Jump to content

Trojan.ZbotR.gen

Kolak

By Kolak
in Resolved Malware Removal Logs

 Share

Recommended Posts

Kolak

Kolak

Posted
Posted

Hello guys,

firstly I'm a complete newbie so excuse my lack of brain in this field. I have read some of your guys' feedback and I must say it's great but now I'm affected myself. It's very rare that I encounter a problem with a virus since I'm always very cautious but recently I have had some problems. The first awkward thing was that when browsing with Firefox using Google, I got a really awkward 'warning' saying that this site has hidden information or smth and people are able to see or whatsoever. I didn't pay much attention to that sadly. The next thing which happened this morning was that my computer was running extremely slowly. It later on resulted into a crash. All my computer settings were frozen, you could not even move the mouse.

So I have decided to perform a Quick Scan with Malware bytes and it found 2 trojans at 2 different locations:

The name of the trojan was Trojan.ZbotR.gen and it was in a Registry Value and in a normal file.

I clicked on Remove Selected and it said that the trojan was sucessfully removed and I shall restart my system now. So I have restarted the system and performed a QuickScan again using Malwarebytes and it found nothing.

So firstly I wanted to ask you guys if you know what this trojan is about. I read somewhere that it affects online banking. I do online banking with certain games, buying premium time etc. Does this also mean that they can get my account and password details for the certain game? And do I need to contact my bank aswell because my account details are under threat? As you can see Im a complete newbie so once again excuse that.

Other than that I just wanted to know if my system is safe now or if you guys know anything about this virus and what is recommended to do.

Thank you everyone!

Keep up the good work

Yours

Kolak

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Thank you very much for your kind and fast reply! Here is what was requested.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.7.2

Run by *** at 12:58:44 on 2012-08-31

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2266 [GMT 2:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

C:\Users\Omid\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~2\mcafee.com\agent\mcagent.exe

C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe

C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe

C:\Windows\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATICKE.EXE

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe

C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~2\mcafee\msc\mcuimgr.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Windows\notepad.exe

C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_x1700

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_x1700

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_x1700

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_x1700

uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll

BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - C:\Program Files (x86)\kikin\ie_kikin.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [EPSON Stylus Photo R285 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU "C:\Windows\TEMP\E_S196F.tmp" /EF "HKCU"

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey

mRun: [siteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"

mRun: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"

mRun: [bkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [eRecoveryService]

mRun: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Recordpad] "C:\Program Files (x86)\NCH Software\Recordpad\recordpad.exe" -logon

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Free YouTube to MP3 Converter - C:\Users\Omid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00105-0001-0005-ABCDEFFEDCBC}

IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B0029A06-3C9D-4D36-B0D8-225A1A7F8865} : DhcpNameServer = 192.168.1.254

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B164E929-A1B6-4A06-B104-2CD0E90A88FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{E601996F-E400-41CA-804B-CD6373A7EEE2}

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

mRun-x64: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey

mRun-x64: [siteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"

mRun-x64: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"

mRun-x64: [bkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [eRecoveryService]

mRun-x64: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Recordpad] "C:\Program Files (x86)\NCH Software\Recordpad\recordpad.exe" -logon

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Omid\AppData\Roaming\Mozilla\Firefox\Profiles\q1iekqty.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: -

FF - user.js: security.enable_tls - false

FF - user.js: network.http.accept-encoding -

FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 mfehidk;McAfee Inc.;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-10-31 269448]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-3-3 16384]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-10-31 24576]

R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-10-31 359248]

R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-10-31 153408]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-25 45056]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-4-25 131072]

R2 SearchAnonymizer;SearchAnonymizer;C:\Users\Omid\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-8-11 40960]

R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2008-10-31 695624]

R3 mfeavfk;McAfee Inc.;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfesmfk;McAfee Inc.;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-26 135664]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-6-21 110312]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-13 250056]

S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-26 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 mferkdk;McAfee Inc.;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-7 114144]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-6-30 89920]

.

=============== Created Last 30 ================

.

2012-08-31 10:08:48 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-31 09:09:11 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-29 20:25:03 9232584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-08-16 10:15:22 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-08-11 15:44:05 -------- d-----w- C:\Users\Omid\AppData\Roaming\kikin

2012-08-11 15:44:05 -------- d-----w- C:\Program Files (x86)\kikin

2012-08-11 15:44:01 616024 ----a-w- C:\Windows\SysWow64\comctl32.ocx

2012-08-11 15:44:01 124688 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX

2012-08-11 15:44:01 -------- d-----w- C:\Program Files (x86)\ICQ Status Checker

2012-08-11 15:43:57 -------- d-----w- C:\Program Files (x86)\Langmeier Software

2012-08-11 15:43:48 338432 ----a-w- C:\Windows\SysWow64\sqlite36_engine.dll

2012-08-11 15:43:47 493056 ----a-w- C:\Windows\SysWow64\dhRichClient3.dll

2012-08-11 15:43:47 -------- d-----w- C:\Users\Omid\AppData\Roaming\DesktopIconForAmazon

2012-08-11 15:43:46 -------- d-----w- C:\Users\Omid\AppData\Roaming\OCS

.

==================== Find3M ====================

.

2012-08-31 10:08:28 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-31 10:08:28 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-29 20:25:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-29 20:25:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-27 16:11:22 1032192 ----a-w- C:\Windows\System32\wininet.dll

2012-06-27 15:59:13 834048 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-27 14:50:15 485376 ----a-w- C:\Windows\System32\html.iec

2012-06-27 14:15:21 389632 ----a-w- C:\Windows\SysWow64\html.iec

2012-06-27 14:13:09 1383424 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-27 13:49:42 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-06 18:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 13:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

.

============= FINISH: 12:59:41,67 ===============

Attach.txt

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

And RogueKiller!

mail: tigzyRK<at>gmail<dot>com

Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Betriebssystem: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Gestartet in : Normal Modus

Benutzer : *** [Admin Rechte]

Funktion : Scannen -- Datum : 08/31/2012 13:07:28

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 6 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Run : Ocs_SM (C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe) -> FAND

[services][bLACKLIST] HKLM\[...]\ControlSet001\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> FAND

[services][bLACKLIST] HKLM\[...]\ControlSet002\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> FAND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FAND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FAND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\ACER(W~1.SCR) -> FAND

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Infektion : ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 EAVS-00D7B1 SCSI Disk Device +++++

--- User ---

[MBR] 9d7888d0c68f3cfcd37d7b15f7310a2e

[bSP] f1f5b5264fd74852d8d5db399adca42b : Acer tatooed MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 465304 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 994887684 | Size: 468082 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Abgeschlossen : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

Please read the directions carefully so you don't end up deleting something that is good!!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Thank you for your reply! Here is the log

13:49:03.0198 4032 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

13:49:03.0401 4032 ============================================================

13:49:03.0401 4032 Current date / time: 2012/08/31 13:49:03.0401

13:49:03.0401 4032 SystemInfo:

13:49:03.0401 4032

13:49:03.0401 4032 OS Version: 6.0.6002 ServicePack: 2.0

13:49:03.0401 4032 Product type: Workstation

13:49:03.0401 4032 ComputerName: ***-PC

13:49:03.0401 4032 UserName: ***

13:49:03.0401 4032 Windows directory: C:\Windows

13:49:03.0401 4032 System windows directory: C:\Windows

13:49:03.0401 4032 Running under WOW64

13:49:03.0401 4032 Processor architecture: Intel x64

13:49:03.0401 4032 Number of processors: 4

13:49:03.0401 4032 Page size: 0x1000

13:49:03.0401 4032 Boot type: Normal boot

13:49:03.0401 4032 ============================================================

13:49:03.0775 4032 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:49:03.0791 4032 ============================================================

13:49:03.0791 4032 \Device\Harddisk0\DR0:

13:49:03.0791 4032 MBR partitions:

13:49:03.0791 4032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x38CCC000

13:49:03.0791 4032 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B4CC804, BlocksNum 0x392391BD

13:49:03.0791 4032 ============================================================

13:49:03.0822 4032 C: <-> \Device\Harddisk0\DR0\Partition1

13:49:03.0853 4032 D: <-> \Device\Harddisk0\DR0\Partition2

13:49:03.0853 4032 ============================================================

13:49:03.0853 4032 Initialize success

13:49:03.0853 4032 ============================================================

13:49:27.0955 3176 ============================================================

13:49:27.0955 3176 Scan started

13:49:27.0955 3176 Mode: Manual; SigCheck; TDLFS;

13:49:27.0955 3176 ============================================================

13:49:28.0111 3176 ================ Scan system memory ========================

13:49:28.0111 3176 System memory - ok

13:49:28.0111 3176 ================ Scan services =============================

13:49:28.0236 3176 [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

13:49:28.0345 3176 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - warning

13:49:28.0345 3176 Acer HomeMedia Connect Service - detected UnsignedFile.Multi.Generic (1)

13:49:28.0439 3176 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

13:49:28.0470 3176 ACPI - ok

13:49:28.0564 3176 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:49:28.0579 3176 AdobeARMservice - ok

13:49:28.0689 3176 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:49:28.0704 3176 AdobeFlashPlayerUpdateSvc - ok

13:49:28.0767 3176 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

13:49:28.0798 3176 adp94xx - ok

13:49:28.0813 3176 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

13:49:28.0845 3176 adpahci - ok

13:49:28.0845 3176 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

13:49:28.0860 3176 adpu160m - ok

13:49:28.0876 3176 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

13:49:28.0891 3176 adpu320 - ok

13:49:28.0923 3176 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:49:28.0954 3176 AeLookupSvc - ok

13:49:28.0985 3176 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

13:49:29.0016 3176 AFD - ok

13:49:29.0032 3176 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

13:49:29.0063 3176 agp440 - ok

13:49:29.0079 3176 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

13:49:29.0094 3176 aic78xx - ok

13:49:29.0110 3176 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

13:49:29.0157 3176 ALG - ok

13:49:29.0172 3176 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys

13:49:29.0188 3176 aliide - ok

13:49:29.0188 3176 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

13:49:29.0203 3176 amdide - ok

13:49:29.0219 3176 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

13:49:29.0250 3176 AmdK8 - ok

13:49:29.0281 3176 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

13:49:29.0297 3176 Appinfo - ok

13:49:29.0313 3176 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

13:49:29.0328 3176 arc - ok

13:49:29.0344 3176 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

13:49:29.0359 3176 arcsas - ok

13:49:29.0391 3176 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:49:29.0422 3176 AsyncMac - ok

13:49:29.0437 3176 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys

13:49:29.0469 3176 atapi - ok

13:49:29.0500 3176 [ 81AC7567F476AA6D9AE7C84C4B3A5F81 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

13:49:29.0531 3176 Ati External Event Utility - ok

13:49:29.0671 3176 [ 8EA545F0F90E6388DCACA8F4F9404DC5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

13:49:29.0796 3176 atikmdag - ok

13:49:29.0827 3176 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:49:29.0859 3176 AudioEndpointBuilder - ok

13:49:29.0890 3176 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

13:49:29.0921 3176 AudioSrv - ok

13:49:29.0968 3176 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll

13:49:30.0030 3176 BFE - ok

13:49:30.0108 3176 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll

13:49:31.0044 3176 BITS - ok

13:49:31.0060 3176 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

13:49:31.0169 3176 blbdrive - ok

13:49:31.0185 3176 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:49:31.0278 3176 bowser - ok

13:49:31.0278 3176 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

13:49:31.0403 3176 BrFiltLo - ok

13:49:31.0403 3176 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

13:49:31.0497 3176 BrFiltUp - ok

13:49:31.0512 3176 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

13:49:31.0543 3176 Browser - ok

13:49:31.0559 3176 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

13:49:31.0621 3176 Brserid - ok

13:49:31.0621 3176 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

13:49:31.0684 3176 BrSerWdm - ok

13:49:31.0684 3176 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

13:49:31.0746 3176 BrUsbMdm - ok

13:49:31.0746 3176 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

13:49:31.0793 3176 BrUsbSer - ok

13:49:31.0840 3176 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

13:49:31.0855 3176 BthEnum - ok

13:49:31.0887 3176 [ 72F70A38BB15252EB7C4DA7BA3BD4ED1 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

13:49:31.0918 3176 BTHMODEM - ok

13:49:31.0933 3176 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

13:49:31.0965 3176 BthPan - ok

13:49:32.0027 3176 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

13:49:32.0058 3176 BTHPORT - ok

13:49:32.0105 3176 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll

13:49:32.0121 3176 BthServ - ok

13:49:32.0136 3176 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

13:49:32.0152 3176 BTHUSB - ok

13:49:32.0183 3176 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

13:49:32.0199 3176 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning

13:49:32.0199 3176 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)

13:49:32.0199 3176 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:49:32.0245 3176 cdfs - ok

13:49:32.0277 3176 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:49:32.0308 3176 cdrom - ok

13:49:32.0339 3176 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

13:49:32.0370 3176 CertPropSvc - ok

13:49:32.0386 3176 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

13:49:32.0417 3176 circlass - ok

13:49:32.0448 3176 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

13:49:32.0479 3176 CLFS - ok

13:49:32.0542 3176 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:49:32.0557 3176 clr_optimization_v2.0.50727_32 - ok

13:49:32.0620 3176 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:49:32.0635 3176 clr_optimization_v2.0.50727_64 - ok

13:49:32.0682 3176 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:49:32.0698 3176 clr_optimization_v4.0.30319_32 - ok

13:49:32.0729 3176 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:49:32.0745 3176 clr_optimization_v4.0.30319_64 - ok

13:49:32.0760 3176 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

13:49:32.0885 3176 cmdide - ok

13:49:32.0901 3176 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

13:49:33.0805 3176 Compbatt - ok

13:49:33.0805 3176 COMSysApp - ok

13:49:33.0837 3176 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys

13:49:33.0915 3176 cpuz135 - ok

13:49:33.0915 3176 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

13:49:34.0008 3176 crcdisk - ok

13:49:34.0039 3176 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:49:34.0133 3176 CryptSvc - ok

13:49:34.0180 3176 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

13:49:34.0242 3176 DcomLaunch - ok

13:49:34.0242 3176 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:49:34.0320 3176 DfsC - ok

13:49:34.0414 3176 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

13:49:34.0507 3176 DFSR - ok

13:49:34.0554 3176 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

13:49:34.0585 3176 Dhcp - ok

13:49:34.0601 3176 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

13:49:34.0617 3176 disk - ok

13:49:34.0648 3176 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:49:34.0663 3176 Dnscache - ok

13:49:34.0679 3176 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

13:49:34.0726 3176 dot3svc - ok

13:49:34.0757 3176 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

13:49:34.0804 3176 DPS - ok

13:49:34.0819 3176 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:49:34.0851 3176 drmkaud - ok

13:49:34.0882 3176 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:49:34.0944 3176 DXGKrnl - ok

13:49:35.0007 3176 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

13:49:35.0053 3176 E1G60 - ok

13:49:35.0069 3176 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

13:49:35.0100 3176 EapHost - ok

13:49:35.0131 3176 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

13:49:35.0163 3176 Ecache - ok

13:49:35.0194 3176 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

13:49:35.0225 3176 eDataSecurity Service - ok

13:49:35.0256 3176 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:49:35.0303 3176 ehRecvr - ok

13:49:35.0319 3176 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

13:49:35.0350 3176 ehSched - ok

13:49:35.0365 3176 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

13:49:35.0381 3176 ehstart - ok

13:49:35.0412 3176 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

13:49:35.0428 3176 elxstor - ok

13:49:35.0475 3176 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

13:49:35.0506 3176 EMDMgmt - ok

13:49:35.0521 3176 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

13:49:35.0568 3176 ErrDev - ok

13:49:35.0615 3176 [ C0FE39B8F686B7C70A666E716CC12B49 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

13:49:35.0615 3176 ETService ( UnsignedFile.Multi.Generic ) - warning

13:49:35.0615 3176 ETService - detected UnsignedFile.Multi.Generic (1)

13:49:35.0646 3176 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

13:49:35.0677 3176 EventSystem - ok

13:49:35.0724 3176 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

13:49:35.0740 3176 exfat - ok

13:49:35.0787 3176 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:49:36.0567 3176 fastfat - ok

13:49:36.0598 3176 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

13:49:36.0645 3176 fdc - ok

13:49:36.0660 3176 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

13:49:36.0754 3176 fdPHost - ok

13:49:36.0801 3176 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

13:49:36.0910 3176 FDResPub - ok

13:49:36.0910 3176 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:49:36.0972 3176 FileInfo - ok

13:49:36.0972 3176 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:49:37.0206 3176 Filetrace - ok

13:49:37.0206 3176 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

13:49:37.0284 3176 flpydisk - ok

13:49:37.0300 3176 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:49:37.0331 3176 FltMgr - ok

13:49:37.0378 3176 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

13:49:37.0425 3176 FontCache - ok

13:49:37.0456 3176 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:49:37.0471 3176 FontCache3.0.0.0 - ok

13:49:37.0518 3176 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:49:37.0534 3176 Fs_Rec - ok

13:49:37.0565 3176 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

13:49:37.0581 3176 gagp30kx - ok

13:49:37.0612 3176 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

13:49:37.0659 3176 gpsvc - ok

13:49:37.0721 3176 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:49:37.0752 3176 gupdate - ok

13:49:37.0768 3176 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:49:37.0799 3176 gupdatem - ok

13:49:37.0815 3176 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

13:49:37.0861 3176 gusvc - ok

13:49:37.0893 3176 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

13:49:37.0924 3176 HdAudAddService - ok

13:49:37.0971 3176 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

13:49:38.0033 3176 HDAudBus - ok

13:49:38.0064 3176 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

13:49:38.0111 3176 HidBth - ok

13:49:38.0127 3176 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

13:49:38.0189 3176 HidIr - ok

13:49:38.0205 3176 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll

13:49:38.0236 3176 hidserv - ok

13:49:38.0267 3176 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:49:38.0298 3176 HidUsb - ok

13:49:38.0314 3176 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

13:49:38.0361 3176 hkmsvc - ok

13:49:38.0376 3176 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

13:49:38.0392 3176 HpCISSs - ok

13:49:38.0439 3176 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:49:38.0454 3176 HTTP - ok

13:49:38.0485 3176 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

13:49:38.0501 3176 i2omp - ok

13:49:38.0517 3176 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

13:49:38.0548 3176 i8042prt - ok

13:49:38.0563 3176 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

13:49:39.0343 3176 iaStorV - ok

13:49:39.0375 3176 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:49:39.0421 3176 idsvc - ok

13:49:39.0437 3176 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

13:49:39.0546 3176 iirsp - ok

13:49:39.0577 3176 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

13:49:39.0624 3176 IKEEXT - ok

13:49:39.0687 3176 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys

13:49:39.0702 3176 int15 - ok

13:49:39.0749 3176 [ 023EB98945069178C21B324B880AD787 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

13:49:39.0952 3176 IntcAzAudAddService - ok

13:49:39.0967 3176 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys

13:49:40.0030 3176 intelide - ok

13:49:40.0045 3176 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

13:49:40.0123 3176 intelppm - ok

13:49:40.0139 3176 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:49:40.0186 3176 IPBusEnum - ok

13:49:40.0201 3176 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:49:40.0233 3176 IpFilterDriver - ok

13:49:40.0279 3176 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:49:40.0295 3176 iphlpsvc - ok

13:49:40.0311 3176 IpInIp - ok

13:49:40.0326 3176 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

13:49:40.0373 3176 IPMIDRV - ok

13:49:40.0373 3176 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

13:49:40.0435 3176 IPNAT - ok

13:49:40.0435 3176 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:49:40.0482 3176 IRENUM - ok

13:49:40.0498 3176 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

13:49:40.0529 3176 isapnp - ok

13:49:40.0560 3176 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

13:49:40.0623 3176 iScsiPrt - ok

13:49:40.0623 3176 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

13:49:40.0732 3176 iteatapi - ok

13:49:40.0732 3176 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

13:49:40.0810 3176 iteraid - ok

13:49:40.0810 3176 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:49:40.0888 3176 kbdclass - ok

13:49:40.0903 3176 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

13:49:40.0935 3176 kbdhid - ok

13:49:40.0950 3176 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

13:49:40.0997 3176 KeyIso - ok

13:49:41.0028 3176 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:49:41.0059 3176 KSecDD - ok

13:49:41.0075 3176 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

13:49:41.0122 3176 ksthunk - ok

13:49:41.0153 3176 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

13:49:41.0200 3176 KtmRm - ok

13:49:41.0231 3176 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll

13:49:41.0247 3176 LanmanServer - ok

13:49:41.0293 3176 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:49:41.0309 3176 LanmanWorkstation - ok

13:49:41.0371 3176 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

13:49:41.0371 3176 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

13:49:41.0371 3176 LightScribeService - detected UnsignedFile.Multi.Generic (1)

13:49:41.0387 3176 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:49:42.0120 3176 lltdio - ok

13:49:42.0151 3176 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:49:42.0198 3176 lltdsvc - ok

13:49:42.0214 3176 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:49:42.0307 3176 lmhosts - ok

13:49:42.0323 3176 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

13:49:42.0401 3176 LSI_FC - ok

13:49:42.0401 3176 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

13:49:42.0510 3176 LSI_SAS - ok

13:49:42.0510 3176 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

13:49:42.0682 3176 LSI_SCSI - ok

13:49:42.0682 3176 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

13:49:42.0775 3176 luafv - ok

13:49:42.0838 3176 [ F8040A47A0E447F96144A8D3E1170119 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

13:49:42.0885 3176 McAfee SiteAdvisor Service - ok

13:49:42.0947 3176 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe

13:49:42.0963 3176 McComponentHostService - ok

13:49:42.0994 3176 [ 6309670BF9BF87C05F2C68DE2B73BA9E ] mcmscsvc C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

13:49:43.0025 3176 mcmscsvc - ok

13:49:43.0134 3176 [ 5E25F0B6F0BB3F2A880598AF1BA36174 ] McNASvc c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

13:49:43.0228 3176 McNASvc - ok

13:49:43.0259 3176 [ E9F6615BB28D3AF97C4023E916C3C76A ] McODS C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

13:49:43.0290 3176 McODS - ok

13:49:43.0306 3176 [ 8CF3DA0BE6094C34D7C4A85493E60547 ] McProxy c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

13:49:43.0337 3176 McProxy - ok

13:49:43.0353 3176 [ 6E6E37053204F3719C66006332ACC086 ] McShield C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

13:49:43.0368 3176 McShield - ok

13:49:43.0415 3176 [ 65FF2F0B0AAFCA4720186C4C2F4822CE ] McSysmon C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

13:49:43.0431 3176 McSysmon - ok

13:49:43.0462 3176 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:49:43.0477 3176 Mcx2Svc - ok

13:49:43.0509 3176 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

13:49:43.0524 3176 megasas - ok

13:49:43.0540 3176 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

13:49:43.0555 3176 MegaSR - ok

13:49:43.0587 3176 [ F52F64F7792BA50A31F20E51076F046B ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

13:49:43.0633 3176 mfeavfk - ok

13:49:43.0649 3176 [ EB9CB3E66C65B6E801D57EEB41516600 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

13:49:43.0680 3176 mfehidk - ok

13:49:43.0696 3176 [ 9AD718BDC8AC038BD12DF1AB01F63B0E ] mferkdk C:\Windows\system32\drivers\mferkdk.sys

13:49:43.0758 3176 mferkdk - ok

13:49:43.0774 3176 [ 2E56DF88A71FC74DBA0B24375872DC79 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys

13:49:43.0821 3176 mfesmfk - ok

13:49:43.0836 3176 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

13:49:43.0899 3176 MMCSS - ok

13:49:43.0914 3176 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

13:49:43.0945 3176 Modem - ok

13:49:43.0961 3176 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:49:44.0008 3176 monitor - ok

13:49:44.0023 3176 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:49:44.0070 3176 mouclass - ok

13:49:44.0086 3176 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

13:49:44.0133 3176 mouhid - ok

13:49:44.0133 3176 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

13:49:44.0897 3176 MountMgr - ok

13:49:44.0944 3176 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:49:44.0959 3176 MozillaMaintenance - ok

13:49:44.0991 3176 [ 1A11D72920C8BC64315C8EB4DFD82DA2 ] MPFP C:\Windows\system32\Drivers\Mpfp.sys

13:49:45.0037 3176 MPFP - ok

13:49:45.0069 3176 [ 346F30F1FF73553AA466F4AE7948DA00 ] MpfService C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

13:49:45.0147 3176 MpfService - ok

13:49:45.0178 3176 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

13:49:45.0225 3176 mpio - ok

13:49:45.0240 3176 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:49:45.0427 3176 mpsdrv - ok

13:49:45.0459 3176 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll

13:49:45.0552 3176 MpsSvc - ok

13:49:45.0552 3176 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

13:49:45.0661 3176 Mraid35x - ok

13:49:45.0677 3176 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:49:45.0724 3176 MRxDAV - ok

13:49:45.0739 3176 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:49:45.0927 3176 mrxsmb - ok

13:49:45.0942 3176 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:49:45.0989 3176 mrxsmb10 - ok

13:49:45.0989 3176 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:49:46.0036 3176 mrxsmb20 - ok

13:49:46.0067 3176 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys

13:49:46.0083 3176 msahci - ok

13:49:46.0083 3176 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

13:49:46.0129 3176 msdsm - ok

13:49:46.0145 3176 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

13:49:46.0176 3176 MSDTC - ok

13:49:46.0207 3176 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:49:46.0254 3176 Msfs - ok

13:49:46.0270 3176 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

13:49:46.0285 3176 msisadrv - ok

13:49:46.0301 3176 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:49:46.0348 3176 MSiSCSI - ok

13:49:46.0348 3176 msiserver - ok

13:49:46.0410 3176 [ 3E7BE74C4088F18838A55A0F6AC2B6F1 ] MSK80Service C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

13:49:46.0426 3176 MSK80Service - ok

13:49:46.0441 3176 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:49:46.0488 3176 MSKSSRV - ok

13:49:46.0488 3176 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:49:46.0535 3176 MSPCLOCK - ok

13:49:46.0535 3176 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:49:46.0582 3176 MSPQM - ok

13:49:46.0613 3176 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:49:46.0644 3176 MsRPC - ok

13:49:46.0660 3176 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

13:49:46.0707 3176 mssmbios - ok

13:49:46.0707 3176 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:49:46.0753 3176 MSTEE - ok

13:49:46.0785 3176 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys

13:49:46.0816 3176 Mup - ok

13:49:46.0847 3176 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll

13:49:46.0878 3176 napagent - ok

13:49:46.0909 3176 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:49:47.0658 3176 NativeWifiP - ok

13:49:47.0689 3176 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys

13:49:47.0721 3176 NDIS - ok

13:49:47.0752 3176 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:49:47.0845 3176 NdisTapi - ok

13:49:47.0877 3176 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:49:47.0908 3176 Ndisuio - ok

13:49:47.0923 3176 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:49:47.0970 3176 NdisWan - ok

13:49:47.0970 3176 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:49:48.0189 3176 NDProxy - ok

13:49:48.0189 3176 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:49:48.0267 3176 NetBIOS - ok

13:49:48.0267 3176 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

13:49:48.0391 3176 netbt - ok

13:49:48.0407 3176 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe

13:49:48.0454 3176 Netlogon - ok

13:49:48.0469 3176 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

13:49:48.0672 3176 Netman - ok

13:49:48.0688 3176 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

13:49:48.0735 3176 netprofm - ok

13:49:48.0750 3176 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:49:48.0781 3176 NetTcpPortSharing - ok

13:49:48.0797 3176 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

13:49:48.0813 3176 nfrd960 - ok

13:49:48.0828 3176 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

13:49:48.0875 3176 NlaSvc - ok

13:49:48.0891 3176 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:49:48.0953 3176 Npfs - ok

13:49:48.0953 3176 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

13:49:49.0000 3176 nsi - ok

13:49:49.0015 3176 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:49:49.0062 3176 nsiproxy - ok

13:49:49.0109 3176 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:49:49.0234 3176 Ntfs - ok

13:49:49.0281 3176 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

13:49:49.0281 3176 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning

13:49:49.0281 3176 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)

13:49:49.0296 3176 [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys

13:49:49.0312 3176 NTIDrvr - ok

13:49:49.0327 3176 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

13:49:49.0327 3176 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning

13:49:49.0327 3176 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)

13:49:49.0343 3176 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

13:49:49.0390 3176 Null - ok

13:49:49.0437 3176 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys

13:49:49.0499 3176 NVENETFD - ok

13:49:49.0515 3176 [ 6E022D5F44CD8B029CF799807BB31269 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

13:49:49.0530 3176 NVHDA - ok

13:49:49.0733 3176 [ 57903FA36945A692172F384EB96C8F0A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:49:49.0998 3176 nvlddmkm - ok

13:49:50.0014 3176 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:49:50.0029 3176 nvraid - ok

13:49:50.0045 3176 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:49:50.0061 3176 nvstor - ok

13:49:50.0076 3176 [ 581286807B5832503FD700A3217B589F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys

13:49:50.0419 3176 nvstor64 - ok

13:49:50.0435 3176 [ 8B7AC24E9C299FB1C3F519DF94E7E05F ] nvsvc C:\Windows\system32\nvvsvc.exe

13:49:50.0482 3176 nvsvc - ok

13:49:50.0482 3176 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

13:49:50.0607 3176 nv_agp - ok

13:49:50.0607 3176 NwlnkFlt - ok

13:49:50.0607 3176 NwlnkFwd - ok

13:49:50.0685 3176 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:49:50.0716 3176 odserv - ok

13:49:50.0778 3176 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

13:49:50.0809 3176 ohci1394 - ok

13:49:50.0841 3176 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:49:50.0934 3176 ose - ok

13:49:50.0965 3176 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll

13:49:51.0012 3176 p2pimsvc - ok

13:49:51.0043 3176 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll

13:49:51.0121 3176 p2psvc - ok

13:49:51.0137 3176 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

13:49:51.0215 3176 Parport - ok

13:49:51.0246 3176 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:49:51.0433 3176 partmgr - ok

13:49:51.0449 3176 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

13:49:51.0480 3176 PcaSvc - ok

13:49:51.0496 3176 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys

13:49:51.0527 3176 pci - ok

13:49:51.0543 3176 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys

13:49:51.0558 3176 pciide - ok

13:49:51.0574 3176 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

13:49:51.0621 3176 pcmcia - ok

13:49:51.0652 3176 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:49:51.0714 3176 PEAUTH - ok

13:49:51.0745 3176 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

13:49:51.0792 3176 PerfHost - ok

13:49:51.0855 3176 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

13:49:51.0933 3176 pla - ok

13:49:51.0964 3176 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:49:51.0995 3176 PlugPlay - ok

13:49:52.0026 3176 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

13:49:52.0057 3176 PNRPAutoReg - ok

13:49:52.0089 3176 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll

13:49:52.0120 3176 PNRPsvc - ok

13:49:52.0167 3176 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:49:52.0198 3176 PolicyAgent - ok

13:49:52.0229 3176 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:49:52.0260 3176 PptpMiniport - ok

13:49:52.0276 3176 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys

13:49:52.0323 3176 Processor - ok

13:49:52.0338 3176 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll

13:49:52.0697 3176 ProfSvc - ok

13:49:52.0697 3176 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe

13:49:52.0728 3176 ProtectedStorage - ok

13:49:52.0759 3176 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

13:49:52.0791 3176 PSched - ok

13:49:52.0791 3176 [ 2CFD31D41CDE75328ACAEEE2D4F4B836 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys

13:49:52.0806 3176 PSDFilter - ok

13:49:52.0837 3176 [ 51A585F999672D8BB07F22AE12B40846 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys

13:49:53.0149 3176 PSDNServ - ok

13:49:53.0165 3176 [ DB50D3F5C31B1A848B04F7F2A6FF2709 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys

13:49:53.0196 3176 psdvdisk - ok

13:49:53.0212 3176 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

13:49:53.0415 3176 ql2300 - ok

13:49:53.0415 3176 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

13:49:53.0508 3176 ql40xx - ok

13:49:53.0524 3176 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

13:49:53.0586 3176 QWAVE - ok

13:49:53.0586 3176 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:49:53.0711 3176 QWAVEdrv - ok

13:49:53.0727 3176 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:49:53.0773 3176 RasAcd - ok

13:49:53.0773 3176 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

13:49:53.0898 3176 RasAuto - ok

13:49:53.0914 3176 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:49:53.0976 3176 Rasl2tp - ok

13:49:53.0976 3176 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll

13:49:54.0163 3176 RasMan - ok

13:49:54.0195 3176 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:49:54.0226 3176 RasPppoe - ok

13:49:54.0226 3176 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:49:54.0257 3176 RasSstp - ok

13:49:54.0273 3176 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:49:54.0304 3176 rdbss - ok

13:49:54.0319 3176 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:49:54.0413 3176 RDPCDD - ok

13:49:54.0429 3176 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

13:49:54.0491 3176 rdpdr - ok

13:49:54.0491 3176 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:49:54.0616 3176 RDPENCDD - ok

13:49:54.0663 3176 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:49:54.0694 3176 RDPWD - ok

13:49:54.0709 3176 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:49:54.0756 3176 RemoteAccess - ok

13:49:54.0772 3176 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:49:54.0819 3176 RemoteRegistry - ok

13:49:54.0850 3176 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

13:49:54.0897 3176 RFCOMM - ok

13:49:54.0928 3176 [ A035A7BF5132682F53F1E7B955690CE7 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

13:49:54.0959 3176 RichVideo ( UnsignedFile.Multi.Generic ) - warning

13:49:54.0959 3176 RichVideo - detected UnsignedFile.Multi.Generic (1)

13:49:54.0975 3176 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

13:49:55.0021 3176 RpcLocator - ok

13:49:55.0053 3176 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll

13:49:55.0099 3176 RpcSs - ok

13:49:55.0131 3176 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:49:55.0427 3176 rspndr - ok

13:49:55.0427 3176 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe

13:49:55.0489 3176 SamSs - ok

13:49:55.0505 3176 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

13:49:55.0521 3176 sbp2port - ok

13:49:55.0552 3176 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:49:55.0583 3176 SCardSvr - ok

13:49:55.0630 3176 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll

13:49:55.0879 3176 Schedule - ok

13:49:55.0895 3176 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll

13:49:55.0973 3176 SCPolicySvc - ok

13:49:56.0004 3176 [ 8B56BDCE6A303DDE63D63440D1CF9AD1 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys

13:49:56.0129 3176 ScreamBAudioSvc - ok

13:49:56.0145 3176 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:49:56.0254 3176 SDRSVC - ok

13:49:56.0332 3176 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

13:49:56.0332 3176 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning

13:49:56.0332 3176 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)

13:49:56.0363 3176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:49:56.0457 3176 secdrv - ok

13:49:56.0457 3176 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

13:49:56.0519 3176 seclogon - ok

13:49:56.0535 3176 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll

13:49:56.0644 3176 SENS - ok

13:49:56.0659 3176 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

13:49:56.0706 3176 Serenum - ok

13:49:56.0722 3176 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys

13:49:56.0925 3176 Serial - ok

13:49:56.0925 3176 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

13:49:56.0971 3176 sermouse - ok

13:49:56.0987 3176 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

13:49:57.0034 3176 SessionEnv - ok

13:49:57.0049 3176 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

13:49:57.0081 3176 sffdisk - ok

13:49:57.0096 3176 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

13:49:57.0174 3176 sffp_mmc - ok

13:49:57.0174 3176 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

13:49:57.0237 3176 sffp_sd - ok

13:49:57.0237 3176 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

13:49:57.0377 3176 sfloppy - ok

13:49:57.0393 3176 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:49:57.0455 3176 SharedAccess - ok

13:49:57.0471 3176 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:49:57.0517 3176 ShellHWDetection - ok

13:49:57.0517 3176 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

13:49:57.0580 3176 SiSRaid2 - ok

13:49:57.0580 3176 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

13:49:57.0642 3176 SiSRaid4 - ok

13:49:57.0673 3176 [ DAEBFA1E3F7491F1C1F73F9451CB3D0E ] SiteAdvisor Service C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe

13:49:57.0689 3176 SiteAdvisor Service - ok

13:49:57.0767 3176 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe

13:49:57.0876 3176 slsvc - ok

13:49:57.0907 3176 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll

13:49:57.0939 3176 SLUINotify - ok

13:49:57.0954 3176 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:49:58.0157 3176 Smb - ok

13:49:58.0173 3176 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:49:58.0219 3176 SNMPTRAP - ok

13:49:58.0251 3176 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys

13:49:58.0282 3176 speedfan - ok

13:49:58.0313 3176 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys

13:49:58.0391 3176 spldr - ok

13:49:58.0407 3176 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe

13:49:58.0641 3176 Spooler - ok

13:49:58.0656 3176 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys

13:49:58.0719 3176 srv - ok

13:49:58.0734 3176 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:49:58.0875 3176 srv2 - ok

13:49:58.0875 3176 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:49:59.0031 3176 srvnet - ok

13:49:59.0046 3176 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:49:59.0109 3176 SSDPSRV - ok

13:49:59.0109 3176 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:49:59.0202 3176 SstpSvc - ok

13:49:59.0233 3176 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll

13:49:59.0265 3176 stisvc - ok

13:49:59.0280 3176 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

13:49:59.0389 3176 swenum - ok

13:49:59.0483 3176 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

13:49:59.0499 3176 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

13:49:59.0499 3176 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

13:49:59.0530 3176 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll

13:49:59.0670 3176 swprv - ok

13:49:59.0686 3176 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

13:49:59.0733 3176 Symc8xx - ok

13:49:59.0733 3176 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

13:49:59.0779 3176 Sym_hi - ok

13:49:59.0795 3176 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

13:49:59.0826 3176 Sym_u3 - ok

13:49:59.0873 3176 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll

13:49:59.0935 3176 SysMain - ok

13:49:59.0967 3176 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:49:59.0998 3176 TabletInputService - ok

13:50:00.0029 3176 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll

13:50:00.0138 3176 TapiSrv - ok

13:50:00.0138 3176 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

13:50:00.0185 3176 TBS - ok

13:50:00.0247 3176 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:50:00.0325 3176 Tcpip - ok

13:50:00.0372 3176 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

13:50:00.0419 3176 Tcpip6 - ok

13:50:00.0450 3176 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:50:00.0481 3176 tcpipreg - ok

13:50:00.0497 3176 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:50:00.0575 3176 TDPIPE - ok

13:50:00.0591 3176 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:50:00.0637 3176 TDTCP - ok

13:50:00.0653 3176 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:50:00.0684 3176 tdx - ok

13:50:00.0700 3176 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

13:50:00.0903 3176 TermDD - ok

13:50:00.0934 3176 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll

13:50:00.0965 3176 TermService - ok

13:50:00.0996 3176 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll

13:50:01.0027 3176 Themes - ok

13:50:01.0043 3176 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

13:50:01.0137 3176 THREADORDER - ok

13:50:01.0152 3176 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

13:50:01.0386 3176 TrkWks - ok

13:50:01.0402 3176 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:50:01.0449 3176 TrustedInstaller - ok

13:50:01.0464 3176 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:50:01.0589 3176 tssecsrv - ok

13:50:01.0589 3176 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

13:50:01.0792 3176 tunmp - ok

13:50:01.0839 3176 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:50:01.0870 3176 tunnel - ok

13:50:01.0870 3176 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

13:50:01.0963 3176 uagp35 - ok

13:50:01.0963 3176 [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

13:50:01.0995 3176 UBHelper - ok

13:50:01.0995 3176 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:50:02.0197 3176 udfs - ok

13:50:02.0213 3176 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:50:02.0275 3176 UI0Detect - ok

13:50:02.0291 3176 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

13:50:02.0400 3176 uliagpkx - ok

13:50:02.0416 3176 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

13:50:02.0447 3176 uliahci - ok

13:50:02.0447 3176 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

13:50:02.0509 3176 UlSata - ok

13:50:02.0509 3176 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

13:50:02.0634 3176 ulsata2 - ok

13:50:02.0634 3176 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:50:02.0697 3176 umbus - ok

13:50:02.0712 3176 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

13:50:02.0759 3176 upnphost - ok

13:50:02.0790 3176 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:50:02.0884 3176 usbccgp - ok

13:50:02.0884 3176 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

13:50:03.0024 3176 usbcir - ok

13:50:03.0040 3176 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

13:50:03.0118 3176 usbehci - ok

13:50:03.0133 3176 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:50:03.0180 3176 usbhub - ok

13:50:03.0180 3176 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

13:50:03.0243 3176 usbohci - ok

13:50:03.0258 3176 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

13:50:03.0321 3176 usbprint - ok

13:50:03.0352 3176 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:50:03.0383 3176 USBSTOR - ok

13:50:03.0399 3176 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

13:50:03.0430 3176 usbuhci - ok

13:50:03.0461 3176 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll

13:50:03.0664 3176 UxSms - ok

13:50:03.0679 3176 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe

13:50:03.0711 3176 vds - ok

13:50:03.0726 3176 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:50:03.0789 3176 vga - ok

13:50:03.0804 3176 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

13:50:03.0898 3176 VgaSave - ok

13:50:03.0898 3176 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

13:50:04.0132 3176 viaide - ok

13:50:04.0163 3176 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys

13:50:04.0210 3176 volmgr - ok

13:50:04.0241 3176 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:50:04.0303 3176 volmgrx - ok

13:50:04.0319 3176 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys

13:50:04.0569 3176 volsnap - ok

13:50:04.0584 3176 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

13:50:04.0600 3176 vsmraid - ok

13:50:04.0647 3176 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe

13:50:04.0740 3176 VSS - ok

13:50:04.0771 3176 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll

13:50:04.0818 3176 W32Time - ok

13:50:04.0834 3176 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

13:50:04.0959 3176 WacomPen - ok

13:50:04.0990 3176 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

13:50:05.0021 3176 Wanarp - ok

13:50:05.0037 3176 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:50:05.0130 3176 Wanarpv6 - ok

13:50:05.0161 3176 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:50:05.0193 3176 wcncsvc - ok

13:50:05.0224 3176 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:50:05.0255 3176 WcsPlugInService - ok

13:50:05.0271 3176 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

13:50:05.0380 3176 Wd - ok

13:50:05.0411 3176 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:50:05.0458 3176 Wdf01000 - ok

13:50:05.0473 3176 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:50:05.0520 3176 WdiServiceHost - ok

13:50:05.0520 3176 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:50:05.0661 3176 WdiSystemHost - ok

13:50:05.0692 3176 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll

13:50:05.0770 3176 WebClient - ok

13:50:05.0785 3176 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:50:05.0863 3176 Wecsvc - ok

13:50:05.0863 3176 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:50:05.0926 3176 wercplsupport - ok

13:50:05.0941 3176 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll

13:50:06.0004 3176 WerSvc - ok

13:50:06.0019 3176 WinDefend - ok

13:50:06.0019 3176 WinHttpAutoProxySvc - ok

13:50:06.0066 3176 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:50:06.0097 3176 Winmgmt - ok

13:50:06.0144 3176 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

13:50:06.0285 3176 WinRM - ok

13:50:06.0347 3176 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll

13:50:06.0378 3176 Wlansvc - ok

13:50:06.0503 3176 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:50:06.0581 3176 wlidsvc - ok

13:50:06.0597 3176 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

13:50:06.0628 3176 WmiAcpi - ok

13:50:06.0659 3176 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:50:06.0690 3176 wmiApSrv - ok

13:50:06.0721 3176 WMPNetworkSvc - ok

13:50:06.0737 3176 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:50:06.0753 3176 WPCSvc - ok

13:50:06.0799 3176 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:50:06.0877 3176 WPDBusEnum - ok

13:50:06.0987 3176 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:50:07.0065 3176 WPFFontCache_v0400 - ok

13:50:07.0127 3176 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:50:07.0158 3176 ws2ifsl - ok

13:50:07.0174 3176 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll

13:50:07.0299 3176 wscsvc - ok

13:50:07.0299 3176 WSearch - ok

13:50:07.0392 3176 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

13:50:07.0486 3176 wuauserv - ok

13:50:07.0517 3176 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:50:07.0548 3176 WUDFRd - ok

13:50:07.0579 3176 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:50:07.0626 3176 wudfsvc - ok

13:50:07.0642 3176 ================ Scan global ===============================

13:50:07.0673 3176 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

13:50:07.0704 3176 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

13:50:07.0720 3176 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

13:50:07.0767 3176 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe

13:50:07.0767 3176 [Global] - ok

13:50:07.0767 3176 ================ Scan MBR ==================================

13:50:07.0782 3176 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0

13:50:09.0841 3176 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:50:09.0841 3176 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:50:09.0841 3176 ================ Scan VBR ==================================

13:50:09.0841 3176 [ 9CC8B69D30FAF468985CDF1795BE00C9 ] \Device\Harddisk0\DR0\Partition1

13:50:09.0841 3176 \Device\Harddisk0\DR0\Partition1 - ok

13:50:09.0873 3176 [ E3A77F3BCD675A0F409A4C80DA8C667E ] \Device\Harddisk0\DR0\Partition2

13:50:09.0873 3176 \Device\Harddisk0\DR0\Partition2 - ok

13:50:09.0873 3176 ============================================================

13:50:09.0873 3176 Scan finished

13:50:09.0873 3176 ============================================================

13:50:09.0873 1036 Detected object count: 10

13:50:09.0873 1036 Actual detected object count: 10

13:51:52.0521 1036 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0521 1036 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0521 1036 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0521 1036 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0521 1036 ETService ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0521 1036 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0521 1036 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0521 1036 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0536 1036 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0536 1036 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0536 1036 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0536 1036 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0536 1036 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0536 1036 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0536 1036 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0536 1036 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0536 1036 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

13:51:52.0536 1036 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:51:52.0536 1036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:51:52.0536 1036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Are you on a wireless network??

~~~~~~~~~~~~~~~~~~~

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

13:51:52.0536 1036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:51:52.0536 1036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

MrC

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Hello again!

I used TDSSKiller again and removed the file which you pointed out. It said neutralized: 1 afterwards.

Also to answer your questions about the wireless network. I'm using a cable to connect to the Internet. I'm not sure if that's the answer you're looking for. If it's not, could you please clarify again. As you can see I'm a newbie.

Thank you for your dedication so far!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I just wanted to know before we run ComboFix........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Heya once again, thank you! Downloaded Combofix and followed the instructions, and after a while this log text was created. Here it is:

ComboFix 12-08-30.05 - *** 31.08.2012 14:29:47.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2343 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Im Speicher befindliches AV aktiv.

.

.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\kikin

c:\program files (x86)\kikin\default_settings.xml

c:\program files (x86)\kikin\ie_kikin.dll

c:\program files (x86)\kikin\KikinBroker.exe

c:\program files (x86)\kikin\KikinCrashReporter.exe

c:\program files (x86)\kikin\uninst.exe

c:\users\***\AppData\Roaming\kikin

c:\users\***\AppData\Roaming\kikin\cr_kkes.xml

c:\users\***\AppData\Roaming\kikin\ff_kkes.xml

c:\users\***\AppData\Roaming\kikin\ie_configuration.xml

c:\users\***\AppData\Roaming\kikin\ie_kkes.xml

c:\users\***\AppData\Roaming\kikin\ie_settings.xml

c:\windows\SysWow64\FlashPlayerInstaller.exe

D:\install.exe

.

.

((((((((((((((((((((((( Dateien erstellt von 2012-07-28 bis 2012-08-31 ))))))))))))))))))))))))))))))

.

.

2012-08-31 12:41 . 2012-08-31 12:41 -------- d-----w- c:\users\***\AppData\Local\temp

2012-08-31 12:41 . 2012-08-31 12:41 -------- d-----w- c:\users\***\AppData\Local\temp

2012-08-31 12:41 . 2012-08-31 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-31 12:27 . 2012-08-31 12:28 -------- d-----w- C:\32788R22FWJFW

2012-08-31 12:15 . 2012-08-31 12:15 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-31 10:09 . 2012-08-31 10:09 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-08-31 10:08 . 2012-08-31 10:08 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-31 09:09 . 2012-08-31 09:09 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-16 10:15 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 19:19 . 2012-06-27 16:09 5723648 ----a-w- c:\windows\system32\mshtml.dll

2012-08-11 15:44 . 2012-08-11 15:44 -------- d-----w- c:\program files (x86)\ICQ Status Checker

2012-08-11 15:44 . 2009-03-11 23:59 124688 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX

2012-08-11 15:44 . 2008-11-13 08:26 616024 ----a-w- c:\windows\SysWow64\comctl32.ocx

2012-08-11 15:43 . 2012-08-11 15:43 -------- d-----w- c:\program files (x86)\Langmeier Software

2012-08-11 15:43 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll

2012-08-11 15:43 . 2012-08-11 15:43 -------- d-----w- c:\users\***\AppData\Roaming\DesktopIconForAmazon

2012-08-11 15:43 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll

2012-08-11 15:43 . 2012-08-11 15:43 -------- d-----w- c:\users\***\AppData\Roaming\OCS

2012-08-11 13:56 . 2012-08-11 14:55 -------- d-----w- c:\users\***\AppData\Roaming\ICQ

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-31 10:08 . 2012-06-16 13:20 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-08-31 10:08 . 2011-08-14 17:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-29 20:25 . 2012-06-13 14:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-29 20:25 . 2011-06-20 10:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-16 10:09 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe

2012-07-03 11:46 . 2011-12-27 16:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-08 17:59 . 2012-07-11 18:13 12899840 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-05 16:47 . 2012-07-11 18:13 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-05 16:47 . 2012-07-11 18:13 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-05 16:22 . 2012-07-11 18:13 1797120 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:22 . 2012-07-11 18:13 1869824 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:29 . 2012-07-11 18:13 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:19 . 2012-06-21 10:08 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 10:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 10:08 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 10:08 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 10:08 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-02 22:19 . 2012-06-21 10:08 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 10:08 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-02 22:15 . 2012-06-21 10:08 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 10:08 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 22:12 . 2012-06-21 10:08 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-02 13:19 . 2012-06-21 10:08 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:19 . 2012-06-21 10:08 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-02 13:15 . 2012-06-21 10:08 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 13:12 . 2012-06-21 10:08 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

.

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-20 68856]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]

"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]

"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Recordpad"="c:\program files (x86)\NCH Software\Recordpad\recordpad.exe" [2012-03-01 1240068]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 250056]

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 46444999

*NewlyCreated* - 55072190

*NewlyCreated* - 58421248

*Deregistered* - 46444999

*Deregistered* - 55072190

*Deregistered* - 58421248

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Inhalt des "geplante Tasks" Ordners

.

2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 20:25]

.

2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 13:59]

.

2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 13:59]

.

2012-05-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2008-10-31 14:10]

.

2012-04-30 c:\windows\Tasks\McQcTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2008-10-31 14:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 15851040]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 82464]

"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-08-19 319488]

"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-08-19 323584]

"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]

"RtHDVCpl"="RAVCpl64.exe" [2008-08-19 6456352]

"Skytel"="Skytel.exe" [2008-08-19 1833504]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-10-13 6144]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"Ocs_SM"="c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-11 106496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_x1700

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_x1700

mLocal Page = %SystemRoot%\system32\blank.htm

uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s

IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q1iekqty.default\

FF - user.js: -

FF - user.js: security.enable_tls - false

FF - user.js: network.http.accept-encoding -

FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKLM-Run-eRecoveryService - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec /V"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-08-31 14:54:20

ComboFix-quarantined-files.txt 2012-08-31 12:54

.

Vor Suchlauf: 9 Verzeichnis(se), 363.024.023.552 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 363.578.847.232 Bytes frei

.

- - End Of File - - 9941817BB02EBB8270DD5A8032B7DE71

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Heya again, thank you for your reply!

I just performed a quick scan with MBAM. Here is the report:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.31.06

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 7.0.6002.18005

*** :: ***-PC [administrator]

31.08.2012 15:34:38

mbam-log-2012-08-31 (15-34-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219322

Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Also the computer is running again at normal/fast speed as it was before the incident!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Great...one more scan to run.....please post the log!

Please do this:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Heya, thank you for your reply!

Here is the log from Security Check as requested:

Results of screen317's Security Check version 0.99.49

Windows Vista Service Pack 2 x64 (UAC is enabled)

Internet Explorer 7 Out of date!

``````````````Antivirus/Firewall Check:``````````````

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware Version 1.62.0.1300

JavaFX 2.1.1

Java™ 6 Update 30

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader X (10.1.4)

Mozilla Firefox (Firefox.)

Google Chrome 21.0.1180.79

Google Chrome 21.0.1180.83

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbam.exe

McAfee VIRUSS~1 mcshield.exe

McAfee VIRUSS~1 mcsysmon.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted
JavaFX 2.1. <---unintall

Java™ 6 Update 30 <---uninstall

Java 7 Update 7 <----OK

Java version out of Date!

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance below.

~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Heya, thank you for your reply!

Uninstalled old Java versions!

Uninstalled ComboFix now as instructed!

And I have also done the CleanUp and the system was restarted!

Additional questions:

Is my computer safe to use and free of malware now?

Does this trojan also affect log in details for online games?

Am I able to use online banking again?

That's everything! :)

Meanwhile I'll also add something to the profile feed since your help was much appreciated!

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Hello,

good to see that this thread is not locked yet. I'm not sure if it's related to malware or anything, if it's not then sorry, but after resolving this issue and starting a game called Minecraft, my computer froze completely again. You couldn't move the mouse or anything, or execute any task!

Do you perhaps know why this is happening? I read somewhere that dust might be a problem but I have removed all dust today! Here's a video of someone showing the problem! I have exactly the same problem:

Do you perhaps know?

I would be very grateful! And sorry to bother you again!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

It could be a lot of things.

First..lets clean out all the temp files:

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

~~~~~~~~~~~~~~~~~

It be a problem were you are running out of resources, too may programs running at one time.

Try shutting down some programs and see if it makes a difference

~~~~~~~~~~~~~~~~

It could be an overheating problem, are all the fans working??

as you said dust can clog up the fans and heat sink causing overheating.

~~~~~~~~~~~~~~~~

That's all I can think of right now, let me know.....MrC

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Hello MrCharlie, thank you for your reply!

Downloaded TFC and cleaned it! Problem still remains...

Most of the time only 1-2 programs are running and this problems occurs.

Overheating, I doubt that it's a problem. I cleaned dust yesterday and also this morning, the computer was on for only about 15 minutes when this problem occured and it barely felt any hot :(

The problem even occurs during Safe-mode!

Link to post
Share on other sites
Kolak

Kolak

Posted
  • Author
Posted

Unfortunately it doesn't only happen during Minecraft...any other games have the same result.

If I keep only one program at a time and always make sure that my computer doesn't get too hot, there don't seem to be any problems...

For example if i play a game, and try to open my browser at the same time, it's most likely to happen. but if I put the game on low perfomance and just keep playing it without opening anything else, there seems to be only minor problems and my computer lasts much longer. also it happens often during watching videos and so on.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept