Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS Security Essentials cannot be started & Google keeps redirecting


  • This topic is locked This topic is locked
24 replies to this topic

#1 rphilipp

rphilipp

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 27 August 2012 - 04:28 PM

MS Security Essentials does not load at windows Startup and something closes it immediately after I try to open it manually. Google keeps redirecting when I try to follow a link from the search results.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Rodolfo at 16:29:56 on 2012-08-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3062.2047 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\rpcnet.exe
C:\Program Files\Vono\Softfone Vono\System\Vono Manager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bl165w.blu165.mail.live.com/default.aspx?rru=inbox
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyServer = 127.0.0.1:4001
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\progra~1\gbplugin\gbiehUni.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [BigDogPath] c:\windows\VM_STI.EXE V-Gear TalkCam 1.1
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.myheritage.com/FP/ImageUploader/ImageUploader5.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.genoom.com/WebResource.axd?d=tZBquHQNUnjiXGE6_M1v_IvODYBv2MySNj9GqRYYn71ehRTsakI2JCg6U5n33rsOcXGJg_wAm_ok8fyLAGWbMEOQNB-36C2YHCKDX6FxCTJiktPxoc7DQJDvaoDmTyfibtmGdkulQUDbfY2jn97G-MLNf6cNe0KA_b5o5kZvAN4Mj6Yr0&t=634544480305850000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D} : NameServer = 189.4.0.147,189.4.0.142
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}\051465F5355505542594F425 : DhcpNameServer = 10.1.1.254 10.1.1.254
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}\0514F4441465F465F4 : DhcpNameServer = 201.10.128.3 201.10.120.2
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}\2554445475946494 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}\D4562736572756 : DhcpNameServer = 135.153.2.1
TCP: Interfaces\{AFF451B9-BCBC-43D5-8742-5D721D485E35} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GbPluginUni - c:\progra~1\gbplugin\gbiehUni.dll
Notify: igfxcui - igfxdev.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\progra~1\gbplugin\gbiehUni.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2010-7-25 45096]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2012-3-14 203256]
R2 NSHE;Guardant Emulator Driver;c:\windows\system32\drivers\NSHE.SYS [2010-7-28 97792]
R2 Vono_Manager;Vono Manager;c:\program files\vono\softfone vono\system\Vono Manager.exe [2010-3-18 102400]
R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-2 29472]
R3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-20 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250568]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-2-28 20328]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [2011-10-8 16896]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-20 136176]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\drivers\usbvm302.sys [2004-3-19 90968]
.
=============== Created Last 30 ================
.
2012-08-27 17:14:48 -------- d-s---w- C:\ComboFix
2012-08-27 03:02:46 -------- d-----w- c:\program files\ESET
2012-08-27 02:25:44 7023536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2f62c3d3-067d-4ada-8be5-04637e0de9d1}\mpengine.dll
2012-08-27 01:52:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-26 18:44:01 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-26 15:46:45 -------- d-----w- c:\users\rodolfo\appdata\local\temp
2012-08-25 02:45:06 118784 --sha-r- c:\windows\system32\dot3dlgw.dll
2012-08-23 19:38:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-07-29 18:22:37 -------- d-----w- c:\program files\AccentSoft Utilities
.
==================== Find3M ====================
.
2012-08-27 19:12:58 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-27 19:12:58 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-27 19:12:45 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-26 15:14:13 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-26 15:14:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 19:38:41 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 17:44:41 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-07-18 17:44:32 58288 ------w- c:\windows\system32\rpcnet.exe
2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:23:55 41472 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:23:55 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-27 06:03:21 981504 ----a-w- c:\windows\system32\wininet.dll
2012-06-27 06:01:19 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-27 04:53:25 386048 ----a-w- c:\windows\system32\html.iec
2012-06-27 04:19:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-06 23:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:09:46 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 18:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 18:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50:00 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48:35 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-04 07:04:00 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 16:30:29,75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:28 PM

Posted 27 August 2012 - 06:13 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 rphilipp

rphilipp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 27 August 2012 - 07:48 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 27-08-2012 21:31:47
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [200704 2007-08-06] (PowerISO Computing, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [229376 2011-12-21] (MyHeritage)
HKLM\...\Run: [BigDogPath] C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1 [40960 2003-01-21] (VM.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKU\Gast\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Gast\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Maria Claudia\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Maria Claudia\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
Winlogon\Notify\ GbPluginUni: C:\PROGRA~1\GbPlugin\gbiehUni.dll [X]
Tcpip\..\Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}: [NameServer]189.4.0.147,189.4.0.142
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

========================== Services (Whitelisted) ========================

2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [0 ] ( )
2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2012-07-18] (Absolute Software Corp.)
2 Vono_Manager; "C:\Program Files\Vono\Softfone Vono\System\Vono Manager.exe" [102400 2010-03-18] ( )
4 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ===================

3 cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows ® Win 7 DDK provider)
3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16896 2010-05-12] (Danish Wireless Design A/S)
0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [45096 2010-10-11] (GAS Tecnologia)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
2 NSHE; \??\C:\Windows\system32\Drivers\NSHE.SYS [97792 2010-07-28] (Tecar Forum)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [44944 2008-06-15] (Sonic Solutions)
3 ZSMC302; C:\Windows\System32\Drivers\usbvm302.sys [90968 2004-03-19] (VM)
3 catchme; \??\C:\Users\Rodolfo\AppData\Local\Temp\catchme.sys [x]
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [x]
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [x]
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-08-27 21:30 - 2012-08-27 21:31 - 00000000 ____D C:\FRST
2012-08-27 13:09 - 2012-08-27 13:09 - 00053204 ____A C:\Users\Rodolfo\Desktop\ark.txt
2012-08-27 11:33 - 2012-08-27 11:33 - 00294216 ____A C:\Users\Rodolfo\Desktop\gmer.zip
2012-08-27 11:31 - 2012-08-27 11:31 - 00013292 ____A C:\Users\Rodolfo\Desktop\DDS.txt
2012-08-27 11:31 - 2012-08-27 11:31 - 00007236 ____A C:\Users\Rodolfo\Desktop\Attach.txt
2012-08-27 11:29 - 2012-08-27 11:29 - 00607260 ____R (Swearware) C:\Users\Rodolfo\Desktop\dds.com
2012-08-27 09:46 - 2012-08-27 09:46 - 00012247 ____A C:\ComboFix.txt
2012-08-27 09:20 - 2012-08-27 09:46 - 00000000 ____D C:\Qoobox
2012-08-27 09:14 - 2012-08-27 11:11 - 00000000 ___SD C:\ComboFix
2012-08-26 19:46 - 2012-08-27 05:34 - 00000953 ____A C:\Users\Rodolfo\Desktop\eset.txt
2012-08-26 19:02 - 2012-08-26 19:02 - 00000000 ____D C:\Program Files\ESET
2012-08-26 17:52 - 2012-08-26 17:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-26 12:21 - 2012-08-26 12:21 - 10300288 ____A (Microsoft Corporation) C:\Users\Rodolfo\Desktop\mseinstall.exe
2012-08-24 18:45 - 2012-08-27 11:12 - 00000314 ____A C:\Windows\Tasks\Trlcp.job
2012-08-24 18:45 - 2012-08-24 18:45 - 00118784 _RASH C:\Windows\System32\dot3dlgw.dll
2012-08-24 15:44 - 2012-08-24 15:54 - 00000066 ____A C:\Users\Rodolfo\Desktop\TINTAS.txt
2012-08-23 11:38 - 2012-08-23 11:38 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-08-23 11:38 - 2012-08-23 11:38 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-08-23 11:38 - 2012-08-23 11:38 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-08-23 11:38 - 2012-08-23 11:38 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-08-14 15:56 - 2012-07-18 09:10 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 15:56 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 15:56 - 2012-07-04 13:23 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 15:56 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 15:56 - 2012-06-26 22:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-14 15:56 - 2012-06-26 22:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-14 15:56 - 2012-06-26 22:03 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 06029312 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 02072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00627200 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-14 15:56 - 2012-06-26 22:00 - 11019776 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-14 15:56 - 2012-06-26 22:00 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-14 15:56 - 2012-06-26 22:00 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-14 15:56 - 2012-06-26 21:58 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-14 15:56 - 2012-06-26 20:53 - 00386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-14 15:56 - 2012-06-26 20:19 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-14 15:56 - 2012-05-13 20:37 - 00768512 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-10 05:04 - 2012-08-10 05:04 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{C480CC28-129C-47A2-BC9F-A2DCE52D8390}
2012-08-09 12:39 - 2012-08-09 12:39 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{C6174721-7CDF-4ACF-A3D8-96F561B7A0F8}
2012-08-08 13:32 - 2012-08-08 13:33 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{2B84138B-8101-4419-AFD5-1BF8DF2E4F02}
2012-08-05 07:39 - 2012-08-05 07:39 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{E9015C36-FD38-4DD0-A1E0-22EEF3567C84}
2012-08-03 17:55 - 2012-08-03 17:55 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{4A8B219B-2B2E-4FCC-B06D-FEA4EA758C32}
2012-08-03 05:55 - 2012-08-03 05:55 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{73F1C802-18F0-4ACE-9B64-EDF211A06309}
2012-08-02 17:54 - 2012-08-02 17:54 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{B0D5A80B-2BA9-4A8A-A0A8-B73766268672}
2012-08-02 05:53 - 2012-08-10 05:04 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{DAE2D4D6-17E7-4BA6-9F50-A23AF98CAAE9}
2012-08-02 05:53 - 2012-08-02 05:53 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{369EADB5-DA53-4E3E-B9CD-2CAFE292E143}
2012-07-29 10:22 - 2012-07-29 10:22 - 00000000 ____D C:\Program Files\AccentSoft Utilities

============ 3 Months Modified Files ========================

2012-08-27 16:23 - 2009-12-03 00:37 - 01527271 ____A C:\Windows\WindowsUpdate.log
2012-08-27 16:15 - 2009-12-03 03:54 - 07805730 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-27 16:15 - 2009-08-19 11:48 - 00611366 ____A C:\Windows\System32\perfh01D.dat
2012-08-27 16:15 - 2009-08-19 11:48 - 00121648 ____A C:\Windows\System32\perfc01D.dat
2012-08-27 16:15 - 2009-08-19 10:32 - 00668832 ____A C:\Windows\System32\perfh019.dat
2012-08-27 16:15 - 2009-08-19 10:32 - 00129892 ____A C:\Windows\System32\perfc019.dat
2012-08-27 16:15 - 2009-08-19 10:26 - 00683456 ____A C:\Windows\System32\perfh013.dat
2012-08-27 16:15 - 2009-08-19 10:26 - 00130608 ____A C:\Windows\System32\perfc013.dat
2012-08-27 16:15 - 2009-08-19 10:20 - 00442152 ____A C:\Windows\System32\perfh014.dat
2012-08-27 16:15 - 2009-08-19 10:20 - 00075002 ____A C:\Windows\System32\perfc014.dat
2012-08-27 16:15 - 2009-08-19 10:15 - 00682110 ____A C:\Windows\System32\perfh010.dat
2012-08-27 16:15 - 2009-08-19 10:15 - 00125006 ____A C:\Windows\System32\perfc010.dat
2012-08-27 16:09 - 2011-02-20 15:40 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-27 16:07 - 2012-04-06 10:13 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-27 16:07 - 2009-12-30 03:55 - 00017408 ____A C:\Windows\System32\rpcnetp.exe
2012-08-27 13:09 - 2012-08-27 13:09 - 00053204 ____A C:\Users\Rodolfo\Desktop\ark.txt
2012-08-27 11:33 - 2012-08-27 11:33 - 00294216 ____A C:\Users\Rodolfo\Desktop\gmer.zip
2012-08-27 11:31 - 2012-08-27 11:31 - 00013292 ____A C:\Users\Rodolfo\Desktop\DDS.txt
2012-08-27 11:31 - 2012-08-27 11:31 - 00007236 ____A C:\Users\Rodolfo\Desktop\Attach.txt
2012-08-27 11:29 - 2012-08-27 11:29 - 00607260 ____R (Swearware) C:\Users\Rodolfo\Desktop\dds.com
2012-08-27 11:17 - 2009-07-13 20:34 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-27 11:17 - 2009-07-13 20:34 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-27 11:15 - 2011-02-20 15:40 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-27 11:12 - 2012-08-24 18:45 - 00000314 ____A C:\Windows\Tasks\Trlcp.job
2012-08-27 11:12 - 2012-05-01 16:18 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2012-08-27 11:12 - 2009-12-30 03:56 - 00017408 ____A C:\Windows\System32\rpcnetp.dll
2012-08-27 11:12 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-27 11:12 - 2009-07-13 20:39 - 00065889 ____A C:\Windows\setupact.log
2012-08-27 09:46 - 2012-08-27 09:46 - 00012247 ____A C:\ComboFix.txt
2012-08-27 06:50 - 2011-12-09 05:04 - 00000008 ____A C:\Users\Rodolfo\$TimeStamp.pbu
2012-08-27 05:34 - 2012-08-26 19:46 - 00000953 ____A C:\Users\Rodolfo\Desktop\eset.txt
2012-08-26 17:53 - 2011-01-27 07:23 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-26 12:21 - 2012-08-26 12:21 - 10300288 ____A (Microsoft Corporation) C:\Users\Rodolfo\Desktop\mseinstall.exe
2012-08-26 10:41 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-08-26 07:48 - 2009-12-03 04:46 - 01229628 ____A C:\Windows\PFRO.log
2012-08-26 07:47 - 2009-07-13 18:03 - 57933824 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-08-26 07:47 - 2009-07-13 18:03 - 15466496 ____A C:\Windows\System32\config\SYSTEM.bak
2012-08-26 07:47 - 2009-07-13 18:03 - 00786432 ____A C:\Windows\System32\config\DEFAULT.bak
2012-08-26 07:47 - 2009-07-13 18:03 - 00106496 ____A C:\Windows\System32\config\SAM.bak
2012-08-26 07:47 - 2009-07-13 18:03 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-08-26 07:14 - 2012-04-06 10:12 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-26 07:14 - 2011-05-23 05:38 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-24 18:45 - 2012-08-24 18:45 - 00118784 _RASH C:\Windows\System32\dot3dlgw.dll
2012-08-24 15:54 - 2012-08-24 15:44 - 00000066 ____A C:\Users\Rodolfo\Desktop\TINTAS.txt
2012-08-23 11:38 - 2012-08-23 11:38 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-08-23 11:38 - 2012-08-23 11:38 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-08-23 11:38 - 2012-08-23 11:38 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-08-23 11:38 - 2012-08-23 11:38 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-08-23 11:38 - 2010-12-22 17:20 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-08-20 06:54 - 2011-07-22 05:29 - 00000744 ____A C:\Windows\MyHeritage.INI
2012-08-15 05:20 - 2009-07-13 20:33 - 00289168 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 16:00 - 2009-12-03 04:16 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 14:21 - 2012-01-13 13:08 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-09 14:24 - 2011-10-04 16:55 - 00000000 ____A C:\Users\All Users\GetRight.lst
2012-08-07 17:49 - 2012-07-20 16:32 - 00000041 ____A C:\Windows\crw.ini
2012-08-07 17:49 - 2012-07-08 14:46 - 00000064 ____A C:\Users\Rodolfo\Documents\GERENTE.ldb
2012-08-07 17:49 - 2011-03-19 11:26 - 00720896 ____A C:\Users\Rodolfo\Documents\Gerente.mdb
2012-07-23 16:19 - 2012-07-23 16:19 - 00002205 ____A C:\1.xml
2012-07-21 14:49 - 2012-07-21 14:49 - 00001713 ____A C:\Users\Rodolfo\Desktop\Google Earth.lnk
2012-07-19 18:25 - 2011-03-19 11:26 - 00014481 ____A C:\Users\Rodolfo\Documents\Meine Orte.kmz
2012-07-18 11:46 - 2009-07-13 18:04 - 00000448 ____A C:\Windows\win.ini
2012-07-18 11:44 - 2012-07-18 11:44 - 00000996 ____A C:\Users\Rodolfo\Desktop\AirNav ACARS Decoder 2.lnk
2012-07-18 09:44 - 2012-03-13 10:57 - 00058288 ____N (Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
2012-07-18 09:44 - 2012-03-13 10:56 - 00013160 ____A (Absolute Software Corp.) C:\Windows\System32\Upgrd.exe
2012-07-18 09:10 - 2012-08-14 15:56 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 13:26 - 2012-08-14 15:56 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:23 - 2012-08-14 15:56 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:23 - 2012-08-14 15:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-06-26 22:03 - 2012-08-14 15:56 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-26 22:03 - 2012-08-14 15:56 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-26 22:03 - 2012-08-14 15:56 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 06029312 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 02072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00627200 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-26 22:00 - 2012-08-14 15:56 - 11019776 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-26 22:00 - 2012-08-14 15:56 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-26 22:00 - 2012-08-14 15:56 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-26 21:58 - 2012-08-14 15:56 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-26 20:53 - 2012-08-14 15:56 - 00386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-26 20:19 - 2012-08-14 15:56 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-15 06:42 - 2012-06-15 06:42 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 16:05 - 2012-06-14 16:05 - 00053760 ____A C:\Users\Maria Claudia\Documents\modelo consorcio.do%253F%253D%2B%2B%253D%253Futf-8%253FQ%253Fc
2012-06-08 20:46 - 2012-07-19 18:47 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 15:59 - 2012-06-06 15:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-05 21:09 - 2012-07-19 18:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:09 - 2012-07-19 18:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 14:09 - 2012-06-04 14:09 - 00000047 ____A C:\Users\All Users\GetRight.snk
2012-06-02 14:19 - 2012-06-26 12:30 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-26 12:30 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-26 12:30 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-26 12:30 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-26 12:30 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-26 12:30 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-26 12:30 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 10:19 - 2012-06-26 12:29 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 10:12 - 2012-06-26 12:29 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:51 - 2012-07-19 18:47 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:51 - 2012-07-19 18:47 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:50 - 2012-07-19 18:47 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:48 - 2012-07-19 18:47 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:47 - 2012-07-19 18:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-27 09:15:30
Restore point made on: 2012-08-27 11:08:03

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3062.43 MB
Available physical RAM: 2601.12 MB
Total Pagefile: 3058.64 MB
Available Pagefile: 2613.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.73 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:46.56 GB) (Free:4.77 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:7.46 GB) (Free:0.23 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB
Disk 1 Online 7653 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 46 GB 101 MB
Partition 3 Primary 186 GB 46 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 46 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Partition 186 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7652 MB 96 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON FAT32 Removable 7652 MB Healthy

==================================================================================

Last Boot: 2012-08-27 07:28

==================== End Of Log =============================




Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 2012-08-27 21:34:26
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\ERDNT\cache\services.exe
[2011-05-10 16:03] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:28 PM

Posted 27 August 2012 - 08:12 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



NEXT


Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 rphilipp

rphilipp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 27 August 2012 - 09:00 PM

22:20:58.0362 1200 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:20:59.0188 1200 ============================================================
22:20:59.0188 1200 Current date / time: 2012/08/27 22:20:59.0188
22:20:59.0188 1200 SystemInfo:
22:20:59.0188 1200
22:20:59.0188 1200 OS Version: 6.1.7600 ServicePack: 0.0
22:20:59.0188 1200 Product type: Workstation
22:20:59.0188 1200 ComputerName: NOTEBOOK-PC
22:20:59.0188 1200 UserName: Rodolfo
22:20:59.0188 1200 Windows directory: C:\Windows
22:20:59.0188 1200 System windows directory: C:\Windows
22:20:59.0188 1200 Processor architecture: Intel x86
22:20:59.0188 1200 Number of processors: 2
22:20:59.0188 1200 Page size: 0x1000
22:20:59.0188 1200 Boot type: Normal boot
22:20:59.0188 1200 ============================================================
22:21:00.0483 1200 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:21:00.0499 1200 Drive \Device\Harddisk1\DR1 - Size: 0x1DE500000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:21:00.0499 1200 ============================================================
22:21:00.0499 1200 \Device\Harddisk0\DR0:
22:21:00.0499 1200 MBR partitions:
22:21:00.0499 1200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:21:00.0499 1200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5D1D800
22:21:00.0499 1200 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5D50000, BlocksNum 0x17474800
22:21:00.0499 1200 \Device\Harddisk1\DR1:
22:21:00.0499 1200 MBR partitions:
22:21:00.0499 1200 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0xC0, BlocksNum 0xEF2740
22:21:00.0499 1200 ============================================================
22:21:00.0530 1200 C: <-> \Device\Harddisk0\DR0\Partition2
22:21:00.0577 1200 D: <-> \Device\Harddisk0\DR0\Partition3
22:21:00.0577 1200 ============================================================
22:21:00.0577 1200 Initialize success
22:21:00.0577 1200 ============================================================
22:22:03.0980 0704 ============================================================
22:22:03.0980 0704 Scan started
22:22:03.0980 0704 Mode: Manual; TDLFS;
22:22:03.0980 0704 ============================================================
22:22:05.0556 0704 ================ Scan system memory ========================
22:22:05.0556 0704 System memory - ok
22:22:05.0556 0704 ================ Scan services =============================
22:22:05.0728 0704 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:22:05.0728 0704 1394ohci - ok
22:22:05.0759 0704 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:22:05.0774 0704 ACPI - ok
22:22:05.0821 0704 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:22:05.0821 0704 AcpiPmi - ok
22:22:05.0962 0704 [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
22:22:05.0962 0704 AdobeActiveFileMonitor8.0 - ok
22:22:06.0071 0704 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:22:06.0071 0704 AdobeFlashPlayerUpdateSvc - ok
22:22:06.0118 0704 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:22:06.0118 0704 adp94xx - ok
22:22:06.0164 0704 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:22:06.0164 0704 adpahci - ok
22:22:06.0196 0704 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:22:06.0196 0704 adpu320 - ok
22:22:06.0227 0704 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:22:06.0227 0704 AeLookupSvc - ok
22:22:06.0274 0704 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
22:22:06.0274 0704 AFD - ok
22:22:06.0336 0704 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
22:22:06.0352 0704 AgereSoftModem - ok
22:22:06.0383 0704 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:22:06.0383 0704 agp440 - ok
22:22:06.0430 0704 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:22:06.0430 0704 aic78xx - ok
22:22:06.0461 0704 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:22:06.0461 0704 ALG - ok
22:22:06.0508 0704 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:22:06.0508 0704 aliide - ok
22:22:06.0523 0704 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
22:22:06.0523 0704 amdagp - ok
22:22:06.0554 0704 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:22:06.0554 0704 amdide - ok
22:22:06.0586 0704 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:22:06.0586 0704 AmdK8 - ok
22:22:06.0601 0704 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:22:06.0617 0704 AmdPPM - ok
22:22:06.0632 0704 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
22:22:06.0632 0704 amdsata - ok
22:22:06.0648 0704 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:22:06.0664 0704 amdsbs - ok
22:22:06.0679 0704 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
22:22:06.0679 0704 amdxata - ok
22:22:06.0710 0704 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
22:22:06.0726 0704 AppID - ok
22:22:06.0773 0704 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:22:06.0773 0704 AppIDSvc - ok
22:22:06.0820 0704 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
22:22:06.0835 0704 Appinfo - ok
22:22:07.0007 0704 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:22:07.0007 0704 Apple Mobile Device - ok
22:22:07.0054 0704 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:22:07.0054 0704 AppMgmt - ok
22:22:07.0100 0704 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:22:07.0100 0704 arc - ok
22:22:07.0116 0704 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:22:07.0116 0704 arcsas - ok
22:22:07.0147 0704 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:22:07.0163 0704 AsyncMac - ok
22:22:07.0178 0704 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:22:07.0178 0704 atapi - ok
22:22:07.0225 0704 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:22:07.0241 0704 AudioEndpointBuilder - ok
22:22:07.0241 0704 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:22:07.0256 0704 Audiosrv - ok
22:22:07.0272 0704 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:22:07.0272 0704 AxInstSV - ok
22:22:07.0303 0704 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:22:07.0319 0704 b06bdrv - ok
22:22:07.0350 0704 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:22:07.0350 0704 b57nd60x - ok
22:22:07.0397 0704 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:22:07.0397 0704 BDESVC - ok
22:22:07.0412 0704 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:22:07.0412 0704 Beep - ok
22:22:07.0459 0704 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
22:22:07.0459 0704 BFE - ok
22:22:07.0506 0704 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
22:22:07.0522 0704 BITS - ok
22:22:07.0537 0704 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:22:07.0553 0704 blbdrive - ok
22:22:07.0662 0704 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:22:07.0662 0704 Bonjour Service - ok
22:22:07.0693 0704 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:22:07.0693 0704 bowser - ok
22:22:07.0724 0704 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:22:07.0724 0704 BrFiltLo - ok
22:22:07.0740 0704 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:22:07.0740 0704 BrFiltUp - ok
22:22:07.0802 0704 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:22:07.0818 0704 BridgeMP - ok
22:22:07.0849 0704 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
22:22:07.0849 0704 Browser - ok
22:22:07.0880 0704 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:22:07.0880 0704 Brserid - ok
22:22:07.0896 0704 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:22:07.0912 0704 BrSerWdm - ok
22:22:07.0912 0704 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:22:07.0927 0704 BrUsbMdm - ok
22:22:07.0943 0704 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:22:07.0943 0704 BrUsbSer - ok
22:22:08.0005 0704 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:22:08.0005 0704 BthEnum - ok
22:22:08.0005 0704 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:22:08.0005 0704 BTHMODEM - ok
22:22:08.0036 0704 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:22:08.0036 0704 BthPan - ok
22:22:08.0068 0704 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:22:08.0083 0704 BTHPORT - ok
22:22:08.0114 0704 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:22:08.0130 0704 bthserv - ok
22:22:08.0146 0704 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:22:08.0146 0704 BTHUSB - ok
22:22:08.0192 0704 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:22:08.0192 0704 btwaudio - ok
22:22:08.0239 0704 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
22:22:08.0239 0704 btwavdt - ok
22:22:08.0317 0704 [ 7CAA4410C25026B9BEE85F6C7F86B19B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:22:08.0333 0704 btwdins - ok
22:22:08.0364 0704 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:22:08.0364 0704 btwl2cap - ok
22:22:08.0380 0704 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:22:08.0380 0704 btwrchid - ok
22:22:08.0536 0704 catchme - ok
22:22:08.0567 0704 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:22:08.0567 0704 cdfs - ok
22:22:08.0629 0704 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:22:08.0629 0704 cdrom - ok
22:22:08.0676 0704 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
22:22:08.0676 0704 CertPropSvc - ok
22:22:08.0692 0704 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:22:08.0692 0704 circlass - ok
22:22:08.0723 0704 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:22:08.0723 0704 CLFS - ok
22:22:08.0801 0704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:08.0801 0704 clr_optimization_v2.0.50727_32 - ok
22:22:08.0816 0704 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:22:08.0816 0704 CmBatt - ok
22:22:08.0863 0704 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:22:08.0863 0704 cmdide - ok
22:22:08.0894 0704 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
22:22:08.0910 0704 CNG - ok
22:22:08.0941 0704 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:22:08.0941 0704 Compbatt - ok
22:22:08.0972 0704 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:22:08.0972 0704 CompositeBus - ok
22:22:08.0988 0704 COMSysApp - ok
22:22:09.0082 0704 [ 75FA19142531CBF490770C2988A7DB64 ] cpuz134 C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
22:22:09.0082 0704 cpuz134 - ok
22:22:09.0113 0704 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:22:09.0113 0704 crcdisk - ok
22:22:09.0160 0704 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:22:09.0160 0704 CryptSvc - ok
22:22:09.0206 0704 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
22:22:09.0206 0704 CSC - ok
22:22:09.0238 0704 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
22:22:09.0238 0704 CscService - ok
22:22:09.0284 0704 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
22:22:09.0284 0704 DcomLaunch - ok
22:22:09.0316 0704 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:22:09.0316 0704 defragsvc - ok
22:22:09.0347 0704 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:22:09.0362 0704 DfsC - ok
22:22:09.0409 0704 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:22:09.0409 0704 Dhcp - ok
22:22:09.0440 0704 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:22:09.0440 0704 discache - ok
22:22:09.0472 0704 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:22:09.0472 0704 Disk - ok
22:22:09.0503 0704 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:22:09.0503 0704 Dnscache - ok
22:22:09.0534 0704 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
22:22:09.0534 0704 dot3svc - ok
22:22:09.0550 0704 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
22:22:09.0550 0704 DPS - ok
22:22:09.0596 0704 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:22:09.0596 0704 drmkaud - ok
22:22:09.0659 0704 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:22:09.0659 0704 DXGKrnl - ok
22:22:09.0706 0704 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:22:09.0706 0704 EapHost - ok
22:22:09.0815 0704 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:22:09.0862 0704 ebdrv - ok
22:22:09.0877 0704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
22:22:09.0877 0704 EFS - ok
22:22:09.0924 0704 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:22:09.0940 0704 ehRecvr - ok
22:22:09.0955 0704 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:22:09.0955 0704 ehSched - ok
22:22:10.0018 0704 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:22:10.0033 0704 elxstor - ok
22:22:10.0049 0704 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:22:10.0049 0704 ErrDev - ok
22:22:10.0096 0704 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:22:10.0096 0704 EventSystem - ok
22:22:10.0111 0704 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:22:10.0111 0704 exfat - ok
22:22:10.0127 0704 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:22:10.0142 0704 fastfat - ok
22:22:10.0189 0704 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
22:22:10.0189 0704 Fax - ok
22:22:10.0220 0704 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:22:10.0220 0704 fdc - ok
22:22:10.0252 0704 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:22:10.0252 0704 fdPHost - ok
22:22:10.0283 0704 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:22:10.0283 0704 FDResPub - ok
22:22:10.0314 0704 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:22:10.0314 0704 FileInfo - ok
22:22:10.0345 0704 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:22:10.0345 0704 Filetrace - ok
22:22:10.0376 0704 [ 5575EE5823DE1558F8486EB4E33FFA99 ] FlashUSB C:\Windows\system32\DRIVERS\FlashUSB.sys
22:22:10.0376 0704 FlashUSB - ok
22:22:10.0454 0704 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:22:10.0486 0704 FLEXnet Licensing Service - ok
22:22:10.0501 0704 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:22:10.0501 0704 flpydisk - ok
22:22:10.0532 0704 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:22:10.0548 0704 FltMgr - ok
22:22:10.0579 0704 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
22:22:10.0595 0704 FontCache - ok
22:22:10.0688 0704 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:10.0704 0704 FontCache3.0.0.0 - ok
22:22:10.0720 0704 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:22:10.0720 0704 FsDepends - ok
22:22:10.0766 0704 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:22:10.0766 0704 Fs_Rec - ok
22:22:10.0798 0704 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:22:10.0798 0704 fvevol - ok
22:22:10.0844 0704 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:22:10.0844 0704 gagp30kx - ok
22:22:10.0876 0704 [ 6A6235B73B0E64C35213DB055B94954C ] GbpKm C:\Windows\system32\drivers\gbpkm.sys
22:22:10.0891 0704 GbpKm - ok
22:22:10.0954 0704 [ AD7BBB8878A8D1B415E6962B468B3210 ] GbpSv C:\PROGRA~1\GbPlugin\GbpSv.exe
22:22:10.0954 0704 GbpSv - ok
22:22:11.0000 0704 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:22:11.0000 0704 GEARAspiWDM - ok
22:22:11.0047 0704 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
22:22:11.0047 0704 gpsvc - ok
22:22:11.0110 0704 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
22:22:11.0110 0704 grmnusb - ok
22:22:11.0156 0704 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:11.0156 0704 gupdate - ok
22:22:11.0188 0704 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:11.0188 0704 gupdatem - ok
22:22:11.0250 0704 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
22:22:11.0250 0704 Hardlock - ok
22:22:11.0281 0704 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:22:11.0281 0704 hcw85cir - ok
22:22:11.0344 0704 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:22:11.0344 0704 HdAudAddService - ok
22:22:11.0390 0704 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:22:11.0390 0704 HDAudBus - ok
22:22:11.0406 0704 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:22:11.0406 0704 HidBatt - ok
22:22:11.0437 0704 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:22:11.0437 0704 HidBth - ok
22:22:11.0468 0704 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:22:11.0468 0704 HidIr - ok
22:22:11.0500 0704 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:22:11.0500 0704 hidserv - ok
22:22:11.0531 0704 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:22:11.0531 0704 HidUsb - ok
22:22:11.0562 0704 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:22:11.0562 0704 hkmsvc - ok
22:22:11.0593 0704 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:22:11.0593 0704 HomeGroupListener - ok
22:22:11.0609 0704 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:22:11.0624 0704 HomeGroupProvider - ok
22:22:11.0656 0704 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:22:11.0656 0704 HpSAMD - ok
22:22:11.0687 0704 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:22:11.0702 0704 HTTP - ok
22:22:11.0718 0704 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:22:11.0718 0704 hwpolicy - ok
22:22:11.0749 0704 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:22:11.0749 0704 i8042prt - ok
22:22:11.0780 0704 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
22:22:11.0796 0704 iaStorV - ok
22:22:11.0858 0704 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:22:11.0874 0704 idsvc - ok
22:22:12.0061 0704 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:22:12.0170 0704 igfx - ok
22:22:12.0217 0704 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:22:12.0217 0704 iirsp - ok
22:22:12.0264 0704 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
22:22:12.0280 0704 IKEEXT - ok
22:22:12.0326 0704 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:22:12.0326 0704 intelide - ok
22:22:12.0358 0704 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:22:12.0358 0704 intelppm - ok
22:22:12.0373 0704 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:22:12.0373 0704 IPBusEnum - ok
22:22:12.0389 0704 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:12.0389 0704 IpFilterDriver - ok
22:22:12.0436 0704 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:22:12.0451 0704 iphlpsvc - ok
22:22:12.0451 0704 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:22:12.0467 0704 IPMIDRV - ok
22:22:12.0482 0704 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:22:12.0482 0704 IPNAT - ok
22:22:12.0560 0704 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:22:12.0576 0704 iPod Service - ok
22:22:12.0607 0704 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:22:12.0607 0704 IRENUM - ok
22:22:12.0638 0704 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:22:12.0638 0704 isapnp - ok
22:22:12.0670 0704 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:22:12.0670 0704 iScsiPrt - ok
22:22:12.0701 0704 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:22:12.0701 0704 kbdclass - ok
22:22:12.0732 0704 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:22:12.0732 0704 kbdhid - ok
22:22:12.0763 0704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
22:22:12.0763 0704 KeyIso - ok
22:22:12.0794 0704 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:22:12.0794 0704 KSecDD - ok
22:22:12.0810 0704 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:22:12.0810 0704 KSecPkg - ok
22:22:12.0841 0704 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:22:12.0841 0704 KtmRm - ok
22:22:12.0904 0704 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
22:22:12.0904 0704 LanmanServer - ok
22:22:12.0919 0704 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:22:12.0935 0704 LanmanWorkstation - ok
22:22:12.0982 0704 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:22:12.0982 0704 lltdio - ok
22:22:13.0013 0704 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:22:13.0028 0704 lltdsvc - ok
22:22:13.0044 0704 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:22:13.0044 0704 lmhosts - ok
22:22:13.0091 0704 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:22:13.0091 0704 LSI_FC - ok
22:22:13.0106 0704 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:22:13.0106 0704 LSI_SAS - ok
22:22:13.0122 0704 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:22:13.0122 0704 LSI_SAS2 - ok
22:22:13.0138 0704 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:22:13.0138 0704 LSI_SCSI - ok
22:22:13.0169 0704 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:22:13.0169 0704 luafv - ok
22:22:13.0200 0704 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:22:13.0200 0704 Mcx2Svc - ok
22:22:13.0216 0704 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:22:13.0216 0704 megasas - ok
22:22:13.0247 0704 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:22:13.0247 0704 MegaSR - ok
22:22:13.0278 0704 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:22:13.0278 0704 MMCSS - ok
22:22:13.0294 0704 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:22:13.0294 0704 Modem - ok
22:22:13.0325 0704 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:22:13.0325 0704 monitor - ok
22:22:13.0372 0704 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:22:13.0372 0704 mouclass - ok
22:22:13.0418 0704 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:22:13.0418 0704 mouhid - ok
22:22:13.0434 0704 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:22:13.0434 0704 mountmgr - ok
22:22:13.0512 0704 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:22:13.0512 0704 MpFilter - ok
22:22:13.0543 0704 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:22:13.0543 0704 mpio - ok
22:22:13.0559 0704 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:22:13.0559 0704 mpsdrv - ok
22:22:13.0606 0704 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
22:22:13.0621 0704 MpsSvc - ok
22:22:13.0637 0704 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:22:13.0637 0704 MRxDAV - ok
22:22:13.0699 0704 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:22:13.0699 0704 mrxsmb - ok
22:22:13.0730 0704 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:22:13.0730 0704 mrxsmb10 - ok
22:22:13.0762 0704 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:22:13.0762 0704 mrxsmb20 - ok
22:22:13.0777 0704 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:22:13.0777 0704 msahci - ok
22:22:13.0793 0704 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:22:13.0808 0704 msdsm - ok
22:22:13.0824 0704 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:22:13.0824 0704 MSDTC - ok
22:22:13.0840 0704 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:22:13.0840 0704 Msfs - ok
22:22:13.0855 0704 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:22:13.0855 0704 mshidkmdf - ok
22:22:13.0855 0704 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:22:13.0855 0704 msisadrv - ok
22:22:13.0902 0704 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:22:13.0918 0704 MSiSCSI - ok
22:22:13.0918 0704 msiserver - ok
22:22:13.0933 0704 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:22:13.0949 0704 MSKSSRV - ok
22:22:14.0042 0704 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:22:14.0042 0704 MsMpSvc - ok
22:22:14.0058 0704 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:22:14.0058 0704 MSPCLOCK - ok
22:22:14.0074 0704 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:22:14.0074 0704 MSPQM - ok
22:22:14.0105 0704 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:22:14.0105 0704 MsRPC - ok
22:22:14.0136 0704 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:22:14.0136 0704 mssmbios - ok
22:22:14.0152 0704 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:22:14.0152 0704 MSTEE - ok
22:22:14.0167 0704 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:22:14.0167 0704 MTConfig - ok
22:22:14.0183 0704 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:22:14.0183 0704 Mup - ok
22:22:14.0214 0704 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
22:22:14.0230 0704 napagent - ok
22:22:14.0276 0704 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:22:14.0292 0704 NativeWifiP - ok
22:22:14.0339 0704 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:22:14.0339 0704 NDIS - ok
22:22:14.0401 0704 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:22:14.0401 0704 NdisCap - ok
22:22:14.0448 0704 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:22:14.0448 0704 NdisTapi - ok
22:22:14.0464 0704 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:22:14.0464 0704 Ndisuio - ok
22:22:14.0510 0704 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:22:14.0510 0704 NdisWan - ok
22:22:14.0510 0704 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:22:14.0526 0704 NDProxy - ok
22:22:14.0542 0704 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:22:14.0542 0704 NetBIOS - ok
22:22:14.0542 0704 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:22:14.0557 0704 NetBT - ok
22:22:14.0573 0704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
22:22:14.0573 0704 Netlogon - ok
22:22:14.0620 0704 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:22:14.0620 0704 Netman - ok
22:22:14.0635 0704 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:22:14.0651 0704 netprofm - ok
22:22:14.0666 0704 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:22:14.0682 0704 NetTcpPortSharing - ok
22:22:14.0791 0704 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
22:22:14.0885 0704 netw5v32 - ok
22:22:14.0947 0704 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:22:14.0947 0704 nfrd960 - ok
22:22:15.0010 0704 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:22:15.0010 0704 NisDrv - ok
22:22:15.0056 0704 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:22:15.0056 0704 NisSrv - ok
22:22:15.0103 0704 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
22:22:15.0103 0704 NlaSvc - ok
22:22:15.0119 0704 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:22:15.0119 0704 Npfs - ok
22:22:15.0181 0704 [ F55A4363F92FCD55D71508C73D7DF422 ] NSHE C:\Windows\system32\Drivers\NSHE.SYS
22:22:15.0181 0704 NSHE - ok
22:22:15.0212 0704 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:22:15.0212 0704 nsi - ok
22:22:15.0228 0704 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:22:15.0228 0704 nsiproxy - ok
22:22:15.0275 0704 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:22:15.0290 0704 Ntfs - ok
22:22:15.0306 0704 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:22:15.0306 0704 Null - ok
22:22:15.0337 0704 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
22:22:15.0337 0704 nvraid - ok
22:22:15.0353 0704 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
22:22:15.0353 0704 nvstor - ok
22:22:15.0368 0704 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:22:15.0368 0704 nv_agp - ok
22:22:15.0446 0704 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:22:15.0462 0704 odserv - ok
22:22:15.0478 0704 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:22:15.0493 0704 ohci1394 - ok
22:22:15.0524 0704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:15.0524 0704 ose - ok
22:22:15.0556 0704 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:22:15.0571 0704 p2pimsvc - ok
22:22:15.0587 0704 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:22:15.0587 0704 p2psvc - ok
22:22:15.0634 0704 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:22:15.0634 0704 Parport - ok
22:22:15.0665 0704 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:22:15.0680 0704 partmgr - ok
22:22:15.0696 0704 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:22:15.0696 0704 Parvdm - ok
22:22:15.0712 0704 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:22:15.0727 0704 PcaSvc - ok
22:22:15.0743 0704 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
22:22:15.0743 0704 pci - ok
22:22:15.0790 0704 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:22:15.0790 0704 pciide - ok
22:22:15.0805 0704 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:22:15.0805 0704 pcmcia - ok
22:22:15.0821 0704 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:22:15.0821 0704 pcw - ok
22:22:15.0883 0704 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:22:15.0883 0704 PEAUTH - ok
22:22:15.0946 0704 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:22:15.0961 0704 PeerDistSvc - ok
22:22:16.0024 0704 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
22:22:16.0055 0704 pla - ok
22:22:16.0102 0704 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:22:16.0102 0704 PlugPlay - ok
22:22:16.0117 0704 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:22:16.0117 0704 PNRPAutoReg - ok
22:22:16.0133 0704 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:22:16.0133 0704 PNRPsvc - ok
22:22:16.0164 0704 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:22:16.0180 0704 PolicyAgent - ok
22:22:16.0211 0704 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
22:22:16.0226 0704 Power - ok
22:22:16.0273 0704 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:22:16.0273 0704 PptpMiniport - ok
22:22:16.0304 0704 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:22:16.0304 0704 Processor - ok
22:22:16.0336 0704 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
22:22:16.0336 0704 ProfSvc - ok
22:22:16.0367 0704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:22:16.0367 0704 ProtectedStorage - ok
22:22:16.0414 0704 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:22:16.0414 0704 Psched - ok
22:22:16.0460 0704 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
22:22:16.0460 0704 PxHelp20 - ok
22:22:16.0523 0704 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:22:16.0538 0704 ql2300 - ok
22:22:16.0570 0704 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:22:16.0570 0704 ql40xx - ok
22:22:16.0616 0704 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:22:16.0616 0704 QWAVE - ok
22:22:16.0632 0704 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:22:16.0632 0704 QWAVEdrv - ok
22:22:16.0632 0704 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:22:16.0648 0704 RasAcd - ok
22:22:16.0679 0704 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:22:16.0679 0704 RasAgileVpn - ok
22:22:16.0694 0704 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:22:16.0694 0704 RasAuto - ok
22:22:16.0726 0704 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:16.0726 0704 Rasl2tp - ok
22:22:16.0757 0704 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
22:22:16.0757 0704 RasMan - ok
22:22:16.0772 0704 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:16.0772 0704 RasPppoe - ok
22:22:16.0788 0704 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:22:16.0788 0704 RasSstp - ok
22:22:16.0835 0704 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:22:16.0835 0704 rdbss - ok
22:22:16.0850 0704 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:22:16.0850 0704 rdpbus - ok
22:22:16.0866 0704 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:16.0866 0704 RDPCDD - ok
22:22:16.0897 0704 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:22:16.0913 0704 RDPDR - ok
22:22:16.0928 0704 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:22:16.0928 0704 RDPENCDD - ok
22:22:16.0944 0704 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:22:16.0944 0704 RDPREFMP - ok
22:22:16.0975 0704 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:22:16.0975 0704 RDPWD - ok
22:22:17.0022 0704 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:22:17.0022 0704 rdyboost - ok
22:22:17.0053 0704 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:22:17.0053 0704 RemoteAccess - ok
22:22:17.0084 0704 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:22:17.0084 0704 RemoteRegistry - ok
22:22:17.0131 0704 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:22:17.0131 0704 RFCOMM - ok
22:22:17.0178 0704 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
22:22:17.0178 0704 rismxdp - ok
22:22:17.0194 0704 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:22:17.0209 0704 RpcEptMapper - ok
22:22:17.0225 0704 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:22:17.0225 0704 RpcLocator - ok
22:22:17.0287 0704 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\system32\rpcnet.exe
22:22:17.0287 0704 rpcnet - ok
22:22:17.0318 0704 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
22:22:17.0318 0704 RpcSs - ok
22:22:17.0365 0704 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:22:17.0381 0704 rspndr - ok
22:22:17.0396 0704 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:22:17.0396 0704 s3cap - ok
22:22:17.0428 0704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
22:22:17.0428 0704 SamSs - ok
22:22:17.0459 0704 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:22:17.0459 0704 sbp2port - ok
22:22:17.0490 0704 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:22:17.0490 0704 SCardSvr - ok
22:22:17.0552 0704 [ 612A3D69E603DBBE5C3C1079186A0393 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
22:22:17.0552 0704 SCDEmu - ok
22:22:17.0568 0704 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:22:17.0568 0704 scfilter - ok
22:22:17.0615 0704 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
22:22:17.0615 0704 Schedule - ok
22:22:17.0630 0704 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:22:17.0630 0704 SCPolicySvc - ok
22:22:17.0677 0704 [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:22:17.0677 0704 sdbus - ok
22:22:17.0708 0704 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:22:17.0708 0704 SDRSVC - ok
22:22:17.0740 0704 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:22:17.0740 0704 secdrv - ok
22:22:17.0755 0704 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:22:17.0755 0704 seclogon - ok
22:22:17.0802 0704 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:22:17.0802 0704 SENS - ok
22:22:17.0833 0704 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:22:17.0833 0704 SensrSvc - ok
22:22:17.0849 0704 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:22:17.0849 0704 Serenum - ok
22:22:17.0880 0704 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:22:17.0880 0704 Serial - ok
22:22:17.0911 0704 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:22:17.0911 0704 sermouse - ok
22:22:17.0942 0704 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
22:22:17.0942 0704 SessionEnv - ok
22:22:17.0958 0704 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:22:17.0958 0704 sffdisk - ok
22:22:17.0974 0704 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:22:17.0989 0704 sffp_mmc - ok
22:22:17.0989 0704 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:22:17.0989 0704 sffp_sd - ok
22:22:18.0005 0704 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:22:18.0005 0704 sfloppy - ok
22:22:18.0052 0704 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:22:18.0052 0704 SharedAccess - ok
22:22:18.0083 0704 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:22:18.0098 0704 ShellHWDetection - ok
22:22:18.0114 0704 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
22:22:18.0114 0704 sisagp - ok
22:22:18.0161 0704 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:22:18.0161 0704 SiSRaid2 - ok
22:22:18.0176 0704 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:22:18.0176 0704 SiSRaid4 - ok
22:22:18.0254 0704 [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:22:18.0254 0704 SkypeUpdate - ok
22:22:18.0286 0704 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:22:18.0286 0704 Smb - ok
22:22:18.0317 0704 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:22:18.0332 0704 SNMPTRAP - ok
22:22:18.0348 0704 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:22:18.0348 0704 spldr - ok
22:22:18.0395 0704 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
22:22:18.0395 0704 Spooler - ok
22:22:18.0488 0704 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
22:22:18.0520 0704 sppsvc - ok
22:22:18.0551 0704 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:22:18.0551 0704 sppuinotify - ok
22:22:18.0582 0704 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:22:18.0598 0704 srv - ok
22:22:18.0613 0704 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:22:18.0629 0704 srv2 - ok
22:22:18.0644 0704 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:22:18.0644 0704 srvnet - ok
22:22:18.0676 0704 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:22:18.0691 0704 SSDPSRV - ok
22:22:18.0707 0704 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:22:18.0707 0704 SstpSvc - ok
22:22:18.0738 0704 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:22:18.0738 0704 stexstor - ok
22:22:18.0769 0704 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
22:22:18.0769 0704 StiSvc - ok
22:22:18.0800 0704 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:22:18.0800 0704 storflt - ok
22:22:18.0816 0704 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:22:18.0816 0704 storvsc - ok
22:22:18.0847 0704 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:22:18.0847 0704 swenum - ok
22:22:18.0863 0704 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:22:18.0863 0704 swprv - ok
22:22:18.0925 0704 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
22:22:18.0941 0704 SysMain - ok
22:22:18.0956 0704 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:22:18.0956 0704 TabletInputService - ok
22:22:18.0988 0704 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
22:22:18.0988 0704 TapiSrv - ok
22:22:19.0003 0704 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:22:19.0003 0704 TBS - ok
22:22:19.0066 0704 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:22:19.0081 0704 Tcpip - ok
22:22:19.0112 0704 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:22:19.0128 0704 TCPIP6 - ok
22:22:19.0159 0704 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:22:19.0159 0704 tcpipreg - ok
22:22:19.0175 0704 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:22:19.0175 0704 TDPIPE - ok
22:22:19.0206 0704 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:22:19.0222 0704 TDTCP - ok
22:22:19.0237 0704 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:22:19.0237 0704 tdx - ok
22:22:19.0253 0704 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:22:19.0253 0704 TermDD - ok
22:22:19.0300 0704 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
22:22:19.0300 0704 TermService - ok
22:22:19.0315 0704 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:22:19.0331 0704 Themes - ok
22:22:19.0331 0704 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:22:19.0331 0704 THREADORDER - ok
22:22:19.0362 0704 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:22:19.0362 0704 TrkWks - ok
22:22:19.0409 0704 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:22:19.0409 0704 TrustedInstaller - ok
22:22:19.0424 0704 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:19.0424 0704 tssecsrv - ok
22:22:19.0471 0704 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:22:19.0471 0704 tunnel - ok
22:22:19.0502 0704 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:22:19.0502 0704 uagp35 - ok
22:22:19.0518 0704 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:22:19.0518 0704 udfs - ok
22:22:19.0565 0704 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:22:19.0565 0704 UI0Detect - ok
22:22:19.0612 0704 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:22:19.0612 0704 uliagpkx - ok
22:22:19.0643 0704 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:22:19.0643 0704 umbus - ok
22:22:19.0690 0704 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:22:19.0690 0704 UmPass - ok
22:22:19.0721 0704 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:22:19.0736 0704 UmRdpService - ok
22:22:19.0752 0704 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:22:19.0752 0704 upnphost - ok
22:22:19.0814 0704 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:22:19.0814 0704 USBAAPL - ok
22:22:19.0846 0704 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:22:19.0846 0704 usbaudio - ok
22:22:19.0877 0704 usbbus - ok
22:22:19.0892 0704 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:19.0908 0704 usbccgp - ok
22:22:19.0939 0704 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:22:19.0939 0704 usbcir - ok
22:22:19.0939 0704 UsbDiag - ok
22:22:19.0970 0704 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:22:19.0970 0704 usbehci - ok
22:22:20.0033 0704 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:22:20.0033 0704 usbhub - ok
22:22:20.0033 0704 USBModem - ok
22:22:20.0048 0704 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:22:20.0048 0704 usbohci - ok
22:22:20.0095 0704 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:22:20.0095 0704 usbprint - ok
22:22:20.0111 0704 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:22:20.0111 0704 usbscan - ok
22:22:20.0142 0704 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:20.0142 0704 USBSTOR - ok
22:22:20.0142 0704 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:22:20.0158 0704 usbuhci - ok
22:22:20.0173 0704 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:22:20.0173 0704 UxSms - ok
22:22:20.0189 0704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
22:22:20.0189 0704 VaultSvc - ok
22:22:20.0204 0704 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:22:20.0204 0704 vdrvroot - ok
22:22:20.0236 0704 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
22:22:20.0251 0704 vds - ok
22:22:20.0298 0704 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:20.0298 0704 vga - ok
22:22:20.0345 0704 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:22:20.0360 0704 VgaSave - ok
22:22:20.0376 0704 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:22:20.0376 0704 vhdmp - ok
22:22:20.0423 0704 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
22:22:20.0423 0704 viaagp - ok
22:22:20.0438 0704 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:22:20.0438 0704 ViaC7 - ok
22:22:20.0438 0704 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:22:20.0438 0704 viaide - ok
22:22:20.0470 0704 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:22:20.0470 0704 vmbus - ok
22:22:20.0485 0704 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:22:20.0485 0704 VMBusHID - ok
22:22:20.0501 0704 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:22:20.0516 0704 volmgr - ok
22:22:20.0532 0704 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:22:20.0532 0704 volmgrx - ok
22:22:20.0579 0704 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:22:20.0579 0704 volsnap - ok
22:22:20.0688 0704 [ DA650CAEB70CA0F93BDECDB152EC3311 ] Vono_Manager C:\Program Files\Vono\Softfone Vono\System\Vono Manager.exe
22:22:20.0688 0704 Vono_Manager - ok
22:22:20.0735 0704 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:22:20.0735 0704 vsmraid - ok
22:22:20.0797 0704 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
22:22:20.0797 0704 VSS - ok
22:22:20.0813 0704 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:22:20.0813 0704 vwifibus - ok
22:22:20.0844 0704 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:22:20.0844 0704 W32Time - ok
22:22:20.0860 0704 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:22:20.0860 0704 WacomPen - ok
22:22:20.0891 0704 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:22:20.0891 0704 WANARP - ok
22:22:20.0906 0704 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:22:20.0906 0704 Wanarpv6 - ok
22:22:20.0938 0704 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
22:22:20.0953 0704 wbengine - ok
22:22:21.0000 0704 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:22:21.0000 0704 WbioSrvc - ok
22:22:21.0031 0704 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:22:21.0047 0704 wcncsvc - ok
22:22:21.0062 0704 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:22:21.0062 0704 WcsPlugInService - ok
22:22:21.0078 0704 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:22:21.0078 0704 Wd - ok
22:22:21.0109 0704 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:22:21.0109 0704 Wdf01000 - ok
22:22:21.0140 0704 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:22:21.0140 0704 WdiServiceHost - ok
22:22:21.0140 0704 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:22:21.0140 0704 WdiSystemHost - ok
22:22:21.0156 0704 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
22:22:21.0172 0704 WebClient - ok
22:22:21.0172 0704 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:22:21.0187 0704 Wecsvc - ok
22:22:21.0203 0704 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:22:21.0203 0704 wercplsupport - ok
22:22:21.0234 0704 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:22:21.0234 0704 WerSvc - ok
22:22:21.0265 0704 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:22:21.0265 0704 WfpLwf - ok
22:22:21.0281 0704 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:22:21.0281 0704 WIMMount - ok
22:22:21.0328 0704 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:22:21.0328 0704 WinDefend - ok
22:22:21.0343 0704 WinHttpAutoProxySvc - ok
22:22:21.0406 0704 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:22:21.0406 0704 Winmgmt - ok
22:22:21.0452 0704 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
22:22:21.0468 0704 WinRM - ok
22:22:21.0530 0704 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:22:21.0530 0704 WinUsb - ok
22:22:21.0562 0704 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:22:21.0577 0704 Wlansvc - ok
22:22:21.0702 0704 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:22:21.0733 0704 wlidsvc - ok
22:22:21.0780 0704 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:22:21.0780 0704 WmiAcpi - ok
22:22:21.0811 0704 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:22:21.0811 0704 wmiApSrv - ok
22:22:21.0889 0704 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:22:21.0905 0704 WMPNetworkSvc - ok
22:22:21.0920 0704 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:22:21.0936 0704 WPCSvc - ok
22:22:21.0936 0704 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:22:21.0952 0704 WPDBusEnum - ok
22:22:21.0952 0704 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:22:21.0967 0704 ws2ifsl - ok
22:22:21.0983 0704 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
22:22:21.0983 0704 wscsvc - ok
22:22:21.0983 0704 WSearch - ok
22:22:22.0061 0704 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:22:22.0092 0704 wuauserv - ok
22:22:22.0108 0704 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:22:22.0108 0704 WudfPf - ok
22:22:22.0139 0704 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:22.0154 0704 WUDFRd - ok
22:22:22.0201 0704 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:22:22.0201 0704 wudfsvc - ok
22:22:22.0217 0704 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:22:22.0217 0704 WwanSvc - ok
22:22:22.0264 0704 [ 1E41295EAC56589EFD9DC3CA14BF3FEC ] ZSMC302 C:\Windows\system32\Drivers\usbvm302.sys
22:22:22.0264 0704 ZSMC302 - ok
22:22:22.0310 0704 ================ Scan global ===============================
22:22:22.0342 0704 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
22:22:22.0404 0704 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
22:22:22.0420 0704 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
22:22:22.0451 0704 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:22:22.0482 0704 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:22:22.0482 0704 [Global] - ok
22:22:22.0482 0704 ================ Scan MBR ==================================
22:22:22.0498 0704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:22:22.0763 0704 \Device\Harddisk0\DR0 - ok
22:22:22.0778 0704 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR1
22:22:22.0934 0704 \Device\Harddisk1\DR1 - ok
22:22:22.0934 0704 ================ Scan VBR ==================================
22:22:22.0934 0704 [ DF949196DD7AD1AF023BC1C26073A6C5 ] \Device\Harddisk0\DR0\Partition1
22:22:22.0934 0704 \Device\Harddisk0\DR0\Partition1 - ok
22:22:22.0966 0704 [ A3ACEB72144BBEBBA4C4112DDB48E50B ] \Device\Harddisk0\DR0\Partition2
22:22:22.0966 0704 \Device\Harddisk0\DR0\Partition2 - ok
22:22:22.0981 0704 [ 020F421A6223AB45B4C0D87FF40EC6C4 ] \Device\Harddisk0\DR0\Partition3
22:22:22.0981 0704 \Device\Harddisk0\DR0\Partition3 - ok
22:22:22.0997 0704 [ 737D95D9B1D26182EB319139200A144F ] \Device\Harddisk1\DR1\Partition1
22:22:22.0997 0704 \Device\Harddisk1\DR1\Partition1 - ok
22:22:22.0997 0704 ============================================================
22:22:22.0997 0704 Scan finished
22:22:22.0997 0704 ============================================================
22:22:23.0012 2548 Detected object count: 0
22:22:23.0012 2548 Actual detected object count: 0
22:23:16.0193 4000 Deinitialize success




ComboFix 12-08-25.04 - Rodolfo 27.08.2012 22:36:48.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3062.2163 [GMT -3:00]
ausgeführt von:: c:\users\Rodolfo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-28 bis 2012-08-28 ))))))))))))))))))))))))))))))
.
.
2012-08-28 05:30 . 2012-08-28 05:31 -------- d-----w- C:\FRST
2012-08-28 01:45 . 2012-08-28 01:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-28 01:45 . 2012-08-28 01:45 -------- d-----w- c:\users\Maria Claudia\AppData\Local\temp
2012-08-28 01:45 . 2012-08-28 01:45 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-08-28 01:45 . 2012-08-28 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-27 03:02 . 2012-08-27 03:02 -------- d-----w- c:\program files\ESET
2012-08-27 02:25 . 2012-08-20 04:53 7023536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F62C3D3-067D-4ADA-8BE5-04637E0DE9D1}\mpengine.dll
2012-08-27 01:52 . 2012-08-27 01:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-26 15:46 . 2012-08-28 01:45 -------- d-----w- c:\users\Rodolfo\AppData\Local\temp
2012-08-25 02:45 . 2012-08-25 02:45 118784 --sha-r- c:\windows\system32\dot3dlgw.dll
2012-08-23 19:38 . 2012-08-23 19:38 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-07-29 18:22 . 2012-07-29 18:22 -------- d-----w- c:\program files\AccentSoft Utilities
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 01:25 . 2009-12-30 11:55 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-28 01:25 . 2012-05-02 00:18 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-28 00:41 . 2009-12-30 11:56 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-26 15:14 . 2012-04-06 18:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 15:14 . 2011-05-23 13:38 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 19:38 . 2010-12-23 01:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 17:44 . 2012-03-13 18:56 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-07-18 17:44 . 2012-03-13 18:57 58288 ------w- c:\windows\system32\rpcnet.exe
2012-06-22 00:26 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-06 23:59 . 2012-06-06 23:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:09 . 2012-07-20 02:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-20 02:47 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-26 20:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 20:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 20:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 20:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 20:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 20:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 20:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 18:19 . 2012-06-26 20:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 18:12 . 2012-06-26 20:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-20 02:47 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-20 02:47 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-20 02:47 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-20 02:47 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-20 02:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehUni.dll" [2010-10-11 341928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2010-10-11 15:51 341928 ----a-w- c:\progra~1\GbPlugin\gbiehUni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\Drivers\usbvm302.sys [x]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]
S2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [x]
S2 Vono_Manager;Vono Manager;c:\program files\Vono\Softfone Vono\System\Vono Manager.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:14]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 23:40]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 23:40]
.
2012-08-28 c:\windows\Tasks\Trlcp.job
- c:\windows\system32\dot3dlgw.dll [2012-08-25 02:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://bl165w.blu165.mail.live.com/default.aspx?rru=inbox
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyServer = 127.0.0.1:4001
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}: NameServer = 189.4.0.147,189.4.0.142
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.genoom.com/WebResource.axd?d=tZBquHQNUnjiXGE6_M1v_IvODYBv2MySNj9GqRYYn71ehRTsakI2JCg6U5n33rsOcXGJg_wAm_ok8fyLAGWbMEOQNB-36C2YHCKDX6FxCTJiktPxoc7DQJDvaoDmTyfibtmGdkulQUDbfY2jn97G-MLNf6cNe0KA_b5o5kZvAN4Mj6Yr0&t=634544480305850000
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(708)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2012-08-27 22:47:13
ComboFix-quarantined-files.txt 2012-08-28 01:47
ComboFix2.txt 2012-08-27 17:46
ComboFix3.txt 2012-08-26 18:44
.
Vor Suchlauf: 4.835.192.832 Bytes frei
Nach Suchlauf: 4.598.403.072 Bytes frei
.
- - End Of File - - A407C17284D4B2F452BAA62EEE7DEDFD




Farbar Service Scanner Version: 06-08-2012
Ran by Rodolfo (administrator) on 27-08-2012 at 22:56:08
Running from "C:\Users\Rodolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKWT6DVI"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 11:23] - [2012-03-30 07:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2011-04-24 18:43] - [2011-03-03 02:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 20:53] - [2009-07-13 22:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 20:54] - [2009-07-13 22:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 20:23] - [2009-07-13 22:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 20:24] - [2009-07-13 22:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 20:30] - [2009-07-13 22:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-07-19 23:47] - [2012-04-24 01:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:28 PM

Posted 28 August 2012 - 04:49 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic466688.html/page__pid__2821511#entry2821511

Collect::
c:\windows\system32\dot3dlgw.dll

File::
c:\windows\Tasks\Trlcp.job

DDS::
uInternet Settings,ProxyServer = 127.0.0.1:4001
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.genoom.com/WebResource.axd?d=tZBquHQNUnjiXGE6_M1v_IvODYBv2MySNj9GqRYYn71ehRTsakI2JCg6U5n33rsOcXGJg_wAm_ok8fyLAGWbMEOQNB-36C2YHCKDX6FxCTJiktPxoc7DQJDvaoDmTyfibtmGdkulQUDbfY2jn97G-MLNf6cNe0KA_b5o5kZvAN4Mj6Yr0&t=634544480305850000

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 rphilipp

rphilipp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 28 August 2012 - 08:48 PM

ComboFix 12-08-25.04 - Rodolfo 28.08.2012 18:57:53.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3062.2112 [GMT -3:00]
ausgeführt von:: c:\users\Rodolfo\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Rodolfo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Trlcp.job"
.
file zipped: c:\windows\system32\dot3dlgw.dll
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-28 bis 2012-08-28 ))))))))))))))))))))))))))))))
.
.
2012-08-28 22:05 . 2012-08-28 22:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-28 22:05 . 2012-08-28 22:05 -------- d-----w- c:\users\Maria Claudia\AppData\Local\temp
2012-08-28 22:05 . 2012-08-28 22:05 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-08-28 22:05 . 2012-08-28 22:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 05:30 . 2012-08-28 05:31 -------- d-----w- C:\FRST
2012-08-27 03:02 . 2012-08-27 03:02 -------- d-----w- c:\program files\ESET
2012-08-27 02:25 . 2012-08-20 04:53 7023536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F62C3D3-067D-4ADA-8BE5-04637E0DE9D1}\mpengine.dll
2012-08-27 01:52 . 2012-08-27 01:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-26 15:46 . 2012-08-28 22:08 -------- d-----w- c:\users\Rodolfo\AppData\Local\temp
2012-08-25 02:45 . 2012-08-25 02:45 118784 --sha-r- c:\windows\system32\dot3dlgw.dll
2012-08-23 19:38 . 2012-08-23 19:38 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 22:07 . 2009-12-30 11:55 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-28 22:07 . 2012-05-02 00:18 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-28 00:41 . 2009-12-30 11:56 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-26 15:14 . 2012-04-06 18:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 15:14 . 2011-05-23 13:38 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 19:38 . 2010-12-23 01:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 17:44 . 2012-03-13 18:56 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-07-18 17:44 . 2012-03-13 18:57 58288 ------w- c:\windows\system32\rpcnet.exe
2012-06-22 00:26 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-06 23:59 . 2012-06-06 23:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:09 . 2012-07-20 02:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-20 02:47 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-26 20:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 20:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 20:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 20:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 20:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 20:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 20:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 18:19 . 2012-06-26 20:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 18:12 . 2012-06-26 20:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-20 02:47 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-20 02:47 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-20 02:47 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-20 02:47 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-20 02:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehUni.dll" [2010-10-11 341928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2010-10-11 15:51 341928 ----a-w- c:\progra~1\GbPlugin\gbiehUni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CFcatchme;CFcatchme;c:\users\Rodolfo\AppData\Local\Temp\CFcatchme.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\Drivers\usbvm302.sys [x]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]
S2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [x]
S2 Vono_Manager;Vono Manager;c:\program files\Vono\Softfone Vono\System\Vono Manager.exe [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:14]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 23:40]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 23:40]
.
2012-08-28 c:\windows\Tasks\Trlcp.job
- c:\windows\system32\dot3dlgw.dll [2012-08-25 02:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://bl165w.blu165.mail.live.com/default.aspx?rru=inbox
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}: NameServer = 189.4.0.147,189.4.0.142
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3168)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\rpcnet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-28 19:15:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-28 22:15
ComboFix2.txt 2012-08-28 01:47
ComboFix3.txt 2012-08-27 17:46
ComboFix4.txt 2012-08-26 18:44
.
Vor Suchlauf: 4.535.324.672 Bytes frei
Nach Suchlauf: 4.616.900.608 Bytes frei
.
- - End Of File - - 26A0BD3945510B7CA4D669621D0C9A6A
Hochladen war erfolgreich





Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.07

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Rodolfo :: NOTEBOOK-PC [administrator]

Protection: Enabled

28.08.2012 19:51:39
mbam-log-2012-08-28 (19-51-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231836
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Qoobox\Quarantine\[4]-Submit_2012-08-28_18.57.46.zip a variant of Win32/Kryptik.AKCO trojan
C:\Windows\System32\dot3dlgw.dll a variant of Win32/Kryptik.AKCO trojan
D:\Rodolfo\Anwendungen\Norton Antivirus 2007 - PT-BR + Ativador.rar a variant of Win32/Keygen.AF application
D:\Rodolfo\Anwendungen\Adobe.Photoshop.Elements.v8.0.Multilingual\Adobe.Photoshop.Elements.v8.0.Multilingual.ESD.ISO-CORE.iso a variant of Win32/Keygen.BH application
D:\Rodolfo\Anwendungen\BreezeSys\Downloader_Pro\Downloader_Pro_v1[1].2.zip a variant of Win32/Keygen.BH application
D:\Rodolfo\Anwendungen\Nav-2005\NAV-2005.rar probably a variant of Win32/Agent.DDAYSPL trojan
D:\Rodolfo\Anwendungen\Nero 8\Ahead.Nero.v8.2.8.0.Incl.Keymaker-EMBRACE.rar multiple threats
D:\Rodolfo\Anwendungen\Nero 8\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE.rar multiple threats
D:\Rodolfo\Anwendungen\Nero 8\keymaker.exe a variant of Win32/Keygen.DA application
D:\Rodolfo\Anwendungen\PictureAce\Picture.Ace.v2.5.9.Incl.Keygen-BLiZZARD\keygen.exe a variant of Win32/Keygen.AD application
D:\Rodolfo\Anwendungen\Xilisoft DVD Audio Ripper\Xilisoft_DVD_Audio_Ripper_v1[1].0.28.908\Keygen.exe a variant of Win32/Keygen.BH application


HI, PLEASE DON'T ASK ME TO DELETE MY KEYGENS. THEY AREN'T THE PROBLEM. THANKS FOR HELPING ME.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:28 PM

Posted 28 August 2012 - 09:08 PM

HI, PLEASE DON'T ASK ME TO DELETE MY KEYGENS. THEY AREN'T THE PROBLEM.


I disagree, keygens enable the theft of software, I am not going to lecture you on this activity, but here at Bleeping Computer, we do not condone the theft of software. Cracks,keygens,p2p and torrents are the biggest source of infection that we see.

To continue receiving my help,they need to be removed (you are still infected)

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Windows\System32\dot3dlgw.dll 
D:\Rodolfo\Anwendungen\Norton Antivirus 2007 - PT-BR + Ativador.rar 
D:\Rodolfo\Anwendungen\Adobe.Photoshop.Elements.v8.0.Multilingual\Adobe.Photoshop.Elements.v8.0.Multilingual.ESD.ISO-CORE.iso 
D:\Rodolfo\Anwendungen\BreezeSys\Downloader_Pro\Downloader_Pro_v1[1].2.zip 
D:\Rodolfo\Anwendungen\Nav-2005\NAV-2005.rar 
D:\Rodolfo\Anwendungen\Nero 8\Ahead.Nero.v8.2.8.0.Incl.Keymaker-EMBRACE.rar 
D:\Rodolfo\Anwendungen\Nero 8\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE.rar 
D:\Rodolfo\Anwendungen\Nero 8\keymaker.exe 
D:\Rodolfo\Anwendungen\PictureAce\Picture.Ace.v2.5.9.Incl.Keygen-BLiZZARD\keygen.exe 
D:\Rodolfo\Anwendungen\Xilisoft DVD Audio Ripper\Xilisoft_DVD_Audio_Ripper_v1[1].0.28.908\Keygen.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 rphilipp

rphilipp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 28 August 2012 - 09:59 PM

ComboFix 12-08-28.03 - Rodolfo 28.08.2012 23:32:28.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3062.1863 [GMT -3:00]
ausgeführt von:: c:\users\Rodolfo\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Rodolfo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\dot3dlgw.dll"
"d:\rodolfo\Anwendungen\Adobe.Photoshop.Elements.v8.0.Multilingual\Adobe.Photoshop.Elements.v8.0.Multilingual.ESD.ISO-CORE.iso"
"d:\rodolfo\Anwendungen\BreezeSys\Downloader_Pro\Downloader_Pro_v1[1].2.zip"
"d:\rodolfo\Anwendungen\Nav-2005\NAV-2005.rar"
"d:\rodolfo\Anwendungen\Nero 8\Ahead.Nero.v8.2.8.0.Incl.Keymaker-EMBRACE.rar"
"d:\rodolfo\Anwendungen\Nero 8\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE.rar"
"d:\rodolfo\Anwendungen\Nero 8\keymaker.exe"
"d:\rodolfo\Anwendungen\Norton Antivirus 2007 - PT-BR + Ativador.rar"
"d:\rodolfo\Anwendungen\PictureAce\Picture.Ace.v2.5.9.Incl.Keygen-BLiZZARD\keygen.exe"
"d:\rodolfo\Anwendungen\Xilisoft DVD Audio Ripper\Xilisoft_DVD_Audio_Ripper_v1[1].0.28.908\Keygen.exe"
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-28 bis 2012-08-29 ))))))))))))))))))))))))))))))
.
.
2012-08-29 02:41 . 2012-08-29 02:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-29 02:41 . 2012-08-29 02:41 -------- d-----w- c:\users\Maria Claudia\AppData\Local\temp
2012-08-29 02:41 . 2012-08-29 02:41 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-08-29 02:41 . 2012-08-29 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 22:49 . 2012-08-28 22:49 -------- d-----w- c:\users\Rodolfo\AppData\Roaming\Malwarebytes
2012-08-28 22:48 . 2012-08-28 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-28 22:48 . 2012-08-28 22:48 -------- d-----w- c:\programdata\Malwarebytes
2012-08-28 22:48 . 2012-07-03 16:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 05:30 . 2012-08-28 05:31 -------- d-----w- C:\FRST
2012-08-27 03:02 . 2012-08-27 03:02 -------- d-----w- c:\program files\ESET
2012-08-27 02:25 . 2012-08-20 04:53 7023536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F62C3D3-067D-4ADA-8BE5-04637E0DE9D1}\mpengine.dll
2012-08-27 01:52 . 2012-08-27 01:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-26 15:46 . 2012-08-29 02:41 -------- d-----w- c:\users\Rodolfo\AppData\Local\temp
2012-08-25 02:45 . 2012-08-25 02:45 118784 --sha-r- c:\windows\system32\dot3dlgw.dll
2012-08-23 19:38 . 2012-08-23 19:38 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 01:06 . 2009-12-30 11:55 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-28 22:07 . 2012-05-02 00:18 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-28 00:41 . 2009-12-30 11:56 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-26 15:14 . 2012-04-06 18:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 15:14 . 2011-05-23 13:38 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 19:38 . 2010-12-23 01:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 17:44 . 2012-03-13 18:56 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-07-18 17:44 . 2012-03-13 18:57 58288 ------w- c:\windows\system32\rpcnet.exe
2012-06-22 00:26 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-06 23:59 . 2012-06-06 23:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:09 . 2012-07-20 02:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-20 02:47 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-26 20:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 20:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 20:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 20:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 20:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 20:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 20:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 18:19 . 2012-06-26 20:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 18:12 . 2012-06-26 20:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-20 02:47 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-20 02:47 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-20 02:47 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-20 02:47 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-20 02:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehUni.dll" [2010-10-11 341928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2010-10-11 15:51 341928 ----a-w- c:\progra~1\GbPlugin\gbiehUni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CFcatchme;CFcatchme;c:\users\Rodolfo\AppData\Local\Temp\CFcatchme.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\Drivers\usbvm302.sys [x]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [x]
S2 Vono_Manager;Vono Manager;c:\program files\Vono\Softfone Vono\System\Vono Manager.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:14]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 23:40]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 23:40]
.
2012-08-28 c:\windows\Tasks\Trlcp.job
- c:\windows\system32\dot3dlgw.dll [2012-08-25 02:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://bl165w.blu165.mail.live.com/default.aspx?rru=inbox
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}: NameServer = 189.4.0.147,189.4.0.142
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\progra~1\GbPlugin\gbiehUni.dll
.
- - - - - - - > 'Explorer.exe'(1996)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2012-08-28 23:43:29
ComboFix-quarantined-files.txt 2012-08-29 02:43
ComboFix2.txt 2012-08-28 22:43
ComboFix3.txt 2012-08-28 01:47
ComboFix4.txt 2012-08-27 17:46
ComboFix5.txt 2012-08-29 02:31
.
Vor Suchlauf: 4.125.880.320 Bytes frei
Nach Suchlauf: 4.121.726.976 Bytes frei
.
- - End Of File - - 46FF0A7FCDE01033B376E232C1AD6BE0


23:53:09.0773 3344 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:53:10.0507 3344 ============================================================
23:53:10.0507 3344 Current date / time: 2012/08/28 23:53:10.0507
23:53:10.0507 3344 SystemInfo:
23:53:10.0507 3344
23:53:10.0507 3344 OS Version: 6.1.7600 ServicePack: 0.0
23:53:10.0507 3344 Product type: Workstation
23:53:10.0507 3344 ComputerName: NOTEBOOK-PC
23:53:10.0507 3344 UserName: Rodolfo
23:53:10.0507 3344 Windows directory: C:\Windows
23:53:10.0507 3344 System windows directory: C:\Windows
23:53:10.0507 3344 Processor architecture: Intel x86
23:53:10.0507 3344 Number of processors: 2
23:53:10.0507 3344 Page size: 0x1000
23:53:10.0507 3344 Boot type: Normal boot
23:53:10.0507 3344 ============================================================
23:53:11.0833 3344 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:53:11.0833 3344 ============================================================
23:53:11.0833 3344 \Device\Harddisk0\DR0:
23:53:11.0848 3344 MBR partitions:
23:53:11.0848 3344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:53:11.0848 3344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5D1D800
23:53:11.0848 3344 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5D50000, BlocksNum 0x17474800
23:53:11.0848 3344 ============================================================
23:53:11.0864 3344 C: <-> \Device\Harddisk0\DR0\Partition2
23:53:11.0973 3344 D: <-> \Device\Harddisk0\DR0\Partition3
23:53:11.0973 3344 ============================================================
23:53:11.0973 3344 Initialize success
23:53:11.0973 3344 ============================================================
23:53:43.0610 3648 ============================================================
23:53:43.0610 3648 Scan started
23:53:43.0610 3648 Mode: Manual; TDLFS;
23:53:43.0610 3648 ============================================================
23:53:45.0076 3648 ================ Scan system memory ========================
23:53:45.0076 3648 System memory - ok
23:53:45.0076 3648 ================ Scan services =============================
23:53:45.0685 3648 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:53:45.0685 3648 1394ohci - ok
23:53:45.0731 3648 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:53:45.0731 3648 ACPI - ok
23:53:45.0763 3648 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:53:45.0763 3648 AcpiPmi - ok
23:53:46.0043 3648 [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
23:53:46.0043 3648 AdobeActiveFileMonitor8.0 - ok
23:53:46.0168 3648 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:53:46.0168 3648 AdobeFlashPlayerUpdateSvc - ok
23:53:46.0231 3648 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:53:46.0231 3648 adp94xx - ok
23:53:46.0277 3648 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:53:46.0277 3648 adpahci - ok
23:53:46.0309 3648 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:53:46.0309 3648 adpu320 - ok
23:53:46.0355 3648 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:53:46.0355 3648 AeLookupSvc - ok
23:53:46.0418 3648 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
23:53:46.0418 3648 AFD - ok
23:53:46.0496 3648 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
23:53:46.0511 3648 AgereSoftModem - ok
23:53:46.0543 3648 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:53:46.0543 3648 agp440 - ok
23:53:46.0589 3648 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:53:46.0605 3648 aic78xx - ok
23:53:46.0636 3648 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:53:46.0636 3648 ALG - ok
23:53:46.0683 3648 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:53:46.0683 3648 aliide - ok
23:53:46.0699 3648 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
23:53:46.0699 3648 amdagp - ok
23:53:46.0714 3648 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:53:46.0714 3648 amdide - ok
23:53:46.0745 3648 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:53:46.0745 3648 AmdK8 - ok
23:53:46.0777 3648 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:53:46.0777 3648 AmdPPM - ok
23:53:46.0808 3648 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:53:46.0808 3648 amdsata - ok
23:53:46.0823 3648 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:53:46.0839 3648 amdsbs - ok
23:53:46.0855 3648 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:53:46.0855 3648 amdxata - ok
23:53:46.0886 3648 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
23:53:46.0901 3648 AppID - ok
23:53:46.0933 3648 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:53:46.0933 3648 AppIDSvc - ok
23:53:46.0964 3648 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
23:53:46.0964 3648 Appinfo - ok
23:53:47.0151 3648 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:53:47.0151 3648 Apple Mobile Device - ok
23:53:47.0182 3648 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:53:47.0198 3648 AppMgmt - ok
23:53:47.0229 3648 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:53:47.0229 3648 arc - ok
23:53:47.0260 3648 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:53:47.0276 3648 arcsas - ok
23:53:47.0307 3648 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:53:47.0307 3648 AsyncMac - ok
23:53:47.0323 3648 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:53:47.0323 3648 atapi - ok
23:53:47.0385 3648 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:53:47.0385 3648 AudioEndpointBuilder - ok
23:53:47.0401 3648 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:53:47.0401 3648 Audiosrv - ok
23:53:47.0447 3648 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:53:47.0447 3648 AxInstSV - ok
23:53:47.0494 3648 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:53:47.0494 3648 b06bdrv - ok
23:53:47.0541 3648 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:53:47.0541 3648 b57nd60x - ok
23:53:47.0557 3648 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:53:47.0557 3648 BDESVC - ok
23:53:47.0603 3648 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:53:47.0603 3648 Beep - ok
23:53:47.0635 3648 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
23:53:47.0650 3648 BFE - ok
23:53:47.0791 3648 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
23:53:47.0806 3648 BITS - ok
23:53:47.0822 3648 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:53:47.0822 3648 blbdrive - ok
23:53:47.0947 3648 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:53:47.0947 3648 Bonjour Service - ok
23:53:47.0993 3648 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:53:48.0009 3648 bowser - ok
23:53:48.0040 3648 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:53:48.0040 3648 BrFiltLo - ok
23:53:48.0056 3648 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:53:48.0056 3648 BrFiltUp - ok
23:53:48.0134 3648 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:53:48.0134 3648 BridgeMP - ok
23:53:48.0165 3648 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
23:53:48.0165 3648 Browser - ok
23:53:48.0181 3648 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:53:48.0196 3648 Brserid - ok
23:53:48.0212 3648 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:53:48.0212 3648 BrSerWdm - ok
23:53:48.0243 3648 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:53:48.0243 3648 BrUsbMdm - ok
23:53:48.0274 3648 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:53:48.0274 3648 BrUsbSer - ok
23:53:48.0321 3648 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:53:48.0337 3648 BthEnum - ok
23:53:48.0337 3648 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:53:48.0337 3648 BTHMODEM - ok
23:53:48.0368 3648 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:53:48.0368 3648 BthPan - ok
23:53:48.0430 3648 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:53:48.0430 3648 BTHPORT - ok
23:53:48.0477 3648 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:53:48.0493 3648 bthserv - ok
23:53:48.0524 3648 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:53:48.0524 3648 BTHUSB - ok
23:53:48.0571 3648 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:53:48.0571 3648 btwaudio - ok
23:53:48.0617 3648 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
23:53:48.0617 3648 btwavdt - ok
23:53:48.0789 3648 [ 7CAA4410C25026B9BEE85F6C7F86B19B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:53:48.0789 3648 btwdins - ok
23:53:48.0820 3648 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:53:48.0820 3648 btwl2cap - ok
23:53:48.0851 3648 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:53:48.0851 3648 btwrchid - ok
23:53:49.0132 3648 catchme - ok
23:53:49.0179 3648 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:53:49.0179 3648 cdfs - ok
23:53:49.0257 3648 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:53:49.0257 3648 cdrom - ok
23:53:49.0304 3648 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
23:53:49.0304 3648 CertPropSvc - ok
23:53:49.0366 3648 CFcatchme - ok
23:53:49.0382 3648 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:53:49.0397 3648 circlass - ok
23:53:49.0413 3648 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:53:49.0413 3648 CLFS - ok
23:53:49.0507 3648 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:53:49.0507 3648 clr_optimization_v2.0.50727_32 - ok
23:53:49.0522 3648 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:53:49.0522 3648 CmBatt - ok
23:53:49.0569 3648 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:53:49.0569 3648 cmdide - ok
23:53:49.0616 3648 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
23:53:49.0631 3648 CNG - ok
23:53:49.0647 3648 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:53:49.0647 3648 Compbatt - ok
23:53:49.0694 3648 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:53:49.0694 3648 CompositeBus - ok
23:53:49.0709 3648 COMSysApp - ok
23:53:49.0803 3648 [ 75FA19142531CBF490770C2988A7DB64 ] cpuz134 C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
23:53:49.0803 3648 cpuz134 - ok
23:53:49.0819 3648 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:53:49.0834 3648 crcdisk - ok
23:53:49.0881 3648 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:53:49.0881 3648 CryptSvc - ok
23:53:49.0943 3648 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
23:53:49.0959 3648 CSC - ok
23:53:49.0990 3648 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
23:53:49.0990 3648 CscService - ok
23:53:50.0037 3648 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
23:53:50.0037 3648 DcomLaunch - ok
23:53:50.0068 3648 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:53:50.0084 3648 defragsvc - ok
23:53:50.0146 3648 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:53:50.0146 3648 DfsC - ok
23:53:50.0177 3648 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:53:50.0177 3648 Dhcp - ok
23:53:50.0209 3648 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:53:50.0224 3648 discache - ok
23:53:50.0255 3648 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:53:50.0255 3648 Disk - ok
23:53:50.0287 3648 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:53:50.0287 3648 Dnscache - ok
23:53:50.0333 3648 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
23:53:50.0333 3648 dot3svc - ok
23:53:50.0349 3648 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
23:53:50.0349 3648 DPS - ok
23:53:50.0380 3648 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:53:50.0380 3648 drmkaud - ok
23:53:50.0443 3648 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:53:50.0443 3648 DXGKrnl - ok
23:53:50.0474 3648 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:53:50.0489 3648 EapHost - ok
23:53:50.0599 3648 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:53:50.0630 3648 ebdrv - ok
23:53:50.0661 3648 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
23:53:50.0661 3648 EFS - ok
23:53:50.0708 3648 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:53:50.0708 3648 ehRecvr - ok
23:53:50.0723 3648 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:53:50.0723 3648 ehSched - ok
23:53:50.0801 3648 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:53:50.0817 3648 elxstor - ok
23:53:50.0833 3648 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:53:50.0833 3648 ErrDev - ok
23:53:50.0911 3648 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:53:50.0911 3648 EventSystem - ok
23:53:50.0926 3648 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:53:50.0942 3648 exfat - ok
23:53:50.0957 3648 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:53:50.0957 3648 fastfat - ok
23:53:51.0035 3648 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
23:53:51.0035 3648 Fax - ok
23:53:51.0082 3648 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:53:51.0082 3648 fdc - ok
23:53:51.0098 3648 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:53:51.0098 3648 fdPHost - ok
23:53:51.0098 3648 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:53:51.0098 3648 FDResPub - ok
23:53:51.0129 3648 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:53:51.0129 3648 FileInfo - ok
23:53:51.0160 3648 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:53:51.0160 3648 Filetrace - ok
23:53:51.0207 3648 [ 5575EE5823DE1558F8486EB4E33FFA99 ] FlashUSB C:\Windows\system32\DRIVERS\FlashUSB.sys
23:53:51.0207 3648 FlashUSB - ok
23:53:51.0269 3648 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:53:51.0285 3648 FLEXnet Licensing Service - ok
23:53:51.0301 3648 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:53:51.0301 3648 flpydisk - ok
23:53:51.0332 3648 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:53:51.0332 3648 FltMgr - ok
23:53:51.0394 3648 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
23:53:51.0410 3648 FontCache - ok
23:53:51.0503 3648 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:53:51.0503 3648 FontCache3.0.0.0 - ok
23:53:51.0519 3648 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:53:51.0519 3648 FsDepends - ok
23:53:51.0550 3648 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:53:51.0566 3648 Fs_Rec - ok
23:53:51.0581 3648 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:53:51.0597 3648 fvevol - ok
23:53:51.0628 3648 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:53:51.0628 3648 gagp30kx - ok
23:53:51.0675 3648 [ 6A6235B73B0E64C35213DB055B94954C ] GbpKm C:\Windows\system32\drivers\gbpkm.sys
23:53:51.0675 3648 GbpKm - ok
23:53:51.0737 3648 [ AD7BBB8878A8D1B415E6962B468B3210 ] GbpSv C:\PROGRA~1\GbPlugin\GbpSv.exe
23:53:51.0737 3648 GbpSv - ok
23:53:51.0784 3648 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:53:51.0784 3648 GEARAspiWDM - ok
23:53:51.0815 3648 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
23:53:51.0815 3648 gpsvc - ok
23:53:51.0878 3648 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
23:53:51.0878 3648 grmnusb - ok
23:53:51.0925 3648 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:53:51.0925 3648 gupdate - ok
23:53:51.0956 3648 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:53:51.0956 3648 gupdatem - ok
23:53:52.0018 3648 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
23:53:52.0034 3648 Hardlock - ok
23:53:52.0065 3648 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:53:52.0065 3648 hcw85cir - ok
23:53:52.0112 3648 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:53:52.0127 3648 HdAudAddService - ok
23:53:52.0159 3648 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:53:52.0159 3648 HDAudBus - ok
23:53:52.0190 3648 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:53:52.0190 3648 HidBatt - ok
23:53:52.0205 3648 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:53:52.0205 3648 HidBth - ok
23:53:52.0237 3648 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:53:52.0237 3648 HidIr - ok
23:53:52.0268 3648 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
23:53:52.0268 3648 hidserv - ok
23:53:52.0315 3648 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:53:52.0315 3648 HidUsb - ok
23:53:52.0346 3648 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:53:52.0346 3648 hkmsvc - ok
23:53:52.0361 3648 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:53:52.0361 3648 HomeGroupListener - ok
23:53:52.0408 3648 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:53:52.0408 3648 HomeGroupProvider - ok
23:53:52.0439 3648 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:53:52.0439 3648 HpSAMD - ok
23:53:52.0486 3648 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:53:52.0486 3648 HTTP - ok
23:53:52.0502 3648 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:53:52.0502 3648 hwpolicy - ok
23:53:52.0533 3648 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:53:52.0533 3648 i8042prt - ok
23:53:52.0580 3648 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:53:52.0580 3648 iaStorV - ok
23:53:52.0642 3648 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:53:52.0642 3648 idsvc - ok
23:53:52.0783 3648 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:53:52.0892 3648 igfx - ok
23:53:52.0923 3648 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:53:52.0923 3648 iirsp - ok
23:53:52.0985 3648 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
23:53:52.0985 3648 IKEEXT - ok
23:53:53.0032 3648 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:53:53.0032 3648 intelide - ok
23:53:53.0079 3648 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:53:53.0079 3648 intelppm - ok
23:53:53.0079 3648 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:53:53.0095 3648 IPBusEnum - ok
23:53:53.0110 3648 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:53:53.0110 3648 IpFilterDriver - ok
23:53:53.0141 3648 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:53:53.0157 3648 iphlpsvc - ok
23:53:53.0173 3648 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:53:53.0173 3648 IPMIDRV - ok
23:53:53.0204 3648 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:53:53.0204 3648 IPNAT - ok
23:53:53.0282 3648 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:53:53.0297 3648 iPod Service - ok
23:53:53.0329 3648 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:53:53.0329 3648 IRENUM - ok
23:53:53.0360 3648 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:53:53.0360 3648 isapnp - ok
23:53:53.0391 3648 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:53:53.0391 3648 iScsiPrt - ok
23:53:53.0438 3648 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:53:53.0438 3648 kbdclass - ok
23:53:53.0485 3648 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:53:53.0485 3648 kbdhid - ok
23:53:53.0500 3648 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
23:53:53.0500 3648 KeyIso - ok
23:53:53.0531 3648 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:53:53.0531 3648 KSecDD - ok
23:53:53.0563 3648 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:53:53.0563 3648 KSecPkg - ok
23:53:53.0594 3648 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:53:53.0594 3648 KtmRm - ok
23:53:53.0641 3648 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
23:53:53.0641 3648 LanmanServer - ok
23:53:53.0672 3648 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:53:53.0672 3648 LanmanWorkstation - ok
23:53:53.0719 3648 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:53:53.0719 3648 lltdio - ok
23:53:53.0750 3648 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:53:53.0766 3648 lltdsvc - ok
23:53:53.0781 3648 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:53:53.0781 3648 lmhosts - ok
23:53:53.0828 3648 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:53:53.0828 3648 LSI_FC - ok
23:53:53.0844 3648 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:53:53.0844 3648 LSI_SAS - ok
23:53:53.0859 3648 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:53:53.0859 3648 LSI_SAS2 - ok
23:53:53.0875 3648 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:53:53.0890 3648 LSI_SCSI - ok
23:53:53.0906 3648 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:53:53.0906 3648 luafv - ok
23:53:53.0968 3648 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:53:53.0968 3648 MBAMProtector - ok
23:53:54.0062 3648 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:53:54.0062 3648 MBAMService - ok
23:53:54.0093 3648 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:53:54.0109 3648 Mcx2Svc - ok
23:53:54.0140 3648 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:53:54.0140 3648 megasas - ok
23:53:54.0156 3648 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:53:54.0156 3648 MegaSR - ok
23:53:54.0187 3648 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:53:54.0187 3648 MMCSS - ok
23:53:54.0218 3648 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:53:54.0218 3648 Modem - ok
23:53:54.0249 3648 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:53:54.0249 3648 monitor - ok
23:53:54.0280 3648 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:53:54.0280 3648 mouclass - ok
23:53:54.0312 3648 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:53:54.0312 3648 mouhid - ok
23:53:54.0327 3648 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:53:54.0327 3648 mountmgr - ok
23:53:54.0405 3648 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:53:54.0405 3648 MpFilter - ok
23:53:54.0421 3648 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:53:54.0436 3648 mpio - ok
23:53:54.0436 3648 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:53:54.0436 3648 mpsdrv - ok
23:53:54.0499 3648 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
23:53:54.0499 3648 MpsSvc - ok
23:53:54.0530 3648 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:53:54.0530 3648 MRxDAV - ok
23:53:54.0577 3648 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:53:54.0577 3648 mrxsmb - ok
23:53:54.0624 3648 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:53:54.0624 3648 mrxsmb10 - ok
23:53:54.0639 3648 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:53:54.0639 3648 mrxsmb20 - ok
23:53:54.0655 3648 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:53:54.0655 3648 msahci - ok
23:53:54.0702 3648 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:53:54.0702 3648 msdsm - ok
23:53:54.0733 3648 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:53:54.0733 3648 MSDTC - ok
23:53:54.0748 3648 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:53:54.0748 3648 Msfs - ok
23:53:54.0764 3648 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:53:54.0764 3648 mshidkmdf - ok
23:53:54.0780 3648 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:53:54.0780 3648 msisadrv - ok
23:53:54.0826 3648 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:53:54.0826 3648 MSiSCSI - ok
23:53:54.0842 3648 msiserver - ok
23:53:54.0873 3648 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:53:54.0873 3648 MSKSSRV - ok
23:53:54.0967 3648 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:53:54.0967 3648 MsMpSvc - ok
23:53:54.0982 3648 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:53:54.0982 3648 MSPCLOCK - ok
23:53:54.0998 3648 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:53:54.0998 3648 MSPQM - ok
23:53:55.0045 3648 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:53:55.0045 3648 MsRPC - ok
23:53:55.0060 3648 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:53:55.0060 3648 mssmbios - ok
23:53:55.0076 3648 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:53:55.0076 3648 MSTEE - ok
23:53:55.0092 3648 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:53:55.0092 3648 MTConfig - ok
23:53:55.0107 3648 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:53:55.0123 3648 Mup - ok
23:53:55.0170 3648 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
23:53:55.0170 3648 napagent - ok
23:53:55.0216 3648 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:53:55.0232 3648 NativeWifiP - ok
23:53:55.0248 3648 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:53:55.0263 3648 NDIS - ok
23:53:55.0279 3648 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:53:55.0279 3648 NdisCap - ok
23:53:55.0326 3648 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:53:55.0326 3648 NdisTapi - ok
23:53:55.0341 3648 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:53:55.0341 3648 Ndisuio - ok
23:53:55.0372 3648 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:53:55.0372 3648 NdisWan - ok
23:53:55.0388 3648 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:53:55.0388 3648 NDProxy - ok
23:53:55.0419 3648 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:53:55.0419 3648 NetBIOS - ok
23:53:55.0435 3648 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:53:55.0435 3648 NetBT - ok
23:53:55.0450 3648 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
23:53:55.0450 3648 Netlogon - ok
23:53:55.0513 3648 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:53:55.0513 3648 Netman - ok
23:53:55.0528 3648 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:53:55.0528 3648 netprofm - ok
23:53:55.0560 3648 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:53:55.0560 3648 NetTcpPortSharing - ok
23:53:55.0684 3648 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
23:53:55.0762 3648 netw5v32 - ok
23:53:55.0825 3648 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:53:55.0825 3648 nfrd960 - ok
23:53:55.0887 3648 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:53:55.0887 3648 NisDrv - ok
23:53:55.0918 3648 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
23:53:55.0918 3648 NisSrv - ok
23:53:55.0950 3648 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
23:53:55.0965 3648 NlaSvc - ok
23:53:55.0981 3648 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:53:55.0981 3648 Npfs - ok
23:53:56.0028 3648 [ F55A4363F92FCD55D71508C73D7DF422 ] NSHE C:\Windows\system32\Drivers\NSHE.SYS
23:53:56.0028 3648 NSHE - ok
23:53:56.0059 3648 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:53:56.0059 3648 nsi - ok
23:53:56.0059 3648 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:53:56.0059 3648 nsiproxy - ok
23:53:56.0121 3648 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:53:56.0137 3648 Ntfs - ok
23:53:56.0152 3648 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:53:56.0152 3648 Null - ok
23:53:56.0184 3648 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:53:56.0184 3648 nvraid - ok
23:53:56.0199 3648 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:53:56.0199 3648 nvstor - ok
23:53:56.0215 3648 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:53:56.0215 3648 nv_agp - ok
23:53:56.0308 3648 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:53:56.0308 3648 odserv - ok
23:53:56.0324 3648 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:53:56.0324 3648 ohci1394 - ok
23:53:56.0371 3648 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:53:56.0371 3648 ose - ok
23:53:56.0418 3648 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:53:56.0418 3648 p2pimsvc - ok
23:53:56.0464 3648 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:53:56.0464 3648 p2psvc - ok
23:53:56.0511 3648 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:53:56.0511 3648 Parport - ok
23:53:56.0542 3648 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:53:56.0542 3648 partmgr - ok
23:53:56.0574 3648 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:53:56.0574 3648 Parvdm - ok
23:53:56.0589 3648 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:53:56.0589 3648 PcaSvc - ok
23:53:56.0620 3648 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
23:53:56.0620 3648 pci - ok
23:53:56.0667 3648 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:53:56.0667 3648 pciide - ok
23:53:56.0698 3648 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:53:56.0698 3648 pcmcia - ok
23:53:56.0714 3648 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:53:56.0714 3648 pcw - ok
23:53:56.0761 3648 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:53:56.0776 3648 PEAUTH - ok
23:53:56.0839 3648 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:53:56.0854 3648 PeerDistSvc - ok
23:53:56.0917 3648 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
23:53:56.0932 3648 pla - ok
23:53:56.0979 3648 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:53:56.0979 3648 PlugPlay - ok
23:53:56.0995 3648 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:53:57.0010 3648 PNRPAutoReg - ok
23:53:57.0026 3648 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:53:57.0026 3648 PNRPsvc - ok
23:53:57.0057 3648 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:53:57.0057 3648 PolicyAgent - ok
23:53:57.0104 3648 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
23:53:57.0104 3648 Power - ok
23:53:57.0151 3648 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:53:57.0151 3648 PptpMiniport - ok
23:53:57.0198 3648 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:53:57.0198 3648 Processor - ok
23:53:57.0229 3648 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
23:53:57.0229 3648 ProfSvc - ok
23:53:57.0244 3648 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:53:57.0244 3648 ProtectedStorage - ok
23:53:57.0291 3648 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:53:57.0291 3648 Psched - ok
23:53:57.0338 3648 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:53:57.0338 3648 PxHelp20 - ok
23:53:57.0400 3648 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:53:57.0416 3648 ql2300 - ok
23:53:57.0447 3648 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:53:57.0447 3648 ql40xx - ok
23:53:57.0478 3648 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:53:57.0494 3648 QWAVE - ok
23:53:57.0494 3648 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:53:57.0494 3648 QWAVEdrv - ok
23:53:57.0510 3648 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:53:57.0510 3648 RasAcd - ok
23:53:57.0556 3648 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:53:57.0556 3648 RasAgileVpn - ok
23:53:57.0572 3648 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:53:57.0572 3648 RasAuto - ok
23:53:57.0588 3648 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:53:57.0603 3648 Rasl2tp - ok
23:53:57.0619 3648 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
23:53:57.0619 3648 RasMan - ok
23:53:57.0634 3648 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:53:57.0634 3648 RasPppoe - ok
23:53:57.0666 3648 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:53:57.0666 3648 RasSstp - ok
23:53:57.0697 3648 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:53:57.0697 3648 rdbss - ok
23:53:57.0712 3648 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:53:57.0712 3648 rdpbus - ok
23:53:57.0728 3648 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:53:57.0728 3648 RDPCDD - ok
23:53:57.0775 3648 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:53:57.0775 3648 RDPDR - ok
23:53:57.0790 3648 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:53:57.0790 3648 RDPENCDD - ok
23:53:57.0822 3648 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:53:57.0822 3648 RDPREFMP - ok
23:53:57.0853 3648 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:53:57.0853 3648 RDPWD - ok
23:53:57.0884 3648 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:53:57.0884 3648 rdyboost - ok
23:53:57.0915 3648 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:53:57.0915 3648 RemoteAccess - ok
23:53:57.0946 3648 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:53:57.0946 3648 RemoteRegistry - ok
23:53:57.0993 3648 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:53:57.0993 3648 RFCOMM - ok
23:53:58.0040 3648 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
23:53:58.0040 3648 rismxdp - ok
23:53:58.0071 3648 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:53:58.0071 3648 RpcEptMapper - ok
23:53:58.0087 3648 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:53:58.0087 3648 RpcLocator - ok
23:53:58.0149 3648 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\system32\rpcnet.exe
23:53:58.0149 3648 rpcnet - ok
23:53:58.0180 3648 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
23:53:58.0196 3648 RpcSs - ok
23:53:58.0243 3648 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:53:58.0243 3648 rspndr - ok
23:53:58.0274 3648 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
23:53:58.0274 3648 s3cap - ok
23:53:58.0290 3648 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
23:53:58.0290 3648 SamSs - ok
23:53:58.0336 3648 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:53:58.0336 3648 sbp2port - ok
23:53:58.0368 3648 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:53:58.0368 3648 SCardSvr - ok
23:53:58.0446 3648 [ 612A3D69E603DBBE5C3C1079186A0393 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
23:53:58.0446 3648 SCDEmu - ok
23:53:58.0461 3648 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:53:58.0461 3648 scfilter - ok
23:53:58.0524 3648 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
23:53:58.0524 3648 Schedule - ok
23:53:58.0539 3648 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:53:58.0539 3648 SCPolicySvc - ok
23:53:58.0586 3648 [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:53:58.0586 3648 sdbus - ok
23:53:58.0617 3648 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:53:58.0617 3648 SDRSVC - ok
23:53:58.0648 3648 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:53:58.0648 3648 secdrv - ok
23:53:58.0664 3648 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:53:58.0664 3648 seclogon - ok
23:53:58.0680 3648 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
23:53:58.0680 3648 SENS - ok
23:53:58.0711 3648 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:53:58.0711 3648 SensrSvc - ok
23:53:58.0742 3648 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:53:58.0742 3648 Serenum - ok
23:53:58.0758 3648 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:53:58.0758 3648 Serial - ok
23:53:58.0773 3648 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:53:58.0773 3648 sermouse - ok
23:53:58.0804 3648 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
23:53:58.0804 3648 SessionEnv - ok
23:53:58.0820 3648 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:53:58.0820 3648 sffdisk - ok
23:53:58.0851 3648 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:53:58.0851 3648 sffp_mmc - ok
23:53:58.0851 3648 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:53:58.0851 3648 sffp_sd - ok
23:53:58.0882 3648 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:53:58.0882 3648 sfloppy - ok
23:53:58.0914 3648 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:53:58.0914 3648 SharedAccess - ok
23:53:58.0945 3648 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:53:58.0960 3648 ShellHWDetection - ok
23:53:58.0976 3648 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
23:53:58.0976 3648 sisagp - ok
23:53:59.0023 3648 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:53:59.0023 3648 SiSRaid2 - ok
23:53:59.0038 3648 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:53:59.0054 3648 SiSRaid4 - ok
23:53:59.0116 3648 [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:53:59.0116 3648 SkypeUpdate - ok
23:53:59.0148 3648 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:53:59.0148 3648 Smb - ok
23:53:59.0210 3648 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:53:59.0210 3648 SNMPTRAP - ok
23:53:59.0226 3648 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:53:59.0226 3648 spldr - ok
23:53:59.0272 3648 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
23:53:59.0272 3648 Spooler - ok
23:53:59.0350 3648 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
23:53:59.0382 3648 sppsvc - ok
23:53:59.0413 3648 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:53:59.0413 3648 sppuinotify - ok
23:53:59.0444 3648 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:53:59.0460 3648 srv - ok
23:53:59.0491 3648 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:53:59.0506 3648 srv2 - ok
23:53:59.0522 3648 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:53:59.0522 3648 srvnet - ok
23:53:59.0569 3648 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:53:59.0569 3648 SSDPSRV - ok
23:53:59.0584 3648 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:53:59.0584 3648 SstpSvc - ok
23:53:59.0631 3648 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:53:59.0631 3648 stexstor - ok
23:53:59.0662 3648 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
23:53:59.0662 3648 StiSvc - ok
23:53:59.0709 3648 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
23:53:59.0709 3648 storflt - ok
23:53:59.0725 3648 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
23:53:59.0725 3648 storvsc - ok
23:53:59.0756 3648 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:53:59.0756 3648 swenum - ok
23:53:59.0772 3648 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:53:59.0772 3648 swprv - ok
23:53:59.0834 3648 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
23:53:59.0850 3648 SysMain - ok
23:53:59.0865 3648 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:53:59.0865 3648 TabletInputService - ok
23:53:59.0881 3648 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
23:53:59.0896 3648 TapiSrv - ok
23:53:59.0912 3648 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:53:59.0912 3648 TBS - ok
23:53:59.0959 3648 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:53:59.0974 3648 Tcpip - ok
23:54:00.0021 3648 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:54:00.0021 3648 TCPIP6 - ok
23:54:00.0068 3648 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:54:00.0068 3648 tcpipreg - ok
23:54:00.0084 3648 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:54:00.0084 3648 TDPIPE - ok
23:54:00.0115 3648 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:54:00.0115 3648 TDTCP - ok
23:54:00.0146 3648 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:54:00.0146 3648 tdx - ok
23:54:00.0162 3648 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:54:00.0162 3648 TermDD - ok
23:54:00.0208 3648 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
23:54:00.0208 3648 TermService - ok
23:54:00.0224 3648 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:54:00.0224 3648 Themes - ok
23:54:00.0240 3648 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:54:00.0240 3648 THREADORDER - ok
23:54:00.0271 3648 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:54:00.0271 3648 TrkWks - ok
23:54:00.0318 3648 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:54:00.0318 3648 TrustedInstaller - ok
23:54:00.0333 3648 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:00.0333 3648 tssecsrv - ok
23:54:00.0380 3648 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:54:00.0380 3648 tunnel - ok
23:54:00.0396 3648 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:54:00.0396 3648 uagp35 - ok
23:54:00.0427 3648 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:54:00.0427 3648 udfs - ok
23:54:00.0458 3648 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:54:00.0474 3648 UI0Detect - ok
23:54:00.0520 3648 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:54:00.0520 3648 uliagpkx - ok
23:54:00.0567 3648 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:54:00.0567 3648 umbus - ok
23:54:00.0598 3648 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:54:00.0598 3648 UmPass - ok
23:54:00.0661 3648 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
23:54:00.0661 3648 UmRdpService - ok
23:54:00.0676 3648 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:54:00.0692 3648 upnphost - ok
23:54:00.0739 3648 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:54:00.0739 3648 USBAAPL - ok
23:54:00.0786 3648 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:54:00.0786 3648 usbaudio - ok
23:54:00.0801 3648 usbbus - ok
23:54:00.0832 3648 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:00.0832 3648 usbccgp - ok
23:54:00.0879 3648 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:54:00.0879 3648 usbcir - ok
23:54:00.0895 3648 UsbDiag - ok
23:54:00.0910 3648 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:54:00.0910 3648 usbehci - ok
23:54:00.0973 3648 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:54:00.0973 3648 usbhub - ok
23:54:00.0988 3648 USBModem - ok
23:54:01.0004 3648 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:54:01.0004 3648 usbohci - ok
23:54:01.0035 3648 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:54:01.0035 3648 usbprint - ok
23:54:01.0066 3648 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:54:01.0066 3648 usbscan - ok
23:54:01.0082 3648 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:01.0098 3648 USBSTOR - ok
23:54:01.0129 3648 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:54:01.0129 3648 usbuhci - ok
23:54:01.0144 3648 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:54:01.0144 3648 UxSms - ok
23:54:01.0160 3648 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
23:54:01.0160 3648 VaultSvc - ok
23:54:01.0176 3648 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:54:01.0176 3648 vdrvroot - ok
23:54:01.0207 3648 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
23:54:01.0222 3648 vds - ok
23:54:01.0269 3648 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:01.0269 3648 vga - ok
23:54:01.0285 3648 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:54:01.0285 3648 VgaSave - ok
23:54:01.0300 3648 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:54:01.0300 3648 vhdmp - ok
23:54:01.0347 3648 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
23:54:01.0347 3648 viaagp - ok
23:54:01.0363 3648 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:54:01.0363 3648 ViaC7 - ok
23:54:01.0378 3648 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:54:01.0378 3648 viaide - ok
23:54:01.0410 3648 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
23:54:01.0410 3648 vmbus - ok
23:54:01.0425 3648 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
23:54:01.0441 3648 VMBusHID - ok
23:54:01.0456 3648 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:54:01.0456 3648 volmgr - ok
23:54:01.0472 3648 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:54:01.0472 3648 volmgrx - ok
23:54:01.0519 3648 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:54:01.0519 3648 volsnap - ok
23:54:01.0612 3648 [ DA650CAEB70CA0F93BDECDB152EC3311 ] Vono_Manager C:\Program Files\Vono\Softfone Vono\System\Vono Manager.exe
23:54:01.0612 3648 Vono_Manager - ok
23:54:01.0644 3648 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:54:01.0644 3648 vsmraid - ok
23:54:01.0706 3648 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
23:54:01.0706 3648 VSS - ok
23:54:01.0722 3648 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:54:01.0722 3648 vwifibus - ok
23:54:01.0753 3648 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:54:01.0768 3648 W32Time - ok
23:54:01.0784 3648 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:54:01.0784 3648 WacomPen - ok
23:54:01.0831 3648 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:54:01.0831 3648 WANARP - ok
23:54:01.0831 3648 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:54:01.0831 3648 Wanarpv6 - ok
23:54:01.0862 3648 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
23:54:01.0878 3648 wbengine - ok
23:54:01.0924 3648 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:54:01.0924 3648 WbioSrvc - ok
23:54:01.0971 3648 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:54:01.0971 3648 wcncsvc - ok
23:54:02.0002 3648 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:54:02.0002 3648 WcsPlugInService - ok
23:54:02.0018 3648 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:54:02.0034 3648 Wd - ok
23:54:02.0049 3648 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:54:02.0065 3648 Wdf01000 - ok
23:54:02.0080 3648 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:54:02.0080 3648 WdiServiceHost - ok
23:54:02.0080 3648 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:54:02.0096 3648 WdiSystemHost - ok
23:54:02.0112 3648 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
23:54:02.0112 3648 WebClient - ok
23:54:02.0143 3648 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:54:02.0143 3648 Wecsvc - ok
23:54:02.0174 3648 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:54:02.0174 3648 wercplsupport - ok
23:54:02.0205 3648 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:54:02.0205 3648 WerSvc - ok
23:54:02.0236 3648 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:54:02.0236 3648 WfpLwf - ok
23:54:02.0252 3648 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:54:02.0252 3648 WIMMount - ok
23:54:02.0314 3648 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:54:02.0314 3648 WinDefend - ok
23:54:02.0330 3648 WinHttpAutoProxySvc - ok
23:54:02.0392 3648 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:54:02.0392 3648 Winmgmt - ok
23:54:02.0424 3648 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
23:54:02.0439 3648 WinRM - ok
23:54:02.0502 3648 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:54:02.0502 3648 WinUsb - ok
23:54:02.0548 3648 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:54:02.0548 3648 Wlansvc - ok
23:54:02.0673 3648 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:54:02.0689 3648 wlidsvc - ok
23:54:02.0736 3648 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:54:02.0736 3648 WmiAcpi - ok
23:54:02.0782 3648 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:54:02.0782 3648 wmiApSrv - ok
23:54:02.0860 3648 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:54:02.0876 3648 WMPNetworkSvc - ok
23:54:02.0907 3648 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:54:02.0907 3648 WPCSvc - ok
23:54:02.0923 3648 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:54:02.0923 3648 WPDBusEnum - ok
23:54:02.0938 3648 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:54:02.0938 3648 ws2ifsl - ok
23:54:02.0954 3648 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
23:54:02.0954 3648 wscsvc - ok
23:54:02.0970 3648 WSearch - ok
23:54:03.0032 3648 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:54:03.0048 3648 wuauserv - ok
23:54:03.0079 3648 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:54:03.0079 3648 WudfPf - ok
23:54:03.0110 3648 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:54:03.0110 3648 WUDFRd - ok
23:54:03.0157 3648 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:54:03.0157 3648 wudfsvc - ok
23:54:03.0204 3648 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:54:03.0204 3648 WwanSvc - ok
23:54:03.0235 3648 [ 1E41295EAC56589EFD9DC3CA14BF3FEC ] ZSMC302 C:\Windows\system32\Drivers\usbvm302.sys
23:54:03.0250 3648 ZSMC302 - ok
23:54:03.0266 3648 ================ Scan global ===============================
23:54:03.0297 3648 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
23:54:03.0344 3648 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
23:54:03.0344 3648 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
23:54:03.0375 3648 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:54:03.0406 3648 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:54:03.0406 3648 [Global] - ok
23:54:03.0422 3648 ================ Scan MBR ==================================
23:54:03.0438 3648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:54:03.0656 3648 \Device\Harddisk0\DR0 - ok
23:54:03.0656 3648 ================ Scan VBR ==================================
23:54:03.0656 3648 [ DF949196DD7AD1AF023BC1C26073A6C5 ] \Device\Harddisk0\DR0\Partition1
23:54:03.0656 3648 \Device\Harddisk0\DR0\Partition1 - ok
23:54:03.0687 3648 [ A3ACEB72144BBEBBA4C4112DDB48E50B ] \Device\Harddisk0\DR0\Partition2
23:54:03.0687 3648 \Device\Harddisk0\DR0\Partition2 - ok
23:54:03.0703 3648 [ 020F421A6223AB45B4C0D87FF40EC6C4 ] \Device\Harddisk0\DR0\Partition3
23:54:03.0703 3648 \Device\Harddisk0\DR0\Partition3 - ok
23:54:03.0703 3648 ============================================================
23:54:03.0703 3648 Scan finished
23:54:03.0703 3648 ============================================================
23:54:03.0718 2196 Detected object count: 0
23:54:03.0718 2196 Actual detected object count: 0
23:55:12.0015 1604 Deinitialize success

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:28 PM

Posted 29 August 2012 - 04:48 PM

interesting,

this file is being regenerated c:\windows\System32\dot3dlgw.dll

I'd like to have it uploaded to analysis to see what the AV companies make of it


please do the following:


submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file c:\windows\System32\dot3dlgw.dll
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.


Note, that the file is hiding itself, so you will need to show hidden files and folders to be able to locate it



  • Close all programs so that you are at your desktop.
  • Open the Control Panel switch to classic view, then click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and exit My Computer.
  • Now your computer is configured to show all hidden files.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 rphilipp

rphilipp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 29 August 2012 - 05:25 PM

https://www.virustotal.com/file/20bec88a417b0a09143b5e6128043d6026c72fc62191138c4731e9ef679eaa82/analysis/1346278926/

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:28 PM

Posted 29 August 2012 - 05:35 PM

OK,

It shouldn't be that difficult to kill, but something is definitely protecting it,

please run a fresh scan with FRST and we'll try removing it there

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 rphilipp

rphilipp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 29 August 2012 - 05:59 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 29-08-2012 19:47:09
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [229376 2011-12-21] (MyHeritage)
HKLM\...\Run: [BigDogPath] C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1 [40960 2003-01-21] (VM.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Gast\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Gast\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Maria Claudia\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Maria Claudia\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
Winlogon\Notify\ GbPluginUni: C:\PROGRA~1\GbPlugin\gbiehUni.dll [X]
Tcpip\..\Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}: [NameServer]189.4.0.147,189.4.0.142
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

========================== Services (Whitelisted) ========================

2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [0 ] ( )
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2012-07-18] (Absolute Software Corp.)
2 Vono_Manager; "C:\Program Files\Vono\Softfone Vono\System\Vono Manager.exe" [102400 2010-03-18] ( )
4 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ===================

3 cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows ® Win 7 DDK provider)
3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16896 2010-05-12] (Danish Wireless Design A/S)
0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [45096 2010-10-11] (GAS Tecnologia)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
2 NSHE; \??\C:\Windows\system32\Drivers\NSHE.SYS [97792 2010-07-28] (Tecar Forum)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [44944 2008-06-15] (Sonic Solutions)
3 ZSMC302; C:\Windows\System32\Drivers\usbvm302.sys [90968 2004-03-19] (VM)
3 catchme; \??\C:\Users\Rodolfo\AppData\Local\Temp\catchme.sys [x]
3 CFcatchme; \??\C:\Users\Rodolfo\AppData\Local\Temp\CFcatchme.sys [x]
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [x]
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [x]
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-08-29 05:58 - 2012-08-29 05:58 - 00000000 ____D C:\Users\Rodolfo\Desktop\bleepingcomputer
2012-08-28 18:43 - 2012-08-28 18:43 - 00013671 ____A C:\ComboFix.txt
2012-08-28 17:35 - 2012-08-28 17:35 - 00001202 ____A C:\Users\Rodolfo\Desktop\ESETSCAN.txt
2012-08-28 14:49 - 2012-08-28 14:49 - 00000000 ____D C:\Users\Rodolfo\AppData\Roaming\Malwarebytes
2012-08-28 14:48 - 2012-08-28 14:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-28 14:48 - 2012-08-28 14:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-28 14:48 - 2012-07-03 08:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-28 14:47 - 2012-08-28 14:47 - 10651816 ____A (Malwarebytes Corporation ) C:\Users\Rodolfo\Desktop\mbam-setup.exe
2012-08-27 21:30 - 2012-08-27 21:31 - 00000000 ____D C:\FRST
2012-08-27 17:56 - 2012-08-27 17:56 - 00003495 ____A C:\Users\Rodolfo\Desktop\FSS.txt
2012-08-27 17:35 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-27 17:35 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-27 17:35 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-27 17:35 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-27 17:35 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-27 17:35 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-27 17:35 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-27 17:32 - 2012-08-28 18:30 - 04739810 ____R (Swearware) C:\Users\Rodolfo\Desktop\ComboFix.exe
2012-08-27 17:20 - 2012-08-28 18:52 - 02193184 ____A C:\Users\Rodolfo\Desktop\tdsskiller.zip
2012-08-27 13:09 - 2012-08-27 13:09 - 00053204 ____A C:\Users\Rodolfo\Desktop\ark.txt
2012-08-27 11:33 - 2012-08-27 11:33 - 00294216 ____A C:\Users\Rodolfo\Desktop\gmer.zip
2012-08-27 11:31 - 2012-08-27 11:31 - 00013292 ____A C:\Users\Rodolfo\Desktop\DDS.txt
2012-08-27 11:31 - 2012-08-27 11:31 - 00007236 ____A C:\Users\Rodolfo\Desktop\Attach.txt
2012-08-27 11:29 - 2012-08-27 11:29 - 00607260 ____R (Swearware) C:\Users\Rodolfo\Desktop\dds.com
2012-08-27 09:20 - 2012-08-28 18:43 - 00000000 ____D C:\Qoobox
2012-08-26 19:02 - 2012-08-26 19:02 - 00000000 ____D C:\Program Files\ESET
2012-08-26 17:52 - 2012-08-26 17:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-26 12:21 - 2012-08-26 12:21 - 10300288 ____A (Microsoft Corporation) C:\Users\Rodolfo\Desktop\mseinstall.exe
2012-08-24 18:45 - 2012-08-29 10:27 - 00000314 ____A C:\Windows\Tasks\Trlcp.job
2012-08-24 18:45 - 2012-08-24 18:45 - 00118784 _RASH C:\Windows\System32\dot3dlgw.dll
2012-08-24 15:44 - 2012-08-24 15:54 - 00000066 ____A C:\Users\Rodolfo\Desktop\TINTAS.txt
2012-08-23 11:38 - 2012-08-23 11:38 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-08-23 11:38 - 2012-08-23 11:38 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-08-23 11:38 - 2012-08-23 11:38 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-08-23 11:38 - 2012-08-23 11:38 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-08-14 15:56 - 2012-07-18 09:10 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 15:56 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 15:56 - 2012-07-04 13:23 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 15:56 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 15:56 - 2012-06-26 22:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-14 15:56 - 2012-06-26 22:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-14 15:56 - 2012-06-26 22:03 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 06029312 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 02072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00627200 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-14 15:56 - 2012-06-26 22:01 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-14 15:56 - 2012-06-26 22:00 - 11019776 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-14 15:56 - 2012-06-26 22:00 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-14 15:56 - 2012-06-26 22:00 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-14 15:56 - 2012-06-26 21:58 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-14 15:56 - 2012-06-26 20:53 - 00386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-14 15:56 - 2012-06-26 20:19 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-14 15:56 - 2012-05-13 20:37 - 00768512 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-10 05:04 - 2012-08-10 05:04 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{C480CC28-129C-47A2-BC9F-A2DCE52D8390}
2012-08-09 12:39 - 2012-08-09 12:39 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{C6174721-7CDF-4ACF-A3D8-96F561B7A0F8}
2012-08-08 13:32 - 2012-08-08 13:33 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{2B84138B-8101-4419-AFD5-1BF8DF2E4F02}
2012-08-05 07:39 - 2012-08-05 07:39 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{E9015C36-FD38-4DD0-A1E0-22EEF3567C84}
2012-08-03 17:55 - 2012-08-03 17:55 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{4A8B219B-2B2E-4FCC-B06D-FEA4EA758C32}
2012-08-03 05:55 - 2012-08-03 05:55 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{73F1C802-18F0-4ACE-9B64-EDF211A06309}
2012-08-02 17:54 - 2012-08-02 17:54 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{B0D5A80B-2BA9-4A8A-A0A8-B73766268672}
2012-08-02 05:53 - 2012-08-10 05:04 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{DAE2D4D6-17E7-4BA6-9F50-A23AF98CAAE9}
2012-08-02 05:53 - 2012-08-02 05:53 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{369EADB5-DA53-4E3E-B9CD-2CAFE292E143}

============ 3 Months Modified Files ========================

2012-08-29 14:40 - 2009-12-03 00:37 - 01648434 ____A C:\Windows\WindowsUpdate.log
2012-08-29 14:09 - 2011-02-20 15:40 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-29 13:58 - 2012-04-06 10:13 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-29 13:47 - 2009-12-30 03:55 - 00017408 ____A C:\Windows\System32\rpcnetp.exe
2012-08-29 10:32 - 2009-07-13 20:34 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-29 10:32 - 2009-07-13 20:34 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-29 10:27 - 2012-08-24 18:45 - 00000314 ____A C:\Windows\Tasks\Trlcp.job
2012-08-29 10:27 - 2012-05-01 16:18 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2012-08-29 10:27 - 2011-02-20 15:40 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-29 10:27 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 10:27 - 2009-07-13 20:39 - 00066337 ____A C:\Windows\setupact.log
2012-08-28 18:52 - 2012-08-27 17:20 - 02193184 ____A C:\Users\Rodolfo\Desktop\tdsskiller.zip
2012-08-28 18:45 - 2009-12-03 04:46 - 01231278 ____A C:\Windows\PFRO.log
2012-08-28 18:43 - 2012-08-28 18:43 - 00013671 ____A C:\ComboFix.txt
2012-08-28 18:41 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-08-28 18:30 - 2012-08-27 17:32 - 04739810 ____R (Swearware) C:\Users\Rodolfo\Desktop\ComboFix.exe
2012-08-28 17:35 - 2012-08-28 17:35 - 00001202 ____A C:\Users\Rodolfo\Desktop\ESETSCAN.txt
2012-08-28 14:47 - 2012-08-28 14:47 - 10651816 ____A (Malwarebytes Corporation ) C:\Users\Rodolfo\Desktop\mbam-setup.exe
2012-08-28 06:06 - 2011-07-22 05:29 - 00000777 ____A C:\Windows\MyHeritage.INI
2012-08-27 17:56 - 2012-08-27 17:56 - 00003495 ____A C:\Users\Rodolfo\Desktop\FSS.txt
2012-08-27 17:49 - 2009-07-13 20:53 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-27 16:41 - 2009-12-30 03:56 - 00017408 ____A C:\Windows\System32\rpcnetp.dll
2012-08-27 16:15 - 2009-12-03 03:54 - 07805730 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-27 16:15 - 2009-08-19 11:48 - 00611366 ____A C:\Windows\System32\perfh01D.dat
2012-08-27 16:15 - 2009-08-19 11:48 - 00121648 ____A C:\Windows\System32\perfc01D.dat
2012-08-27 16:15 - 2009-08-19 10:32 - 00668832 ____A C:\Windows\System32\perfh019.dat
2012-08-27 16:15 - 2009-08-19 10:32 - 00129892 ____A C:\Windows\System32\perfc019.dat
2012-08-27 16:15 - 2009-08-19 10:26 - 00683456 ____A C:\Windows\System32\perfh013.dat
2012-08-27 16:15 - 2009-08-19 10:26 - 00130608 ____A C:\Windows\System32\perfc013.dat
2012-08-27 16:15 - 2009-08-19 10:20 - 00442152 ____A C:\Windows\System32\perfh014.dat
2012-08-27 16:15 - 2009-08-19 10:20 - 00075002 ____A C:\Windows\System32\perfc014.dat
2012-08-27 16:15 - 2009-08-19 10:15 - 00682110 ____A C:\Windows\System32\perfh010.dat
2012-08-27 16:15 - 2009-08-19 10:15 - 00125006 ____A C:\Windows\System32\perfc010.dat
2012-08-27 13:09 - 2012-08-27 13:09 - 00053204 ____A C:\Users\Rodolfo\Desktop\ark.txt
2012-08-27 11:33 - 2012-08-27 11:33 - 00294216 ____A C:\Users\Rodolfo\Desktop\gmer.zip
2012-08-27 11:31 - 2012-08-27 11:31 - 00013292 ____A C:\Users\Rodolfo\Desktop\DDS.txt
2012-08-27 11:31 - 2012-08-27 11:31 - 00007236 ____A C:\Users\Rodolfo\Desktop\Attach.txt
2012-08-27 11:29 - 2012-08-27 11:29 - 00607260 ____R (Swearware) C:\Users\Rodolfo\Desktop\dds.com
2012-08-27 06:50 - 2011-12-09 05:04 - 00000008 ____A C:\Users\Rodolfo\$TimeStamp.pbu
2012-08-26 17:53 - 2011-01-27 07:23 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-26 12:21 - 2012-08-26 12:21 - 10300288 ____A (Microsoft Corporation) C:\Users\Rodolfo\Desktop\mseinstall.exe
2012-08-26 07:47 - 2009-07-13 18:03 - 57933824 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-08-26 07:47 - 2009-07-13 18:03 - 15466496 ____A C:\Windows\System32\config\SYSTEM.bak
2012-08-26 07:47 - 2009-07-13 18:03 - 00786432 ____A C:\Windows\System32\config\DEFAULT.bak
2012-08-26 07:47 - 2009-07-13 18:03 - 00106496 ____A C:\Windows\System32\config\SAM.bak
2012-08-26 07:47 - 2009-07-13 18:03 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-08-26 07:14 - 2012-04-06 10:12 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-26 07:14 - 2011-05-23 05:38 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-24 18:45 - 2012-08-24 18:45 - 00118784 _RASH C:\Windows\System32\dot3dlgw.dll
2012-08-24 15:54 - 2012-08-24 15:44 - 00000066 ____A C:\Users\Rodolfo\Desktop\TINTAS.txt
2012-08-23 11:38 - 2012-08-23 11:38 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-08-23 11:38 - 2012-08-23 11:38 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-08-23 11:38 - 2012-08-23 11:38 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-08-23 11:38 - 2012-08-23 11:38 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-08-23 11:38 - 2010-12-22 17:20 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-08-15 05:20 - 2009-07-13 20:33 - 00289168 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 16:00 - 2009-12-03 04:16 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 14:21 - 2012-01-13 13:08 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-09 14:24 - 2011-10-04 16:55 - 00000000 ____A C:\Users\All Users\GetRight.lst
2012-08-07 17:49 - 2012-07-20 16:32 - 00000041 ____A C:\Windows\crw.ini
2012-08-07 17:49 - 2012-07-08 14:46 - 00000064 ____A C:\Users\Rodolfo\Documents\GERENTE.ldb
2012-08-07 17:49 - 2011-03-19 11:26 - 00720896 ____A C:\Users\Rodolfo\Documents\Gerente.mdb
2012-07-23 16:19 - 2012-07-23 16:19 - 00002205 ____A C:\1.xml
2012-07-21 14:49 - 2012-07-21 14:49 - 00001713 ____A C:\Users\Rodolfo\Desktop\Google Earth.lnk
2012-07-19 18:25 - 2011-03-19 11:26 - 00014481 ____A C:\Users\Rodolfo\Documents\Meine Orte.kmz
2012-07-18 11:46 - 2009-07-13 18:04 - 00000448 ____A C:\Windows\win.ini
2012-07-18 11:44 - 2012-07-18 11:44 - 00000996 ____A C:\Users\Rodolfo\Desktop\AirNav ACARS Decoder 2.lnk
2012-07-18 09:44 - 2012-03-13 10:57 - 00058288 ____N (Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
2012-07-18 09:44 - 2012-03-13 10:56 - 00013160 ____A (Absolute Software Corp.) C:\Windows\System32\Upgrd.exe
2012-07-18 09:10 - 2012-08-14 15:56 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 13:26 - 2012-08-14 15:56 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:23 - 2012-08-14 15:56 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:23 - 2012-08-14 15:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-03 08:46 - 2012-08-28 14:48 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 22:03 - 2012-08-14 15:56 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-26 22:03 - 2012-08-14 15:56 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-26 22:03 - 2012-08-14 15:56 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 06029312 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 02072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00627200 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-26 22:01 - 2012-08-14 15:56 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-26 22:00 - 2012-08-14 15:56 - 11019776 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-26 22:00 - 2012-08-14 15:56 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-26 22:00 - 2012-08-14 15:56 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-26 21:58 - 2012-08-14 15:56 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-26 20:53 - 2012-08-14 15:56 - 00386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-26 20:19 - 2012-08-14 15:56 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-15 06:42 - 2012-06-15 06:42 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 16:05 - 2012-06-14 16:05 - 00053760 ____A C:\Users\Maria Claudia\Documents\modelo consorcio.do%253F%253D%2B%2B%253D%253Futf-8%253FQ%253Fc
2012-06-08 20:46 - 2012-07-19 18:47 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 15:59 - 2012-06-06 15:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-05 21:09 - 2012-07-19 18:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:09 - 2012-07-19 18:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 14:09 - 2012-06-04 14:09 - 00000047 ____A C:\Users\All Users\GetRight.snk
2012-06-02 14:19 - 2012-06-26 12:30 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-26 12:30 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-26 12:30 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-26 12:30 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-26 12:30 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-26 12:30 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-26 12:30 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 10:19 - 2012-06-26 12:29 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 10:12 - 2012-06-26 12:29 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:51 - 2012-07-19 18:47 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:51 - 2012-07-19 18:47 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:50 - 2012-07-19 18:47 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:48 - 2012-07-19 18:47 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:47 - 2012-07-19 18:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-27 09:15:30
Restore point made on: 2012-08-27 11:08:03

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3062.43 MB
Available physical RAM: 2599.13 MB
Total Pagefile: 3058.64 MB
Available Pagefile: 2606.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.65 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:46.56 GB) (Free:3.91 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:7.46 GB) (Free:0.23 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB
Disk 1 Online 7653 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 46 GB 101 MB
Partition 3 Primary 186 GB 46 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 46 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Partition 186 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7652 MB 96 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON FAT32 Removable 7652 MB Healthy

==================================================================================

Last Boot: 2012-08-27 07:28

==================== End Of Log =============================





Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 2012-08-29 19:50:16
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\ERDNT\cache\services.exe
[2011-05-10 16:03] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:28 PM

Posted 29 August 2012 - 06:18 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-08-24 18:45 - 2012-08-29 10:27 - 00000314 ____A C:\Windows\Tasks\Trlcp.job
2012-08-24 18:45 - 2012-08-24 18:45 - 00118784 _RASH C:\Windows\System32\dot3dlgw.dll
2012-08-10 05:04 - 2012-08-10 05:04 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{C480CC28-129C-47A2-BC9F-A2DCE52D8390}
2012-08-09 12:39 - 2012-08-09 12:39 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{C6174721-7CDF-4ACF-A3D8-96F561B7A0F8}
2012-08-08 13:32 - 2012-08-08 13:33 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{2B84138B-8101-4419-AFD5-1BF8DF2E4F02}
2012-08-05 07:39 - 2012-08-05 07:39 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{E9015C36-FD38-4DD0-A1E0-22EEF3567C84}
2012-08-03 17:55 - 2012-08-03 17:55 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{4A8B219B-2B2E-4FCC-B06D-FEA4EA758C32}
2012-08-03 05:55 - 2012-08-03 05:55 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{73F1C802-18F0-4ACE-9B64-EDF211A06309}
2012-08-02 17:54 - 2012-08-02 17:54 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{B0D5A80B-2BA9-4A8A-A0A8-B73766268672}
2012-08-02 05:53 - 2012-08-10 05:04 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{DAE2D4D6-17E7-4BA6-9F50-A23AF98CAAE9}
2012-08-02 05:53 - 2012-08-02 05:53 - 00000000 ____D C:\Users\Maria Claudia\AppData\Local\{369EADB5-DA53-4E3E-B9CD-2CAFE292E143}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Please re-run ComboFix, post the fresh log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 rphilipp

rphilipp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 29 August 2012 - 06:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 2012-08-29 20:26:32 Run:1
Running from G:\

==============================================

C:\Windows\Tasks\Trlcp.job moved successfully.
C:\Windows\System32\dot3dlgw.dll moved successfully.
C:\Users\Maria Claudia\AppData\Local\{C480CC28-129C-47A2-BC9F-A2DCE52D8390} moved successfully.
C:\Users\Maria Claudia\AppData\Local\{C6174721-7CDF-4ACF-A3D8-96F561B7A0F8} moved successfully.
C:\Users\Maria Claudia\AppData\Local\{2B84138B-8101-4419-AFD5-1BF8DF2E4F02} moved successfully.
C:\Users\Maria Claudia\AppData\Local\{E9015C36-FD38-4DD0-A1E0-22EEF3567C84} moved successfully.
C:\Users\Maria Claudia\AppData\Local\{4A8B219B-2B2E-4FCC-B06D-FEA4EA758C32} moved successfully.
C:\Users\Maria Claudia\AppData\Local\{73F1C802-18F0-4ACE-9B64-EDF211A06309} moved successfully.
C:\Users\Maria Claudia\AppData\Local\{B0D5A80B-2BA9-4A8A-A0A8-B73766268672} moved successfully.
C:\Users\Maria Claudia\AppData\Local\{DAE2D4D6-17E7-4BA6-9F50-A23AF98CAAE9} moved successfully.
C:\Users\Maria Claudia\AppData\Local\{369EADB5-DA53-4E3E-B9CD-2CAFE292E143} moved successfully.

==== End of Fixlog ====



ComboFix 12-08-29.03 - Rodolfo 29.08.2012 20:36:55.7.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3062.2207 [GMT -3:00]
ausgeführt von:: c:\users\Rodolfo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\autochk.exe . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-28 bis 2012-08-29 ))))))))))))))))))))))))))))))
.
.
2012-08-29 23:50 . 2012-08-29 23:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-29 23:50 . 2012-08-29 23:50 -------- d-----w- c:\users\Maria Claudia\AppData\Local\temp
2012-08-29 23:50 . 2012-08-29 23:50 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-08-29 23:50 . 2012-08-29 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 22:49 . 2012-08-28 22:49 -------- d-----w- c:\users\Rodolfo\AppData\Roaming\Malwarebytes
2012-08-28 22:48 . 2012-08-28 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-28 22:48 . 2012-08-28 22:48 -------- d-----w- c:\programdata\Malwarebytes
2012-08-28 22:48 . 2012-07-03 16:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 05:30 . 2012-08-28 05:31 -------- d-----w- C:\FRST
2012-08-27 03:02 . 2012-08-27 03:02 -------- d-----w- c:\program files\ESET
2012-08-27 02:25 . 2012-08-20 04:53 7023536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F62C3D3-067D-4ADA-8BE5-04637E0DE9D1}\mpengine.dll
2012-08-27 01:52 . 2012-08-27 01:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-26 15:46 . 2012-08-29 23:50 -------- d-----w- c:\users\Rodolfo\AppData\Local\temp
2012-08-23 19:38 . 2012-08-23 19:38 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 23:27 . 2009-12-30 11:55 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-29 23:27 . 2012-05-02 00:18 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-29 23:27 . 2009-12-30 11:56 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-26 15:14 . 2012-04-06 18:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 15:14 . 2011-05-23 13:38 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 19:38 . 2010-12-23 01:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 17:44 . 2012-03-13 18:56 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-07-18 17:44 . 2012-03-13 18:57 58288 ------w- c:\windows\system32\rpcnet.exe
2012-06-22 00:26 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-06 23:59 . 2012-06-06 23:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:09 . 2012-07-20 02:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-20 02:47 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-26 20:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 20:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 20:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 20:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 20:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 20:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 20:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 18:19 . 2012-06-26 20:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 18:12 . 2012-06-26 20:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-20 02:47 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-20 02:47 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-20 02:47 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-20 02:47 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-20 02:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehUni.dll" [2010-10-11 341928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2010-10-11 15:51 341928 ----a-w- c:\progra~1\GbPlugin\gbiehUni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CFcatchme;CFcatchme;c:\users\Rodolfo\AppData\Local\Temp\CFcatchme.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\Drivers\usbvm302.sys [x]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [x]
S2 Vono_Manager;Vono Manager;c:\program files\Vono\Softfone Vono\System\Vono Manager.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:14]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 23:40]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 23:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://bl165w.blu165.mail.live.com/default.aspx?rru=inbox
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
TCP: Interfaces\{249D92D4-66F9-4E45-8EEB-7FA068CC343D}: NameServer = 189.4.0.147,189.4.0.142
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3196)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2012-08-29 20:52:25
ComboFix-quarantined-files.txt 2012-08-29 23:52
ComboFix2.txt 2012-08-29 02:43
ComboFix3.txt 2012-08-28 22:43
ComboFix4.txt 2012-08-28 01:47
ComboFix5.txt 2012-08-29 23:34
.
Vor Suchlauf: 4.178.698.240 Bytes frei
Nach Suchlauf: 4.144.009.216 Bytes frei
.
- - End Of File - - 294459FB8C9EE35E63DB9D83440A2CF4




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users