| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.07.2011, 11:44
| #1 |
 |  Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo! Aussagekräftiger wäre wohl folgender Titel gewesen: Accounthack, Microsoft Security Essential Scan mit Fund, Fund behoben, dennoch meldet Malwarebytes Zugriffe und potentiell gefährliche Prozesse und Webseiten. Aber das wäre wohl etwas lang geworden. Mein "Problem" bei dem ich mir nicht sicher bin, ob es überhaupt eins ist: Ich habe einen WoW-Account, gesichert mit einem Mobile Authenticator (Handy-App). Mein Account lag seit Mai still und kurz vor diesem Wochenende habe ich den Mobile Authenticator von meinem Account entfernt, weil mein neues Handy mit der App nicht unterstützt wird. Keine paar Stunden später wurde mein Account tatsächlich kompromittiert, ich bin also von einem Befall ausgegangen. Ich habe daraufhin mit mbam einen Fullscan gemacht, ohne Ergebnis. Microsoft Security Essentials fand etwas, mir fällt der Name nicht ein (Trojaner) aber ich reiche den Log in meiner Mittagspause (13 Uhr) hier nach. Den Fund ließ ich mit MSE auch entfernen. Danach habe ich den Mobile Authenticator aus Sicherheitsgründen wieder aktiviert (und wechsele nun fleißig Simkarten beim Einloggen  ). Was mich nun allerdings wundert: Beim Updaten von mbam vor dem Fullscan gab mbam mir die Möglichkeit für 7 Tage "Premium" zu testen. Ich habe dem zugestimmt und nun meldet mbam sehr häufig "potentiell gefährliche Prozesse" und "potentiell gefährliche Webseiten". Ausgehend, von opera.exe. Ich bin noch in einem geschlossenen Forum unterwegs, wenn ich die Seite aufrufe, kommt die Meldung fast immer. Das Forum selbst ist aber laut Aussage der Admins nicht befallen, im Forum selbst sind nur User, die sich kennen, die Anzahl der User ist mehr als überschaubar, es ist kein warez-Forum, sondern ein "wir plaudern über Gott und die Welt" Forum. Das Forum ist geschlossen, nicht über die Googlesuche auffindbar und wir sind da wirklich "unter uns". Ich habe bisher keinen Weg gefunden, die Meldung von mbam anzuklicken (also, dass sich da vielleicht noch mal Details dazu öffnen oder so) und weiß daher nicht, ob da noch rudimentäre Rückstände von Malware sind, oder ob es da zu vielen false-positives (wird so genannt, oder? ) kommt.Mich verunsichern diese Meldungen allerdings enorm. Hijackthis sieht auch in meinen Augen recht unauffällig aus. Ich habe hier im Forum zwei passende Beiträge gefunden, allerdings hat sich der TE offensichtlich so grenzdebil verhalten, dass beide Threads geschlossen wurden und mir somit wenig weiterhelfen  Fazit: Was fange ich mit den Meldungen von mbam an? Bin ich noch malwarebefallen und wenn ja, wie finde ich das heraus, wenn MSE und auch mbam und HJT keine "Funde" oder Merkwürdigkeiten zeigen? Was bedeutet die mbam Meldung mit den potentiell gefährlichen Webseiten und Prozessen? Die Meldung kommt auf völlig herkömmlichen Seiten, gefühlt total random  Danke für eure Hilfe Ivorya eeedit: Windows Vista Home Premium ist mein Betriebssystem, falls nötig  |
|
25.07.2011, 12:21
| #2 |
| |  Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Soo, hier der mbam Fullscan:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7230
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
22.07.2011 23:12:57
mbam-log-2011-07-22 (23-12-57).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 425096
Time elapsed: 1 hour(s), 21 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
1. Code:
ATTFilter 18:43:46 *** MESSAGE Protection started successfully
18:43:51 *** MESSAGE IP Protection started successfully
18:51:44 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52084, Process: opera.exe)
18:51:44 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52085, Process: opera.exe)
18:51:52 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52091, Process: opera.exe)
18:56:25 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52112, Process: opera.exe)
18:56:25 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52113, Process: opera.exe)
20:05:23 *** IP-BLOCK 62.45.185.123 (Type: outgoing, Port: 3724, Process: launcher.exe)
20:05:34 *** IP-BLOCK 62.45.185.123 (Type: outgoing, Port: 3724, Process: launcher.exe)
20:11:05 *** IP-BLOCK 62.45.180.83 (Type: incoming, Port: 3724, Process: launcher.exe)
20:11:05 *** IP-BLOCK 62.45.180.83 (Type: incoming, Port: 3724, Process: launcher.exe)
20:11:14 *** IP-BLOCK 62.45.180.83 (Type: incoming, Port: 3724, Process: launcher.exe)
21:03:16 *adm* MESSAGE Protection started successfully
21:03:20 *adm* MESSAGE IP Protection started successfully
21:11:45 *** MESSAGE Protection started successfully
21:11:49 *** MESSAGE IP Protection started successfully
21:38:56 *adm* MESSAGE Protection started successfully
21:39:00 *adm* MESSAGE IP Protection started successfully
21:50:32 *** MESSAGE Protection started successfully
21:50:36 *** MESSAGE IP Protection started successfully
22:12:05 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 49868, Process: opera.exe)
22:12:30 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 49906, Process: opera.exe)
22:13:10 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50098, Process: opera.exe)
22:13:27 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50118, Process: opera.exe)
22:13:59 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50148, Process: opera.exe)
22:14:15 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50166, Process: opera.exe)
22:14:39 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50242, Process: opera.exe)
22:15:11 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50310, Process: opera.exe)
22:15:27 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50329, Process: opera.exe)
22:16:08 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50390, Process: opera.exe)
22:16:32 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50434, Process: opera.exe)
22:17:12 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50462, Process: opera.exe)
22:17:37 *** IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50463, Process: opera.exe)
22:19:06 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50529, Process: opera.exe)
22:19:06 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50530, Process: opera.exe)
22:19:14 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50533, Process: opera.exe)
22:19:14 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50534, Process: opera.exe)
22:19:14 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50538, Process: opera.exe)
22:20:51 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50544, Process: opera.exe)
22:20:51 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50547, Process: opera.exe)
22:21:47 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50583, Process: opera.exe)
23:03:36 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51305, Process: opera.exe)
Code:
ATTFilter 01:10:02 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51768, Process: opera.exe)
01:10:03 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51777, Process: opera.exe)
01:11:07 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51784, Process: opera.exe)
01:11:07 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51785, Process: opera.exe)
09:21:12 (null) MESSAGE Scheduled update executed successfully
09:26:01 *** MESSAGE Protection started successfully
09:26:05 *** MESSAGE IP Protection started successfully
09:26:06 *** MESSAGE IP Protection stopped
09:26:08 *** MESSAGE Database updated successfully
09:26:09 *** MESSAGE IP Protection started successfully
09:32:07 *** MESSAGE Protection started successfully
09:32:11 *** MESSAGE IP Protection started successfully
10:05:24 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 49832, Process: opera.exe)
10:05:25 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 49833, Process: opera.exe)
10:05:33 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 49846, Process: opera.exe)
10:05:33 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 49847, Process: opera.exe)
13:20:33 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50282, Process: opera.exe)
13:20:34 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50285, Process: opera.exe)
13:20:34 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50288, Process: opera.exe)
13:20:34 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50295, Process: opera.exe)
13:20:34 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50296, Process: opera.exe)
13:20:42 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50304, Process: opera.exe)
13:20:42 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50305, Process: opera.exe)
13:21:07 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50310, Process: opera.exe)
13:21:07 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50311, Process: opera.exe)
13:22:03 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50322, Process: opera.exe)
13:22:03 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50323, Process: opera.exe)
13:22:11 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50328, Process: opera.exe)
13:24:20 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50401, Process: opera.exe)
13:24:20 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50402, Process: opera.exe)
13:38:29 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50420, Process: opera.exe)
13:38:29 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50421, Process: opera.exe)
13:38:29 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50423, Process: opera.exe)
13:38:29 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 50424, Process: opera.exe)
15:09:00 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51385, Process: opera.exe)
15:09:01 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51392, Process: opera.exe)
15:09:09 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51397, Process: opera.exe)
15:09:41 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51407, Process: opera.exe)
15:09:41 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51408, Process: opera.exe)
15:09:57 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51413, Process: opera.exe)
15:09:57 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51414, Process: opera.exe)
15:12:53 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51450, Process: opera.exe)
15:26:14 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51566, Process: opera.exe)
15:26:14 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51567, Process: opera.exe)
19:07:48 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51845, Process: opera.exe)
19:07:48 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51847, Process: opera.exe)
19:07:56 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51848, Process: opera.exe)
19:07:56 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51849, Process: opera.exe)
19:21:50 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52919, Process: opera.exe)
19:21:50 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52920, Process: opera.exe)
Code:
ATTFilter 02:18:15 *** MESSAGE Scheduled update executed successfully
02:18:17 *** MESSAGE IP Protection stopped
02:18:25 *** MESSAGE Database updated successfully
02:18:26 *** MESSAGE IP Protection started successfully
10:21:19 *** MESSAGE Protection started successfully
10:21:23 *** MESSAGE IP Protection started successfully
10:29:40 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 49376, Process: opera.exe)
10:29:40 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 49377, Process: opera.exe)
12:18:55 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 49935, Process: opera.exe)
12:18:55 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 49936, Process: opera.exe)
18:36:58 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52248, Process: opera.exe)
18:37:06 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52259, Process: opera.exe)
18:42:27 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52272, Process: opera.exe)
18:42:27 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 52273, Process: opera.exe)
19:51:42 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 53320, Process: opera.exe)
19:51:42 *** IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 53321, Process: opera.exe)
Code:
ATTFilter 02:18:12 *** MESSAGE Scheduled update executed successfully
02:18:13 *** MESSAGE IP Protection stopped
02:18:20 *** MESSAGE Database updated successfully
02:18:21 *** MESSAGE IP Protection started successfully
13:05:44 *** MESSAGE Protection started successfully
13:05:48 *** MESSAGE IP Protection started successfully
Der Log von MSE ist unauffindbar, keine Ahnung, wo MSE die Logs speichert  Im Programmordner finde ich bei Scans nur .bin Dateien. Der genannte Virus: Trojan:Win32/Merdirt.A Ausgeführte Aktion: Entfernt. (23.07. - 14:58 Uhr) MSE hatte einen vollständigen Scan durchgeführt, der sicher 3 Stunden oder sogar noch länger gedauert hatte. Weiterhin Danke!  edit: benutzerkonto mit *** versehen, adminkonto mit *adm* versehen. Mist, jetzt hab ich mir selbst geantwortet! Sollte eigentlich ins edit *kopf@tisch* Geändert von Ivorya (25.07.2011 um 12:51 Uhr) |
|
25.07.2011, 12:56
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hast du das Log von MSE auch vollständig da bzw. wurde noch mehr gefunden außer Trojan:Win32/Merdirt.A?
__________________Solche Angaben reichen nicht, poste immer die vollständigen Angaben/Logs der Virenscanner. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ |
|
25.07.2011, 13:26
| #4 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo Cosinus, vielen Dank, dass du dich meiner annimmst. Leider finde ich die Logs von MSE nicht. Nach einigem Googlen fand ich heraus, dass MSE wohl die logs hier speichert: For Windows Vista and Windows 7: c:\ProgramData\Microsoft\Microsoft Antimalware Aber dort sind - wie gesagt - nur .bin-Dateien, damit weiß ich leider gar nichts anzufangen Ich kann diese aber hochladen, wenn dir das was bringen sollte, aber ich finde partout keine LogDateien in Textform von MSE Es existiert noch ein abgebrochener mbam-Fullscan von diesem Wochenende mit dem gleichen Ergebnis (also kein Fund), da ist mein pc eingefroren, da mbam und MSE wohl beide Echtzeitkontrolle haben und sich das in die Quere kommt. Kann ich nach Feierabend nachreichen. Der angezeigte Trojaner war in einer GetStyles.exe Datei, einem angeblichen Addon für FireFox zum personalisieren, welches ich vor einiger Zeit runtergeladen habe. War mir damals nach Installation schon suspekt, habe es deinstalliert, aber die eigentliche download-exe wohl nicht gelöscht. Es tut mir unheimlich leid, wenn ich wüsste wo MSE diese blöden Logs so speichert, dass man sie auch lesen kann, würde ich sie hier dranhängen MSE fand vor paar Wochen auch OpenCandy. Wohl keine Malware, aber Adware. Liegt in Quarantäne. Ich google jetzt noch mal weiter, wie ich diese Logs von MSE "sichtbar" bekomme.  |
|
25.07.2011, 14:43
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" In der Sektion Verlauf zeigt MSE auch nichts an?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2011, 16:39
| #6 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo Cosinus, Im Verlauf ist die Merdirt.A und Open Candy aufgeführt. Ich habe nun Genaueres über den Event Viewer finden können. Es gibt wohl auch die Möglichkeit den Log per Eingabeaufforderung sichtbar zu machen, aber... dazu bin ich offensichtlich zu doof (Pfad nicht gefunden).  Im Verlauf steht: oben im Titel: Trojan:Win32/Merdirt.A - Warnstufe: Schwerwiegend - Datum: 23.07.11 14:58 Uhr - Ausgeführte Aktion: Entfernt. Ferner in den Details: Code:
ATTFilter Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Security Essentials hat Programme erkannt, die Ihre Privatsphäre gefährden oder Ihren Computer beschädigen könnten. Sie können auf die von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne sie zu entfernen (nicht empfohlen). Wählen Sie zum Zugreifen auf diese Dateien die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als Administrator an, oder bitten Sie den Sicherheitsadministrator um Unterstützung.
Elemente:
containerfile:D:\Downloads\GetStyles.exe
file:D:\Downloads\GetStyles.exe->(nsis-3-redir.dll)
Lesen Sie im Internet weitere Informationen zu diesem Element.
Code:
ATTFilter Microsoft Antimalware
- EventID 1116
[ Qualifiers] 0
Level 3
Task 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2011-07-23T12:48:42.000Z
EventRecordID 202666
Channel System
Computer *Name*
Security
- EventData
%%860
3.0.8107.0
{124C1479-D571-4F2D-B251-97A6B79FC8A4}
2011-07-23T12:48:12.471Z
2147638350
Trojan:Win32/Merdirt.A
5
Schwerwiegend
8
Trojaner
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Merdirt.A&threatid=2147638350
1
1
1
%%815
Unknown
*PC Name*\*Benutzername*
containerfile:_D:\Downloads\GetStyles.exe;file:_D:\Downloads\GetStyles.exe->(nsis-3-redir.dll)
1
%%845
0
%%812
0
%%822
0
9
%%887
0x00000000
Der Vorgang wurde erfolgreich beendet.
0
0
No additional actions required
AV: 1.109.181.0, AS: 1.109.181.0, NIS: 9.196.0.0
AM: 1.1.7104.0, NIS: 2.0.5854.0
Ich habe 3 Mbam logs. 1 bereits geposteter, 1 abgebrochener und einen, den ich vergessen hatte. Alle ohne Fund, alle noch mal angehängt. ansonsten habe ich keine. edit: einer der Logs ist ein Flash-Scan, sehe ich grad. Hilft dir das irgendwie weiter? Das ist ja schon eher doof, dass MSE keine einfach zugänglichen Logs speichert.  Geändert von Ivorya (25.07.2011 um 16:40 Uhr) Grund: Schreibfehler |
|
25.07.2011, 17:35
| #7 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Ich muss mich nochmal melden, sorry: Aufgrund der Einfrierprobleme habe ich mich an diese Anleitung gehalten. Mbam also neu installiert und leider kann ich jetzt die pro-version nicht weiter testen, es sagt mir, meine Testversion sei abgelaufen Demnach kann ich auch keine Updates geben, ob die "potentiell gefährlichen Webseiten oder Prozesse" noch auftauchen Dabei hab ich das doch erst seit dem Wochenende aaaah edit hoppala, links werden nicht verlinkt. Eine Anleitung im Malwarebytes Forum unter Malwarebytes Forum -> Malwarebytes' Anti-Malware Support -> General Malwarebytes' Anti-Malware Forum -> "FAQ - Common Issues, Questions, and their Solutions". Mbam und MSE kollidieren wohl wegen der Echtzeitkontrolle. |
|
25.07.2011, 18:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2011, 22:16
| #9 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo Cosinus, Hier das ESET Logfile Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=a12ec5b91ac4fe4e9201ce9fcd19e968
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-25 09:03:59
# local_time=2011-07-25 11:03:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 3985126 149149361 0 0
# compatibility_mode=8192 67108863 100 0 140 140 0 0
# scanned=265053
# found=1
# cleaned=0
# scan_time=11206
D:\Progz\Nero 8\Nero-8.3.2.1b_eng.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
Toolbar mit altem Nero? Das Nero hat mir bisher keine Probleme verursacht. |
|
26.07.2011, 08:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Den Fund kannste ignorieren, ESET hat das Nero-Setup nur angemeckert, weil es eine Ask-Toolbar enthält, die normalerweise mitinstalliert wird. Also immer schön bei jedem Setup aufpassen, dass keine schrottigen Toolbars oder ähnlich sinnfreies Zeug mitinstalliert wird. CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2011, 20:09
| #11 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo Cosinus, entschuldige, Dienstag ist immer ein langer Tag bei mir. Hier das OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.07.2011 20:36:04 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Ivory\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 63,10% Memory free 6,06 Gb Paging File | 5,10 Gb Available in Paging File | 84,09% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 47,27 Gb Free Space | 48,40% Space Free | Partition Type: NTFS Drive D: | 352,64 Gb Total Space | 149,15 Gb Free Space | 42,30% Space Free | Partition Type: NTFS Computer Name: *PcName*| User Name: *admin*| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ivory\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - D:\Progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - D:\Progz\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - D:\Progz\Lotus\org6\organize\EasyClip6.exe (Lotus Development Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\*User*\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation) MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TomTomHOMEService) -- D:\Progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsle1d20c56) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0A0E521-FF6D-485F-8FF8-E6BB87DAB7AD}\MpKsle1d20c56.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egistec) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation) DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (mbmiodrvr) -- C:\Windows\System32\mbmiodrvr.sys (cansoft@livewiredev.com) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {662f5b27-1a14-48d4-b9b6-69b111d6cfde} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Progz\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Progz\Picasa\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: D:\Progz\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Progz\Firefox\components [2011.06.21 17:54:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Progz\Firefox\plugins [2011.06.15 17:01:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: D:\Progz\Thunderbird\components [2011.07.14 18:39:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: D:\Progz\Thunderbird\plugins [2011.06.15 17:01:32 | 000,000,000 | ---D | M] [2010.04.10 10:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caylee\AppData\Roaming\mozilla\Extensions [2011.07.25 17:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caylee\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions [2010.06.19 17:58:17 | 000,000,000 | ---D | M] ("Get Styles") -- C:\Users\Caylee\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80} [2010.06.19 17:58:17 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Caylee\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99} File not found (No name found) -- () (No name found) -- C:\USERS\*admin*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YERQZ0L7.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA96}.XPI [2009.12.04 15:43:41 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.05.09 14:29:13 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.05.22 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.06.14 21:31:48 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.06.21 18:26:27 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2010.07.24 09:49:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Progz\Lotus\org6\organize\iehelper.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {662F5B27-1A14-48D4-B9B6-69B111D6CFDE} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] D:\Progz\Samsung PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [TomTomHOME.exe] D:\Progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - D:\Progz\Lotus\org6\organize\bandobjs.dll () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Programme\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Caylee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Progz\Deamon\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - D:\Progz\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2366CF17-E8C1-55E3-E339-9302C47BF72A} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.mp4e - C:\Windows\System32\MPEG4Evfw.dll () Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.25 19:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.07.25 18:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.25 18:20:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.25 18:20:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.22 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\*admin*\AppData\Roaming\PC Suite [2011.07.18 19:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung PC Studio 3 [2011.07.09 11:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.07.05 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\*admin*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AudioCon v1.0 [2011.07.05 20:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioCon v1.0 [2011.07.05 20:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Basement Softworks [2011.07.04 15:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung S5230 Wallpaper Creator [2011.07.04 14:48:22 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\NPS [2011.07.04 14:44:27 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\My Art [2011.07.04 14:29:57 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys [2011.07.04 14:29:57 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys [2011.07.04 14:29:57 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys [2011.07.04 14:29:57 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys [2011.07.04 14:29:57 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys [2011.07.04 14:29:57 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys [2011.07.04 14:29:57 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys [2011.07.04 14:27:46 | 000,000,000 | ---D | C] -- C:\Users\*admin*\{65149495-887c-4e76-9c8d-9ecbdc826756} [2011.07.04 14:24:13 | 000,000,000 | ---D | C] -- C:\Users\*admin*\{7b373682-0225-406a-8128-c221bf3aba21} [2011.07.04 13:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2011.07.04 13:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAnyContentSAFER [2011.07.04 13:36:05 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2011.07.04 13:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2011.07.04 13:36:00 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2011.07.04 13:35:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2011.07.04 13:34:29 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2011.07.04 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\My NPS Files [2011.07.04 13:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio [2011.07.04 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2011.07.04 13:21:53 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\SelfMV [2011.07.04 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\*admin*\AppData\Local\Samsung [2011.07.04 13:05:01 | 000,000,000 | ---D | C] -- C:\Users\*admin*\Documents\samsung [2011.07.04 13:01:46 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2011.07.04 13:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2011.07.04 13:00:33 | 000,000,000 | ---D | C] -- C:\Users\Caylee\AppData\Roaming\Samsung [2011.07.04 13:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.07.03 19:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom [2011.07.03 19:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [2011.07.03 19:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V [2011.07.03 13:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Addon Mod [2009.03.20 17:49:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.26 20:33:11 | 000,097,391 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.07.26 20:33:11 | 000,097,391 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.07.26 20:32:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.26 20:32:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.26 20:32:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.26 20:32:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.25 23:20:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.07.25 22:27:30 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.25 21:46:01 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.25 21:46:01 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.25 21:46:01 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.25 21:46:01 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.25 18:15:16 | 000,415,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.22 17:05:19 | 000,003,407 | ---- | M] () -- C:\Windows\wininit.ini [2011.07.20 17:14:35 | 000,000,845 | ---- | M] () -- C:\Windows\ST4UNST.000 [2011.07.19 22:53:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.07.18 21:48:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.04 14:04:57 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp [2011.07.04 13:30:46 | 000,030,720 | ---- | M] () -- C:\Users\*admin*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.22 23:16:32 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.22 23:16:30 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.20 17:14:31 | 000,000,845 | ---- | C] () -- C:\Windows\ST4UNST.000 [2011.07.18 19:42:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.07.04 14:04:57 | 000,002,898 | ---- | C] () -- C:\aqua_bitmap.cpp [2011.07.04 13:34:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.07.04 13:34:29 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.01.05 00:58:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.02 16:57:35 | 000,025,262 | ---- | C] () -- C:\Windows\System32\xfisk.ini [2011.01.02 16:57:35 | 000,000,052 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2011.01.02 16:57:24 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2011.01.02 16:57:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2011.01.02 16:57:23 | 000,128,512 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2011.01.02 16:57:23 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.11.19 20:16:31 | 000,141,968 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.08.23 19:56:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.07.18 22:25:14 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.04.29 20:08:39 | 000,055,860 | ---- | C] () -- C:\Windows\War3Unin.dat [2009.11.30 17:13:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.11.27 18:33:02 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini [2009.11.23 17:21:01 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.11.22 19:35:15 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009.11.22 19:35:15 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.11.22 19:35:15 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.11.22 19:35:15 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009.10.18 15:49:58 | 000,000,013 | ---- | C] () -- C:\Windows\popcinfo.dat [2009.10.06 15:46:25 | 000,000,760 | ---- | C] () -- C:\Users\*admin*\AppData\Roaming\setup_ldm.iss [2009.09.08 11:20:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.06 02:00:49 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe [2009.09.06 01:24:41 | 000,030,720 | ---- | C] () -- C:\Users\*admin*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.04 19:05:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.03 16:31:09 | 000,000,076 | ---- | C] () -- C:\Windows\ricdb.ini [2009.09.03 16:31:08 | 000,000,027 | ---- | C] () -- C:\Windows\System32\RPCS.ini [2009.08.31 15:20:11 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.31 15:20:11 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.08.30 16:20:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.30 16:20:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.29 18:40:46 | 000,000,000 | ---- | C] () -- C:\Users\*admin*\AppData\Roaming\wklnhst.dat [2009.08.29 16:57:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.08.29 14:55:35 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009.08.29 14:55:35 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys [2009.08.29 14:00:44 | 000,001,356 | ---- | C] () -- C:\Users\*admin*\AppData\Local\d3d9caps.dat [2009.08.29 01:35:42 | 000,003,407 | ---- | C] () -- C:\Windows\wininit.ini [2009.08.28 23:47:26 | 000,024,064 | ---- | C] () -- C:\Users\*admin*\AppData\Roaming\UserTile.png [2009.04.19 01:21:31 | 000,097,391 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.04.19 01:21:25 | 000,097,391 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.04.19 01:01:10 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.04.19 01:01:10 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.04.19 01:01:10 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.04.19 01:01:10 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.04.19 00:48:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.04.19 00:48:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.04.19 00:48:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.03.25 09:17:25 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2009.03.20 17:47:48 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN [2009.03.20 17:47:48 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN [2009.03.20 17:47:48 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN [2009.03.20 17:47:48 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN [2009.03.20 17:47:48 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN [2009.03.20 10:48:26 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.03.20 10:48:26 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.03.20 10:48:26 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.03.20 09:38:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.28 12:32:40 | 000,950,272 | ---- | C] () -- C:\Windows\System32\MPEG4Evfw.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll [2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.05.21 20:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2008.01.21 09:15:58 | 000,634,352 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,128,464 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,415,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,601,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,105,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1998.01.13 13:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\System32\LOTRN13.DLL ========== LOP Check ========== [2009.03.20 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Acer GameZone Console [2011.06.03 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Alawar [2009.09.06 10:58:10 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\avidemux [2011.06.21 16:52:35 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Awem [2009.11.22 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Blitware [2009.08.29 20:32:40 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DAEMON Tools [2011.07.22 23:20:34 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DAEMON Tools Lite [2010.11.25 18:51:43 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\EleFun Games [2009.09.03 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\foobar2000 [2011.02.18 01:30:00 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Friday's games [2010.11.25 20:32:55 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\GameMill Entertainment [2010.06.21 17:30:39 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Hansenet [2009.10.06 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Leadertech [2011.03.28 18:13:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\MobMapUpdater [2011.03.26 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\NCH Swift Sound [2009.08.28 22:58:04 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Opera [2010.07.30 14:43:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Orneon [2011.07.22 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PC Suite [2010.08.22 00:48:22 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PeaceCraft2 [2009.08.28 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PeerNetworking [2011.06.05 13:22:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PlayFirst [2011.05.29 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PopCapv1006 [2009.08.29 19:48:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PowerCinema [2010.08.17 16:18:14 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Princess Isabella [2011.07.18 19:42:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Samsung [2009.08.28 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\SoftDMA [2009.08.29 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Template [2010.04.09 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Thunderbird [2010.08.21 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Top Evidence [2009.08.29 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Trillian [2009.11.30 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TSR [2009.12.05 13:30:48 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TSRWorkshop [2010.06.22 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TV-Browser [2009.08.31 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Ubisoft [2011.07.25 23:20:09 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.03.20 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Acer GameZone Console [2009.08.28 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Adobe [2011.06.03 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Alawar [2009.09.06 10:58:10 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\avidemux [2009.09.06 01:08:56 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\AVS4YOU [2011.06.21 16:52:35 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Awem [2009.11.22 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Blitware [2010.10.30 19:37:56 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\CANON INC [2009.08.28 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\CyberLink [2009.08.29 20:32:40 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DAEMON Tools [2011.07.22 23:20:34 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DAEMON Tools Lite [2010.06.14 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\DivX [2010.11.25 18:51:43 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\EleFun Games [2009.09.03 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\foobar2000 [2011.02.18 01:30:00 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Friday's games [2010.11.25 20:32:55 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\GameMill Entertainment [2010.06.21 17:30:39 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Hansenet [2009.08.28 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Identities [2009.10.06 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Leadertech [2009.08.28 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Macromedia [2010.01.17 02:50:22 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Media Center Programs [2011.07.04 14:43:52 | 000,000,000 | --SD | M] -- C:\Users\*admin*\AppData\Roaming\Microsoft [2011.03.28 18:13:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\MobMapUpdater [2010.04.10 10:22:55 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Mozilla [2011.03.26 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\NCH Swift Sound [2009.09.03 00:58:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Nero [2009.08.28 22:58:04 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Opera [2010.07.30 14:43:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Orneon [2011.07.22 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PC Suite [2010.08.22 00:48:22 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PeaceCraft2 [2009.08.28 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PeerNetworking [2011.06.05 13:22:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PlayFirst [2011.05.29 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PopCapv1006 [2009.08.29 19:48:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\PowerCinema [2010.08.17 16:18:14 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Princess Isabella [2011.04.23 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Realore_Whiterra Roads Of Rome 2 [2011.07.18 19:42:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Samsung [2010.09.18 12:10:18 | 000,000,000 | RH-D | M] -- C:\Users\*admin*\AppData\Roaming\SecuROM [2011.01.05 00:58:13 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Skype [2009.08.28 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\SoftDMA [2010.04.09 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Talkback [2009.09.04 10:32:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\teamspeak2 [2009.08.29 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Template [2010.04.09 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Thunderbird [2010.08.21 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Top Evidence [2009.08.29 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Trillian [2009.11.30 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TSR [2009.12.05 13:30:48 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TSRWorkshop [2010.06.22 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\TV-Browser [2009.08.31 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\Ubisoft [2011.06.06 22:01:53 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\vlc [2009.08.31 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\WinRAR [2010.10.30 19:37:10 | 000,000,000 | ---D | M] -- C:\Users\*admin*\AppData\Roaming\ZoomBrowser EX < %APPDATA%\*.exe /s > [2009.10.06 15:46:30 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\*admin*\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2009.08.29 20:48:46 | 000,010,134 | R--- | M] () -- C:\Users\*admin*\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.07.04 14:04:06 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\*admin*\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys [2008.06.03 05:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2008.06.03 05:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2008.06.03 05:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2008.06.03 05:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys [2009.08.29 01:36:45 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:E2CFA9CD @Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:397D67BA @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4DDE401B @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0988A428 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AEBFFE08 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:880F0FEF < End of report > edit: Ach Biberkacke, ich habe in deinem Posting nicht gesehen, dass OTL.exe eine Anleitung enthält. Nun habe ich die "Standardeinstellungen" verwendet, also Minimal-Ausgabe und bei "Extra Registrierung" habe ich auch nicht "Benutze SafeList" angeklickt Soll / Muss ich es noch mal ausführen? Geändert von Ivorya (26.07.2011 um 20:47 Uhr) |
|
26.07.2011, 21:00
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Passt schon. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:E2CFA9CD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:397D67BA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0988A428
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AEBFFE08
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:880F0FEF
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2011, 12:29
| #13 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Hallo Cosinus, gesagt, getan: Code:
ATTFilter ========== OTL ==========
ADS C:\ProgramData\Temp:E2CFA9CD deleted successfully.
ADS C:\ProgramData\Temp:397D67BA deleted successfully.
ADS C:\ProgramData\Temp:4DDE401B deleted successfully.
ADS C:\ProgramData\Temp:0988A428 deleted successfully.
ADS C:\ProgramData\Temp:AEBFFE08 deleted successfully.
ADS C:\ProgramData\Temp:880F0FEF deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 07272011_132852
|
|
27.07.2011, 12:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2011, 13:10
| #15 |
| | Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" Anbei der Report: Code:
ATTFilter 2011/07/27 14:08:12.0349 4996 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/27 14:08:12.0564 4996 ================================================================================
2011/07/27 14:08:12.0564 4996 SystemInfo:
2011/07/27 14:08:12.0564 4996
2011/07/27 14:08:12.0564 4996 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/27 14:08:12.0564 4996 Product type: Workstation
2011/07/27 14:08:12.0564 4996 ComputerName: *PcName*
2011/07/27 14:08:12.0564 4996 UserName: *admin*
2011/07/27 14:08:12.0564 4996 Windows directory: C:\Windows
2011/07/27 14:08:12.0564 4996 System windows directory: C:\Windows
2011/07/27 14:08:12.0564 4996 Processor architecture: Intel x86
2011/07/27 14:08:12.0564 4996 Number of processors: 2
2011/07/27 14:08:12.0564 4996 Page size: 0x1000
2011/07/27 14:08:12.0564 4996 Boot type: Normal boot
2011/07/27 14:08:12.0564 4996 ================================================================================
2011/07/27 14:08:13.0659 4996 Initialize success
2011/07/27 14:08:20.0197 4640 ================================================================================
2011/07/27 14:08:20.0197 4640 Scan started
2011/07/27 14:08:20.0197 4640 Mode: Manual;
2011/07/27 14:08:20.0197 4640 ================================================================================
2011/07/27 14:08:20.0817 4640 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/27 14:08:20.0867 4640 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/27 14:08:20.0892 4640 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/27 14:08:20.0917 4640 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/27 14:08:20.0972 4640 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/27 14:08:21.0042 4640 AF15BDA (e5fa1b6ceb987b9d978e7d6e18f84268) C:\Windows\system32\drivers\AF15BDA.sys
2011/07/27 14:08:21.0092 4640 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/27 14:08:21.0137 4640 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/27 14:08:21.0167 4640 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/27 14:08:21.0207 4640 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\drivers\AlfaFF.sys
2011/07/27 14:08:21.0232 4640 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/27 14:08:21.0277 4640 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/27 14:08:21.0302 4640 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/27 14:08:21.0322 4640 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/27 14:08:21.0347 4640 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/27 14:08:21.0397 4640 ApfiltrService (91b05bbb609c79d73e2332b6e5f99aea) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/27 14:08:21.0447 4640 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/27 14:08:21.0582 4640 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/27 14:08:21.0627 4640 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
2011/07/27 14:08:21.0657 4640 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/27 14:08:21.0702 4640 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/27 14:08:21.0752 4640 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/27 14:08:21.0807 4640 AVerAF15 (d99b2c8c5f2f6ef05590198b0fb4fa1a) C:\Windows\system32\Drivers\AVerAF15.sys
2011/07/27 14:08:21.0857 4640 b57nd60x (7d06191c038836c6afe76eee7b2d0839) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/27 14:08:21.0912 4640 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/27 14:08:21.0962 4640 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/27 14:08:22.0027 4640 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/27 14:08:22.0057 4640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/27 14:08:22.0077 4640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/27 14:08:22.0107 4640 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/27 14:08:22.0127 4640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/27 14:08:22.0142 4640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/27 14:08:22.0157 4640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/27 14:08:22.0207 4640 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/27 14:08:22.0237 4640 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/27 14:08:22.0277 4640 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/27 14:08:22.0327 4640 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/07/27 14:08:22.0362 4640 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/27 14:08:22.0407 4640 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
2011/07/27 14:08:22.0432 4640 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/07/27 14:08:22.0457 4640 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/27 14:08:22.0527 4640 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/27 14:08:22.0572 4640 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/27 14:08:22.0602 4640 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/27 14:08:22.0627 4640 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/27 14:08:22.0807 4640 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/27 14:08:22.0887 4640 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/27 14:08:22.0912 4640 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/27 14:08:22.0932 4640 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/27 14:08:22.0962 4640 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/27 14:08:23.0017 4640 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/27 14:08:23.0142 4640 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/27 14:08:23.0182 4640 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/07/27 14:08:23.0292 4640 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/07/27 14:08:23.0377 4640 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/27 14:08:23.0437 4640 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/27 14:08:23.0482 4640 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/27 14:08:23.0532 4640 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/27 14:08:23.0572 4640 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/27 14:08:23.0627 4640 enecir (c6fe855b5620e9c0c30bb808f24d3110) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/27 14:08:23.0677 4640 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/27 14:08:23.0747 4640 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/27 14:08:23.0777 4640 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/27 14:08:23.0827 4640 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/27 14:08:23.0867 4640 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/27 14:08:23.0887 4640 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/27 14:08:23.0907 4640 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/27 14:08:23.0952 4640 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/27 14:08:24.0072 4640 FPSensor (dff40790309c40d56d1cd5a9e8e5a5ce) C:\Windows\system32\Drivers\FPSensor.sys
2011/07/27 14:08:24.0142 4640 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
2011/07/27 14:08:24.0187 4640 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/27 14:08:24.0217 4640 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/27 14:08:24.0325 4640 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/27 14:08:24.0357 4640 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/27 14:08:24.0388 4640 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/27 14:08:24.0419 4640 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/27 14:08:24.0450 4640 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/27 14:08:24.0481 4640 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/27 14:08:24.0528 4640 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/27 14:08:24.0575 4640 hwdatacard (63b3eff36272787619c1e773ed581693) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/27 14:08:24.0622 4640 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/27 14:08:24.0653 4640 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/27 14:08:24.0684 4640 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/27 14:08:24.0715 4640 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/27 14:08:24.0745 4640 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/07/27 14:08:24.0845 4640 IntcAzAudAddService (0c36a7de2b4e6ec301b98ae300547701) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/27 14:08:24.0928 4640 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/27 14:08:24.0959 4640 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/27 14:08:25.0021 4640 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/27 14:08:25.0068 4640 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/27 14:08:25.0099 4640 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/27 14:08:25.0115 4640 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/27 14:08:25.0131 4640 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/27 14:08:25.0162 4640 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/27 14:08:25.0177 4640 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/27 14:08:25.0193 4640 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/27 14:08:25.0255 4640 JMCR (ddc2f92e0b24999d69b75307e2499095) C:\Windows\system32\DRIVERS\jmcr.sys
2011/07/27 14:08:25.0271 4640 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/27 14:08:25.0318 4640 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/27 14:08:25.0349 4640 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/27 14:08:25.0411 4640 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/27 14:08:25.0448 4640 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/27 14:08:25.0478 4640 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/27 14:08:25.0513 4640 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/27 14:08:25.0543 4640 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/27 14:08:25.0568 4640 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/27 14:08:25.0728 4640 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/27 14:08:25.0813 4640 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/27 14:08:25.0868 4640 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/07/27 14:08:25.0908 4640 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
2011/07/27 14:08:25.0943 4640 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/27 14:08:25.0998 4640 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/27 14:08:26.0033 4640 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/27 14:08:26.0053 4640 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/27 14:08:26.0068 4640 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/27 14:08:26.0098 4640 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/27 14:08:26.0118 4640 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/27 14:08:26.0164 4640 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/27 14:08:26.0211 4640 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/27 14:08:26.0320 4640 MpKsl7c0c5e35 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13370541-F13C-45B8-AD6A-940F833F9788}\MpKsl7c0c5e35.sys
2011/07/27 14:08:26.0445 4640 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/27 14:08:26.0507 4640 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/27 14:08:26.0538 4640 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/27 14:08:26.0569 4640 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/27 14:08:26.0616 4640 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/27 14:08:26.0723 4640 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/27 14:08:26.0743 4640 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/27 14:08:26.0783 4640 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/07/27 14:08:26.0818 4640 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/27 14:08:26.0858 4640 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/27 14:08:26.0893 4640 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/27 14:08:26.0918 4640 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/27 14:08:26.0953 4640 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/27 14:08:26.0973 4640 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/27 14:08:27.0023 4640 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/27 14:08:27.0048 4640 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/27 14:08:27.0068 4640 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/27 14:08:27.0093 4640 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/27 14:08:27.0133 4640 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/07/27 14:08:27.0158 4640 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/07/27 14:08:27.0183 4640 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/07/27 14:08:27.0233 4640 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/27 14:08:27.0283 4640 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/27 14:08:27.0328 4640 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/27 14:08:27.0353 4640 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/27 14:08:27.0403 4640 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/27 14:08:27.0433 4640 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/27 14:08:27.0463 4640 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/27 14:08:27.0498 4640 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/27 14:08:27.0618 4640 NETw5v32 (ddf0e12261d1e8e59f60e13c6e58fac9) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/07/27 14:08:27.0663 4640 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/27 14:08:27.0698 4640 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/27 14:08:27.0738 4640 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/27 14:08:27.0768 4640 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/27 14:08:27.0813 4640 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/27 14:08:27.0883 4640 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\Drivers\NTIDrvr.sys
2011/07/27 14:08:27.0928 4640 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/27 14:08:27.0953 4640 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/27 14:08:28.0188 4640 nvlddmkm (dbec52785723580f8881832741ab8419) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/27 14:08:28.0263 4640 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/27 14:08:28.0283 4640 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/27 14:08:28.0318 4640 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/27 14:08:28.0398 4640 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/27 14:08:28.0433 4640 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/27 14:08:28.0453 4640 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/27 14:08:28.0478 4640 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/27 14:08:28.0513 4640 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/07/27 14:08:28.0538 4640 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/27 14:08:28.0563 4640 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/27 14:08:28.0588 4640 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/27 14:08:28.0648 4640 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/27 14:08:28.0723 4640 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\Windows\system32\drivers\pmemnt.sys
2011/07/27 14:08:28.0798 4640 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/27 14:08:28.0843 4640 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/27 14:08:28.0899 4640 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/27 14:08:28.0962 4640 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/27 14:08:28.0993 4640 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/27 14:08:29.0024 4640 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/27 14:08:29.0040 4640 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/27 14:08:29.0071 4640 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/27 14:08:29.0102 4640 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/27 14:08:29.0133 4640 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/27 14:08:29.0164 4640 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/27 14:08:29.0196 4640 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/27 14:08:29.0227 4640 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/27 14:08:29.0242 4640 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/27 14:08:29.0274 4640 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/27 14:08:29.0294 4640 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/27 14:08:29.0324 4640 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/27 14:08:29.0369 4640 RTHDMIAzAudService (4a8393f03cb2f40e08126d83916c5633) C:\Windows\system32\drivers\RtHDMIV.sys
2011/07/27 14:08:29.0394 4640 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/27 14:08:29.0434 4640 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/27 14:08:29.0459 4640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/27 14:08:29.0484 4640 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/27 14:08:29.0509 4640 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/27 14:08:29.0539 4640 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/27 14:08:29.0594 4640 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/27 14:08:29.0619 4640 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/27 14:08:29.0649 4640 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/27 14:08:29.0674 4640 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/27 14:08:29.0699 4640 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/27 14:08:29.0729 4640 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/27 14:08:29.0764 4640 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/27 14:08:29.0814 4640 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/27 14:08:29.0849 4640 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/27 14:08:29.0894 4640 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/07/27 14:08:29.0894 4640 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/07/27 14:08:29.0899 4640 sptd - detected LockedFile.Multi.Generic (1)
2011/07/27 14:08:29.0949 4640 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/27 14:08:29.0989 4640 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/27 14:08:30.0024 4640 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/27 14:08:30.0079 4640 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
2011/07/27 14:08:30.0124 4640 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
2011/07/27 14:08:30.0179 4640 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
2011/07/27 14:08:30.0214 4640 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/07/27 14:08:30.0274 4640 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/27 14:08:30.0304 4640 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/27 14:08:30.0324 4640 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/27 14:08:30.0354 4640 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/27 14:08:30.0399 4640 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/27 14:08:30.0482 4640 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/07/27 14:08:30.0528 4640 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/27 14:08:30.0544 4640 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/27 14:08:30.0591 4640 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/27 14:08:30.0606 4640 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/27 14:08:30.0638 4640 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/27 14:08:30.0669 4640 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/27 14:08:30.0747 4640 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/27 14:08:30.0794 4640 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/27 14:08:30.0825 4640 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/27 14:08:30.0887 4640 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/27 14:08:30.0923 4640 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/07/27 14:08:30.0968 4640 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/27 14:08:31.0048 4640 UimBus (86da1d98c84d914855a0f995e71cf7a8) C:\Windows\system32\DRIVERS\UimBus.sys
2011/07/27 14:08:31.0068 4640 Uim_IM (76365ef3698285f7ee4f947765c7289a) C:\Windows\system32\Drivers\Uim_IM.sys
2011/07/27 14:08:31.0098 4640 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/27 14:08:31.0123 4640 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/27 14:08:31.0148 4640 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/27 14:08:31.0178 4640 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/27 14:08:31.0203 4640 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/27 14:08:31.0238 4640 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/27 14:08:31.0270 4640 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/27 14:08:31.0301 4640 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/27 14:08:31.0332 4640 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/27 14:08:31.0363 4640 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/27 14:08:31.0379 4640 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/27 14:08:31.0410 4640 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/27 14:08:31.0426 4640 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/27 14:08:31.0457 4640 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/27 14:08:31.0504 4640 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/27 14:08:31.0535 4640 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/27 14:08:31.0613 4640 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/27 14:08:31.0690 4640 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/27 14:08:31.0715 4640 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/27 14:08:31.0835 4640 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/27 14:08:31.0890 4640 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/27 14:08:31.0920 4640 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/27 14:08:31.0940 4640 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/27 14:08:31.0985 4640 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/27 14:08:32.0010 4640 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 14:08:32.0020 4640 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 14:08:32.0045 4640 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/27 14:08:32.0070 4640 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/27 14:08:32.0150 4640 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/27 14:08:32.0190 4640 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/27 14:08:32.0235 4640 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/27 14:08:32.0315 4640 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/07/27 14:08:32.0360 4640 MBR (0x1B8) (5586eabcc0d095db340d873e2b236896) \Device\Harddisk0\DR0
2011/07/27 14:08:32.0390 4640 Boot (0x1200) (a0f2d91abe56871692340a0be611c4f6) \Device\Harddisk0\DR0\Partition0
2011/07/27 14:08:32.0415 4640 Boot (0x1200) (a0026678b5b0682ef559f3f23a31627c) \Device\Harddisk0\DR0\Partition1
2011/07/27 14:08:32.0415 4640 ================================================================================
2011/07/27 14:08:32.0415 4640 Scan finished
2011/07/27 14:08:32.0415 4640 ================================================================================
2011/07/27 14:08:32.0425 2960 Detected object count: 1
2011/07/27 14:08:32.0425 2960 Actual detected object count: 1
2011/07/27 14:08:39.0352 2960 LockedFile.Multi.Generic(sptd) - User select action: Skip
edit: hatte beim zweiten Schritt nicht die Möglichkeit "cure" zu drücken, da gab es nur skip und unten dann continue. |
|
| Themen zu Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" |
| anzahl, aufrufe, aus sicherheitsgründen, befall, einloggen, folge, forum, fund, gestoppt, hack, hijack, hijackthis, lag, log, log in, malwarebytes, mbam, microsoft, microsoft security, microsoft security essential, microsoft security essentials, nicht sicher, opera, problem, prozess, prozesse, scan, security, sicherheitsgründe, sicherheitsgründen, total, trojaner, update, warnung, windows vista home, öffnen |
Textbox.
.
Linear-Darstellung
