-05-03 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-04 19:08 . 2012-05-04 19:08 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-04 18:08 . 2012-05-04 18:08 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-04 18:08 . 2012-05-04 18:08 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-05-02 15:10 . 2012-05-04 19:08 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 02:36 . 2012-05-04 22:38 616032 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-03 16:22 616032 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-04 22:38 106412 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-03 16:22 106412 c:\windows\system32\perfc009.dat
+ 2012-05-04 19:08 . 2012-05-04 19:08 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe
+ 2012-05-04 18:08 . 2012-05-04 18:08 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-05-04 18:08 . 2012-05-04 18:08 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
- 2009-07-14 05:01 . 2012-05-03 16:17 422444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-04 22:33 422444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-26 01:04 . 2012-05-03 16:17 666748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3157286681-3811045524-2669837648-1004-8192.dat
+ 2011-03-26 01:04 . 2012-05-04 22:33 666748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3157286681-3811045524-2669837648-1004-8192.dat
+ 2012-05-04 19:08 . 2012-05-04 19:08 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2009-07-14 04:45 . 2012-05-04 09:41 3662049 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-05-03 16:20 3662049 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 02:34 . 2012-05-04 20:52 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-03 16:31 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-05-04 19:08 . 2012-05-04 19:08 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/20 23:36];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 146928]
S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2009-09-02 1127944]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 19:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://localhost:8080/sabnzbd/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath -
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\programdata\cxz.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-05 00:44:15 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-04 22:44
ComboFix2.txt 2012-05-04 09:50
.
Pre-Run: 51.644.985.344 bytes free
Post-Run: 51.345.977.344 bytes free
.
- - End Of File - - 614DD964E37C13EBBA19F45DB19BD938




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users