Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

diskdriver.exe trojan keeps reinstalling itself

This is a discussion on diskdriver.exe trojan keeps reinstalling itself within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello! english isnt my first language,so my apologies in advance. i just found a trojan under windows\system32 named diskdriver.exe the


Closed Thread
 
Thread Tools Search this Thread
Old 04-03-2018, 09:42 AM   #1
Registered Member
 
Join Date: Apr 2018
Posts: 1
OS:



Hello!

english isnt my first language,so my apologies in advance.

i just found a trojan under windows\system32 named diskdriver.exe

the programm i used to find it was spyhunter4.

any antivirus i used didnt find it at all. but as soon as i uploaded the exe to hxxps://www.virustotal.com/
(with the SHA-256 being:
726462d82647e8134a35265d5f79f3a7f38cb108c61849a529969e16954f6a65
)

it got flagged as a trojan/miner by 32/56 programs

I used the Farbar's Recovery Scan Tool and Malwarebytes Anti-Rootkit to remove it at first,

which ended up in the exe installing itself again after a reboot.

Spyhunter seems to have found another path to this trojan in:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run::diskdriver.

now my question is, what can i do about that and how to prevent this from happening in the future?

thank you in advance :)

i have the logs of the Farbar's Recovery Scan Tool and Malwarebytes Anti-Rootkit if needed.

the attach.txt is here as well (attached)
heres the log of dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15 BrowserJavaVersion: 11.161.2
Run by Jakub at 18:40:09 on 2018-04-03
Microsoft Windows 10 Home 10.0.16299.0.1252.49.1031.18.8158.4814 [GMT 2:00]
.
AV: Avira Antivirus *Enabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Enabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\system32\WLANExt.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
C:\Program Files\WMIHook\WMIHookBtnFn\WMIHookFnNotifier.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\diskdriver.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Jakub\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe
C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe
C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\smartscreen.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Discord] C:\Users\Jakub\AppData\Local\Discord\app-0.0.300\Discord.exe
uRun: [Spotify] C:\Users\Jakub\AppData\Roaming\Spotify\Spotify.exe --autostart
uRun: [Spotify Web Helper] C:\Users\Jakub\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
uRunOnce: [Application Restart #2] C:\Program Files\pia_manager\nwjs\pia_nw.exe --disable-gpu --disable-transparency --no-first-run --disable-features=NativeNotifications --user-data-dir="C:\Users\Jakub\AppData\Local\PrivateInternetAccess\User Data" --no-sandbox --no-zygote --flag-switches-begin --flag-switches-end --nwapp="C:\Program Files\pia_manager\frontend" --restore-last-session "C:\Program Files\pia_manager\frontend"
mRun: [LEDBarController] C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe
mRun: [SilentFanControl] C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe
mRun: [RoccatKoneXTD] "C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ROCCAT~1.LNK - C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
TCP: NameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{24f2031b-21dc-4116-9d71-63faaa653369} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6a3400c9-746e-4469-8fbf-5a3bdb3b916b} : DHCPNameServer = 209.222.18.222 209.222.18.218
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [diskdriver] C:\WINDOWS\System32\diskdriver.exe
x64-mPolicies-Explorer: HideSCAHealth = dword:1
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avdevprot;avdevprot;C:\WINDOWS\System32\drivers\avdevprot.sys [2018-1-31 60920]
R0 avusbflt;avusbflt;C:\WINDOWS\System32\drivers\avusbflt.sys [2018-1-31 38048]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-10-6 1455552]
R0 intelpep;Treiber für Intel(R)-Energiemodul-Plug-In;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Treiber für den Filter der Datenträger-E/A-Rate;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 volume;Volumetreiber;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime – Sicherer Dienst;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2018-4-3 44488]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-31 59800]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2018-4-3 492560]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2018-4-3 492560]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2018-4-3 178840]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2018-3-28 449240]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2018-1-31 88488]
R2 CDPSvc;Plattformdienst für verbundene Geräte;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_44da4;CDPUserSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-2-14 385536]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 DiagTrack;Benutzererfahrung und Telemetrie im verbundenen Modus;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Datennutzung;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-24 18856]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 inpoutx64;inpoutx64;C:\WINDOWS\System32\drivers\inpoutx64.sys [2015-10-6 15008]
R2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-9-5 207648]
R2 LGCoreTemp;Logitech CPU Core Tempurature;C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys [2015-6-21 14184]
R2 LogiRegistryService;Logitech Gaming Registry Service;C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2016-12-8 193656]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-10-21 518080]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-6-7 462920]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2016-12-17 460736]
R2 OneSyncSvc_44da4;OneSyncSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 storqosflt;QoS-Filter für Speicher – Treiber;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 UserManager;Benutzer-Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-3-14 147872]
R2 WMI_Hook_Service;WMI_Hook_Service;C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [2015-9-22 155696]
R2 WpnService;Windows-Pushbenachrichtigungssystemdienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_44da4;WpnUserService_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2015-6-12 3831200]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [2015-6-3 172376]
R3 bthl2cap;Supporttreiber für Microsoft Bluetooth-Protokoll;C:\WINDOWS\System32\drivers\bthl2cap.sys [2017-9-29 83968]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-9-29 78848]
R3 iaLPSS2_UART2;Intel(R) Serial IO UART Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [2015-5-29 281896]
R3 iaLPSS2i_GPIO2;Intel(R)-GPIO-Treiber 2 für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
R3 iaLPSS2i_I2C;Intel(R)-I2C-Treiber 2 für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2017-4-13 244744]
R3 ladfGSS;Logitech USB Surround Filter Driver (LGS);C:\WINDOWS\System32\drivers\ladfGSS.sys [2016-12-8 45208]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\LGBusEnum.sys [2016-12-8 36496]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);C:\WINDOWS\System32\drivers\LGJoyXlCore.sys [2016-12-8 67736]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\WINDOWS\System32\drivers\LGVirHid.sys [2016-12-8 26008]
R3 NcbService;Netzwerkverbindungsbroker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Enumerator für virtuelle Microsoft-Netzwerkadapter;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2017-9-29 7689728]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2018-1-30 50624]
R3 nvvhci;NVVHCI Enumerator Service;C:\WINDOWS\System32\drivers\nvvhci.sys [2018-1-30 57928]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-6 886528]
R3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
R3 StateRepository;StateRepository-Dienst;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tiledatamodelsvc;Kacheldaten-Modellserver;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Zeitbroker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UEFI;UEFI-Treiber von Microsoft;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-3-14 770048]
R3 xinputhid;XINPUT-HID-Filtertreiber;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2018-4-3 1136744]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2018-4-3 1533608]
S2 MapsBroker;Manager für heruntergeladene Karten;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 WinDefendSecurity;Windows Defender Security Service;C:\WINDOWS\System32\windfn.exe [2018-3-30 2036736]
S3 AcpiDev;ACPI-Gerätetreiber;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn-Routerdienst;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker-Filtertreiber;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App-Vorbereitung;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppXSvc;AppX-Bereitstellungsdienst (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-6-13 6971400]
S3 BthHFSrv;Bluetooth-Freisprechdienst;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT-Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Dienst für PDC (Portable Device Control)-Geräte;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 CAD;CAD (Charging Arbitration Driver);C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
S3 camsvc;Manager-Dienst für den Funktionszugriff;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID-Treiber für CapImg-Touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio virtueller Bustreiber;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Clientlizenzdienst (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 DevicesFlowUserSvc_44da4;DevicesFlowUserSvc_44da4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;Broker für DevQuery-Hintergrundermittlung;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Standardsammlungsdienst des Microsoft(R)-Diagnose-Hubs;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Registrierungsdienst für die Geräteverwaltung;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DoSvc;Übermittlungsoptimierung;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S3 DsSvc;Datenfreigabedienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EasyAntiCheat;EasyAntiCheat;C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe --> C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [?]
S3 embeddedmode;Eingebetteter Modus;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Verwaltungsdienst für Unternehmens-Apps;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 FrameServer;Windows-Kamera-FrameServer;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Allgemeine Funktionsklasse (USB);C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Allgemeiner Treiber für HID-Tasten mit Interruptimplementierung;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV-Hostdienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel-GPIO-Controllertreiber für serielle E/A;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R)-I2C-Hostcontroller für serielle E/A;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R)-GPIO-Treiber 2 für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C_BXT_P;Intel(R)-I2C-Treiber 2 für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO-Controllertreiber;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R)-I2C-Controllertreiber für serielle E/A;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA-RAID-Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filtertreiber);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows-Dienst für mobile Hotspots;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays-Kernelmodustreiber;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store-Installationsdienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
S3 invdimm;Microsoft iNVDIMM-Gerätetreiber;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;Konfigurationsdienst für die IP-Übersetzung;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 lfsvc;Geolocation-Dienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 LicenseManager;Windows-Lizenz-Manager-Dienst;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB-Hostcontrollertreiber;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB-IP-Filtertreiber;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_44da4;MessagingService_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX-Busenumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2015-6-12 268192]
S3 NaturalAuthentication;Natürliche Authentifizierung;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect-Dienst;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Netzwerkeinrichtungsdienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-3-14 192512]
S3 NgcCtnrSvc;Microsoft Passport-Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-10-21 518080]
S3 nvdimmn;Microsoft NVDIMM-N-Gerätetreiber;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2018-1-30 30144]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PhoneSvc;Telefondienst;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 PimIndexMaintenanceSvc_44da4;PimIndexMaintenanceSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 PNPMEM;Microsoft Speichermodultreiber;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_44da4;PrintWorkflowUserSvc_44da4;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall-Dienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Dienst für Einzelhandelsdemos;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Ressourcenhub-Proxytreiber;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smartcard-Geräteaufzählungsdienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft-Treiber für Speicherklassen-Speicherbus;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF-Reflektor;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SEMgrSvc;Zahlungs- und NFC/SE-Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 SensorDataService;Sensordatendienst;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensordienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SharedRealitySvc;Dienst für räumliche Daten;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft-SMP für Speicherplätze;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS-Routerdienst.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-3-14 956416]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 stornvme;Standardmäßiger NVM Express-Treiber von Microsoft;C:\WINDOWS\System32\drivers\stornvme.sys [2018-3-14 103328]
S3 storufs;Microsoft Universal Flash Storage (UFS)-Treiber;C:\WINDOWS\System32\drivers\storufs.sys [2018-3-14 45472]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-1-31 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB-Connector-Manager-UCSI-Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-3-14 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;Chipidea-Controller (USB);C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;Synopsys-Controller (USB);C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UnistoreSvc_44da4;UnistoreSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UrsChipidea;Chipidea USB Role-Switch-Treiber;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-1-31 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch-Treiber;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UserDataSvc_44da4;UserDataSvc_44da4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF)-Treiber;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V-Gastinfrastrukturtreiber;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V-Gastdienstschnittstelle;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct-Dienst;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Virtueller Microsoft-Gerätetreiber für NVDIMMs;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-3-14 75264]
S3 WdNisDrv;WdNisDrv;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-9-29 119192]
S3 WdNisSvc;WdNisSvc;"C:\Program Files\Windows Defender\NisSrv.exe" --> C:\Program Files\Windows Defender\NisSrv.exe [?]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Hostdienst für Windows Encryption Provider;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Verbindungs-Manager-Dienst von Wi-Fi Direct Services;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad-Dienst;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows-NAT-Treiber;C:\WINDOWS\System32\drivers\winnat.sys [2018-2-14 225792]
S3 WinVerbs;WinVerbs-Dienst;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows-Insider-Dienst;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Dienst "Assistent für lokale Profile";C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Arbeitsordner;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Authentifizierungs-Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live-Spiele speichern;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Eingabeprotokolltreiber für Xbox-Spiele;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live-Netzwerkservice;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xusb22;Treiberdienst 22 für Xbox 360 Wireless Receiver;C:\WINDOWS\System32\drivers\xusb22.sys [2017-9-29 99328]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Automatische Zeitzonenaktualisierung;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-04-03 16:13:12 1885696 ----a-w- C:\WINDOWS\System32\diskdriver.exe
2018-04-03 16:09:54 44488 ----a-w- C:\WINDOWS\System32\drivers\avkmgr.sys
2018-04-03 16:09:54 178840 ----a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
2018-04-03 16:09:11 -------- d-----w- C:\Program Files (x86)\Avira
2018-04-03 15:58:07 255928 ----a-w- C:\WINDOWS\System32\drivers\52257650.sys
2018-04-03 15:24:59 255928 ----a-w- C:\WINDOWS\System32\drivers\1226659A.sys
2018-04-03 15:19:30 255928 ----a-w- C:\WINDOWS\System32\drivers\4324F5BF.sys
2018-04-03 13:58:15 -------- d-----w- C:\ProgramData\Malwarebytes
2018-04-03 13:58:13 255928 ----a-w- C:\WINDOWS\System32\drivers\294231DA.sys
2018-04-03 13:57:16 192952 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2018-04-03 13:57:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-03 13:23:06 -------- d-----w- C:\FRST
2018-04-03 00:38:03 -------- d-----w- C:\ProgramData\SecuritySuite
2018-04-02 23:58:08 -------- d--h--w- C:\$AV_ASW
2018-04-02 23:56:56 61304 ----a-w- C:\WINDOWS\System32\drivers\lpsport.sys
2018-04-02 23:56:47 -------- d-----w- C:\Program Files\Common Files\AVAST Software
2018-04-02 23:56:03 -------- d-----w- C:\ProgramData\AVAST Software
2018-03-31 23:49:14 -------- d-----w- C:\Users\Jakub\AppData\Local\PrivateInternetAccess
2018-03-31 23:48:46 27136 ----a-w- C:\WINDOWS\System32\drivers\tap0901.sys
2018-03-31 23:48:45 -------- d-----w- C:\Program Files\pia_manager
2018-03-30 13:04:21 2036736 ----a-w- C:\WINDOWS\System32\windfn.exe
2018-03-29 20:39:34 -------- d-----w- C:\WINDOWS\SysWow64\directx
2018-03-29 17:10:05 -------- d-----w- C:\Users\Jakub\AppData\Local\DBFighterZ
2018-03-29 17:09:46 -------- d-----w- C:\Users\Jakub\AppData\Roaming\EasyAntiCheat
2018-03-25 08:27:51 -------- d-----w- C:\Program Files (x86)\WinCDEmu
2018-03-25 08:24:18 8576 ----a-w- C:\WINDOWS\SysWow64\drivers\VCdRom.sys
2018-03-17 1229 -------- d-----w- C:\Users\Jakub\AppData\Roaming\.minecraft
2018-03-17 1224 -------- d-----w- C:\Program Files (x86)\Minecraft
2018-03-09 19:38:52 -------- d-----w- C:\Users\Jakub\AppData\Roaming\Battlerite
.
==================== Find3M ====================
.
2018-03-25 08:51:05 830704 ----a-w- C:\WINDOWS\System32\drivers\EasyAntiCheat.sys
2018-03-14 15:57:38 130364688 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-03-14 15:56:41 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-03-14 15:56:40 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-03-05 12:42:42 208 ----a-w- C:\WINDOWS\System32\setup4.1.5.tmp
2018-03-02 21:09:11 834552 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-03-02 21:09:11 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-03-02 03:36:30 17085440 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-03-02 03:02:48 37888 ----a-w- C:\WINDOWS\System32\SpectrumSyncClient.dll
2018-03-02 03:01:11 640000 ----a-w- C:\WINDOWS\System32\HeadTrackerStorage.dll
2018-03-02 03:00:47 230912 ----a-w- C:\WINDOWS\System32\HoloShellRuntime.dll
2018-03-02 03:00:43 248320 ----a-w- C:\WINDOWS\System32\svf.dll
2018-03-02 03:00:05 329728 ----a-w- C:\WINDOWS\System32\Windows.Internal.Feedback.Analog.dll
2018-03-02 02:59:44 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-01 20:28:57 181760 ----a-w- C:\WINDOWS\SysWow64\HoloShellRuntime.dll
2018-03-01 07:50:57 270744 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-01 07:49:36 389536 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-01 07:48:13 664472 ----a-w- C:\WINDOWS\System32\aeinv.dll
2018-03-01 07:47:37 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-01 07:47:09 749464 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-01 07:46:56 609176 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-01 07:46:38 138144 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-01 07:46:27 2003352 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-01 07:46:09 1568664 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-01 07:45:12 70040 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-01 07:40:10 2514936 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-01 07:40:01 461720 ----a-w- C:\WINDOWS\System32\dcntel.dll
2018-03-01 07:40:01 273304 ----a-w- C:\WINDOWS\System32\aepic.dll
2018-03-01 07:37:00 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-03-01 07:31:11 8602520 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-01 07:30:56 264040 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2018-03-01 07:30:52 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-01 07:29:31 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-03-01 07:27:48 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-01 07:26:21 170912 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2018-03-01 07:25:34 377752 ----a-w- C:\WINDOWS\System32\drivers\msrpc.sys
2018-03-01 07:23:29 749976 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-01 07:19:40 710768 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2018-03-01 07:17:39 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-03-01 07:17:39 408984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-01 07:15:28 2574232 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-01 07:14:53 5105664 ----a-w- C:\WINDOWS\System32\AuthFWSnapin.dll
2018-03-01 07:14:51 128928 ----a-w- C:\WINDOWS\System32\offlinelsa.dll
2018-03-01 07:14:49 356952 ----a-w- C:\WINDOWS\System32\wintrust.dll
2018-03-01 07:14:45 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-01 07:14:37 7384576 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-03-01 07:14:32 7675784 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-01 07:14:13 1694224 ----a-w- C:\WINDOWS\System32\winmde.dll
2018-03-01 07:12:41 250264 ----a-w- C:\WINDOWS\System32\offlinesam.dll
2018-03-01 07:12:38 677272 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-01 07:12:07 189344 ----a-w- C:\WINDOWS\System32\SecurityHealthAgent.dll
2018-03-01 07:11:44 93600 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2018-03-01 07:10:56 75168 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-03-01 07:10:40 1779936 ----a-w- C:\WINDOWS\System32\mfplat.dll
2018-03-01 07:10:27 22936 ----a-w- C:\WINDOWS\System32\drivers\isapnp.sys
2018-03-01 07:09:14 1054272 ----a-w- C:\WINDOWS\System32\msvproc.dll
2018-03-01 06:51:03 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-03-01 06:48:05 1930736 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2018-03-01 06:39:42 213400 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2018-03-01 06:30:09 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-03-01 06:29:50 574960 ----a-w- C:\WINDOWS\SysWow64\MSVideoDSP.dll
2018-03-01 06:29:08 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-03-01 06:28:27 115096 ----a-w- C:\WINDOWS\SysWow64\offlinelsa.dll
2018-03-01 06:28:20 6480616 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-03-01 06:27:39 284112 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2018-03-01 06:27:39 221592 ----a-w- C:\WINDOWS\SysWow64\offlinesam.dll
2018-03-01 06:26:41 1524776 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2018-03-01 06:26:41 1057816 ----a-w- C:\WINDOWS\SysWow64\msvproc.dll
2018-03-01 06:23:01 5105664 ----a-w- C:\WINDOWS\SysWow64\AuthFWSnapin.dll
2018-03-01 06:21:25 1558856 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2018-03-01 06:09:58 25251840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-03-01 06:03:58 2902528 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-03-01 06:03:29 344576 ----a-w- C:\WINDOWS\SysWow64\edgeIso.dll
2018-03-01 06:03:26 471552 ----a-w- C:\WINDOWS\SysWow64\AcSpecfc.dll
2018-03-01 06:03:24 162304 ----a-w- C:\WINDOWS\SysWow64\IndexedDbLegacy.dll
2018-03-01 06:03:17 65536 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2018-03-01 06:01:55 6575616 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2018-03-01 06:01:29 155648 ----a-w- C:\WINDOWS\SysWow64\EdgeManager.dll
2018-03-01 06:01:21 19456 ----a-w- C:\WINDOWS\SysWow64\credssp.dll
2018-03-01 06:00:29 98304 ----a-w- C:\WINDOWS\SysWow64\TSpkg.dll
2018-03-01 05:59:03 220672 ----a-w- C:\WINDOWS\SysWow64\MicrosoftAccountWAMExtension.dll
2018-03-01 05:58:50 368128 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2018-03-01 05:58:48 459776 ----a-w- C:\WINDOWS\SysWow64\webplatstorageserver.dll
2018-03-01 05:58:43 4839424 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll
2018-03-01 05:58:28 405504 ----a-w- C:\WINDOWS\SysWow64\Windows.Payments.dll
2018-03-01 05:57:55 369152 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2018-03-01 05:56:13 559104 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2018-03-01 05:56:08 18922496 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2018-03-01 05:55:40 346112 ----a-w- C:\WINDOWS\SysWow64\zipfldr.dll
2018-03-01 05:54:52 1296896 ----a-w- C:\WINDOWS\System32\usocore.dll
2018-03-01 05:54:44 3181568 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2018-03-01 05:54:28 463360 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2018-03-01 05:54:23 496128 ----a-w- C:\WINDOWS\System32\updatehandlers.dll
2018-03-01 05:54:22 3664384 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2018-03-01 05:53:46 863232 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2018-03-01 05:53:45 536576 ----a-w- C:\WINDOWS\System32\edgeIso.dll
2018-03-01 05:53:41 246272 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2018-03-01 05:53:40 206848 ----a-w- C:\WINDOWS\System32\IndexedDbLegacy.dll
2018-03-01 05:53:37 56320 ----a-w- C:\WINDOWS\System32\AcSpecfc.dll
2018-03-01 05:53:37 399872 ----a-w- C:\WINDOWS\System32\MusNotification.exe
.
============= FINISH: 18:40:18,24 ===============
Attached Files
File Type: txt attach.txt (5.8 KB, 14 views)
gluti is offline  
Sponsored Links
Advertisement
 
Old 04-03-2018, 01:46 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Already being helped here:

https://www.bleepingcomputer.com/for...alling-itself/
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware/trojan help
Hello, My computer is running considerably slower than normal. Additionally, the computer appears to be infected by the trojan Cryptowall. Thanks in advance for your help. FYI I do not have a boot CD (or CD drive) easily accessible. Here is my DDS log: DDS (Ver_2012-11-20.01) -...
challett Resolved HJT Threads 25 12-15-2014 08:43 AM
can't install or uninstall programs
I've tried to install my printer software but when it gets to the last phase of the installation process it says 'unable to install software' I tried to download and install AVG 2012 and the same thing it got to the last step and said set up error: general internal error: additional message:MSI...
reedkwize1 Virus/Trojan/Spyware Help 59 11-10-2011 04:40 PM
Malware/popup/redirects
Hi Recently my machines been running very slow (Win XP, SP 4), then recently on Mozilla 4.0 new tabs started appearing. I found a folder in Documents and Settings/Network Service/Local Settings which was 'temp' which had lots of jpgs/html/javascript, like these were the dodgy HTML pages...
psj3809 Resolved HJT Threads 48 04-14-2011 01:45 PM
url redirects plus some other spurious behavior
Was unable to complete an Amazon transaction yesterday -- checkout pages wouldn't load without repeated attempts. Then found that search engine results were being redirected. Tried System Restore to several different known-clean restore points -- all failed. Have also noticed these intermittent...
tooleyweeds Resolved HJT Threads 14 04-13-2011 11:42 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:44 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts