| |
| |||||||
Log-Analyse und Auswertung: AntiVir hat Trojaner TR/ATRAPS.Gen2 entdecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.12.2011, 17:35
| #1 |
 |  AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Hallo leute, ich bin auf euer Forum gestoßen und sehe das ihr sehr hilfsbereit seit. Ich würde mich freuen, wenn ihr auch mal nen Blick auf mein Problem bitte werfen könntet. Dankeschön schonmal im voraus. Mein Antivir hat vor ein paar Tagen den Trojaner TR/ATRAPS.Gen2 entdeckt. Als Auswahl wird bei Antivir angeboten es zu entfernen oder in Quarantäne zu setzen. Da es nach dem entfernen wieder und öffter aufgetaucht ist, habe ich es immer wieder in Quarantäne gesetzt. Als fundstelle wird von Antivir angegeben: C:\Users\***\AppData\Local\7b30d2dc\U\800000cb.@ Eigene Rechersche Ich habe im Pc Welt Forum unter (hxxp://www.pcwelt.de/forum/sicherheit/407098-tr-atraps-gen2.html) gelesen, das es sich um einen Fehlalarm seitens Antivir handle, deshalb habe ich Antivir eine Anfrage geschickt. Als Antwort bekam ich: "Die Datei '4a8c18e0.vir' wurde als 'FALSE POSITIVE' eingestuft.Dies bedeutet, dass diese Datei nicht gefährlich und eine Fehlmeldung unsererseits ist. Unsere Analytiker haben dieser Bedrohung den Namen gegeben.Das Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) entfernt werden. Alternativ können Sie die Ergebnisse der Analyse hier einsehen: hxxp://analysis.avira.com/samples/details.php?uniqueid=8pPX4kA6B2NJmg0kIXNWhMt6j5v2MV7T&incidentid=930684" Symptome Diese Symptome bringe ich mit dem Trojaner in Verbindung, da diese vorher nicht aufgetaucht waren: 1. Plötzlich erscheint ein Fenster. Da geht es um irgendein Javaskript. Mir steht zur Auswahl Öffnen, Speichern oder Abbrechen. Ich habe immer Abbrechen gewählt bis auf einmal wo ich Öffnen gewählt habe. Aber es hat sich nichts geöffnet. Leider kann ich es grade nicht näher beschreiben, weil ich mich nicht mehr gut daran erinnern kann. 2. Firefox versucht beim Start die folgende Seite zu öffnen: mediashifting.com/?search=what+are+the+order+of+degrees&subid=193&key=5e2e3c92c060abcb6729&p=1 aber ohne Erfolg. Es erscheint der Fehler: Server nicht gefunden Zum Thema "kompletten Überblick von meinem System" Ich habe Defogger gestartet und die Anweisungen befolgt, aber es hat weder zum Neustart aufgefordert noch eine Fehlermeldung ausgegeben. Hier ist die Defogger Disable Log defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:34 on 27/12/2011 (Kenan) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F Schluss So ich habe nun alle Schritte befolgt und die Logfiles als Anhang zugefügt. Ich möchte euch noch mal danken, das ihr hier auf dieser Seite sowas gutes zustande gebracht habt um uns zu helfen. Schöne Tage noch. PS: vielleicht ist die logfile von Antivir auch relevant. Hier ist sie: Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 26. Dezember 2011 00:22 Es wird nach 2964932 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : KENAN-VAIO Versionsinformationen: BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00 AVSCAN.EXE : 12.1.0.18 490448 Bytes 25.10.2011 17:24:43 AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58 LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47 AVSCPLR.DLL : 12.1.0.21 99536 Bytes 08.12.2011 19:42:32 AVREG.DLL : 12.1.0.27 227536 Bytes 09.12.2011 19:38:16 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:36:36 VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 21:36:36 VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 21:36:36 VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 21:36:36 VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 21:36:36 VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 21:36:36 VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 21:36:36 VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 21:36:36 VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 21:36:36 VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 21:36:36 VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 21:36:36 VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 21:35:10 VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 05:35:20 VBASE015.VDF : 7.11.20.0 2048 Bytes 24.12.2011 05:35:20 VBASE016.VDF : 7.11.20.1 2048 Bytes 24.12.2011 05:35:20 VBASE017.VDF : 7.11.20.2 2048 Bytes 24.12.2011 05:35:20 VBASE018.VDF : 7.11.20.3 2048 Bytes 24.12.2011 05:35:20 VBASE019.VDF : 7.11.20.4 2048 Bytes 24.12.2011 05:35:20 VBASE020.VDF : 7.11.20.5 2048 Bytes 24.12.2011 05:35:20 VBASE021.VDF : 7.11.20.6 2048 Bytes 24.12.2011 05:35:20 VBASE022.VDF : 7.11.20.7 2048 Bytes 24.12.2011 05:35:20 VBASE023.VDF : 7.11.20.8 2048 Bytes 24.12.2011 05:35:20 VBASE024.VDF : 7.11.20.9 2048 Bytes 24.12.2011 05:35:20 VBASE025.VDF : 7.11.20.10 2048 Bytes 24.12.2011 05:35:20 VBASE026.VDF : 7.11.20.11 2048 Bytes 24.12.2011 05:35:20 VBASE027.VDF : 7.11.20.12 2048 Bytes 24.12.2011 05:35:21 VBASE028.VDF : 7.11.20.13 2048 Bytes 24.12.2011 05:35:21 VBASE029.VDF : 7.11.20.14 2048 Bytes 24.12.2011 05:35:21 VBASE030.VDF : 7.11.20.15 2048 Bytes 24.12.2011 05:35:21 VBASE031.VDF : 7.11.20.16 2048 Bytes 24.12.2011 05:35:21 Engineversion : 8.2.8.8 AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 17:24:42 AESCRIPT.DLL : 8.1.3.92 495996 Bytes 16.12.2011 20:21:58 AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02 AESBX.DLL : 8.2.4.5 434549 Bytes 01.12.2011 18:57:42 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 20:21:39 AEOFFICE.DLL : 8.1.2.24 201084 Bytes 16.12.2011 20:21:56 AEHEUR.DLL : 8.1.3.8 4231543 Bytes 16.12.2011 20:21:55 AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 17:24:31 AEGEN.DLL : 8.1.5.17 405877 Bytes 08.12.2011 19:42:10 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.24.2 201080 Bytes 16.12.2011 20:21:26 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41 AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38 AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38 AVARKT.DLL : 12.1.0.19 208848 Bytes 08.12.2011 19:42:21 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37 SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51 AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39 NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00 RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ef79a58\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Montag, 26. Dezember 2011 00:22 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'C112.tmp' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VCService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'listener.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'brs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FABS.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ath_CoexAgent.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@' C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a411951.qua' verschoben! Ende des Suchlaufs: Montag, 26. Dezember 2011 00:22 Benötigte Zeit: 00:01 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 26 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 25 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise |
|
27.12.2011, 17:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
27.12.2011, 18:22
| #3 |
| | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt So hier ist der Log von malwarebytes. Gehe jetzt nun über zu ESET Online Scanner
__________________Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 911122703 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 27.12.2011 18:17:56 mbam-log-2011-12-27 (18-17-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 176790 Laufzeit: 2 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: c:\programdata\enrollchar.exe (Trojan.Agent) -> 3824 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagUI (Trojan.Agent) -> Value: diagUI -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\enrollchar (Trojan.Agent) -> Value: enrollchar -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\enrollchar.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Kenan\AppData\Local\Temp\C112.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Kenan\AppData\Local\Temp\defragcred.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Kenan\AppData\Roaming\diagUI.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
27.12.2011, 21:57
| #4 |
| | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt So hier ist jetzt die logdatei von ESET Online Scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2b8273ec1020ed42b14ed7b92008af61
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 05:50:39
# local_time=2011-12-27 06:50:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 153211 153211 0 0
# compatibility_mode=1792 16777215 100 0 6390755 6390755 0 0
# compatibility_mode=5893 16776574 66 94 161257 76637414 0 0
# compatibility_mode=8192 67108863 100 0 4084 4084 0 0
# scanned=51564
# found=0
# cleaned=0
# scan_time=674
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2b8273ec1020ed42b14ed7b92008af61
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 08:32:16
# local_time=2011-12-27 09:32:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 153963 153963 0 0
# compatibility_mode=1792 16777215 100 0 6391507 6391507 0 0
# compatibility_mode=5893 16776574 66 94 162009 76638166 0 0
# compatibility_mode=8192 67108863 100 0 4836 4836 0 0
# scanned=242513
# found=4
# cleaned=0
# scan_time=9640
C:\Users\Kenan\AppData\Local\7b30d2dc\X Win64/Sirefef.N trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kenan\AppData\Local\7b30d2dc\U\80000000.@ Win64/Sirefef.P trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@ Win64/Sirefef.M trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cf.@ Win64/Sirefef.O trojan (unable to clean) 00000000000000000000000000000000 I
|
|
28.12.2011, 03:34
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdecktZitat:
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.12.2011, 05:12
| #6 |
| | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Sry habe ich übersehen. Hier ist jetzt der Log vom vollständigen Malwarebytes scann. Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.24.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kenan :: KENAN-VAIO [Administrator] Schutz: Aktiviert 28.12.2011 03:49:58 mbam-log-2011-12-28 (03-49-58).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 400027 Laufzeit: 1 Stunde(n), 20 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Kenan\AppData\Local\7b30d2dc\X -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
28.12.2011, 05:30
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2011, 11:58
| #8 |
| | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt So hier ist jetzt die neue OTL Log Code:
ATTFilter OTL logfile created on: 28.12.2011 11:36:11 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kenan\Desktop\TojanerProblem 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 4,21 Gb Available Physical Memory | 71,18% Memory free 11,82 Gb Paging File | 9,79 Gb Available in Paging File | 82,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449,51 Gb Total Space | 328,54 Gb Free Space | 73,09% Space Free | Partition Type: NTFS Drive E: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KENAN-VAIO | User Name: Kenan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.27 16:37:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kenan\Desktop\TojanerProblem\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 15:05:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.29 16:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.03.05 15:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011.03.05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011.02.24 21:02:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.24 21:02:27 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2011.02.15 10:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.01.29 04:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 19:33:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll MOD - [2011.10.14 19:33:25 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll MOD - [2011.10.14 19:29:46 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll MOD - [2011.10.14 19:29:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 19:29:25 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.14 19:29:21 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.14 19:29:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.14 19:29:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.14 19:29:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.14 19:29:04 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.14 19:29:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.06.29 23:49:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.23 14:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV:64bit: - [2011.08.12 15:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV:64bit: - [2011.07.19 03:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService) SRV:64bit: - [2011.06.29 23:55:22 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.02.18 21:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV:64bit: - [2011.02.18 21:10:06 | 000,546,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV:64bit: - [2011.02.18 21:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV:64bit: - [2011.02.14 16:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:64bit: - [2011.02.14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService) SRV:64bit: - [2011.01.29 04:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2011.01.20 11:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.06.24 15:05:46 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.29 16:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.04.29 16:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.03.05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2011.02.24 21:02:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.02.24 21:02:27 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.02.21 11:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.02.21 11:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011.01.20 11:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.12.08 20:42:31 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.15 13:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.08.15 03:38:33 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2011.08.09 00:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.06.30 00:39:02 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.29 23:18:16 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.21 00:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.29 16:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.04.29 16:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.04.29 16:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.04.29 16:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.04.29 16:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.04.29 16:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.04.29 16:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.04.29 16:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.04.01 09:15:27 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 21:58:44 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2011.03.07 03:30:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe) DRV:64bit: - [2011.03.04 10:21:46 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.04 10:01:05 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.02.24 21:02:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.12.10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.04.28 00:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.28 00:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 22:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 22:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.04.26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.23 15:35:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 08:03:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.21 17:53:37 | 000,000,000 | ---D | M] [2011.07.11 01:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan\AppData\Roaming\mozilla\Extensions [2011.12.27 15:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions [2011.11.21 17:53:37 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011.07.19 10:00:58 | 000,002,227 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml [2011.07.11 01:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\KENAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S97WFBCW.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI () (No name found) -- C:\USERS\KENAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S97WFBCW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.10 08:03:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.10.09 23:11:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.09 23:11:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.09 23:11:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.09 23:11:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.09 23:11:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.09 23:11:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{608B6E71-8776-4514-B01D-F03F35818556}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFEDBEE4-FC9D-4307-8C73-F884627DEE53}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Users\Kenan\AppData\Local\7b30d2dc\X) -C:\Users\Kenan\AppData\Local\7b30d2dc\X () O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ] O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - E:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BvtUtility - hkey= - key= - C:\Program Files (x86)\BvT Grup\BvT Live Tv\BvtUtility.exe (CanliTv.com) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX:64bit: >{7B284195-B3C3-4FF2-AF60-24DAC8F5E766} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.28 11:31:37 | 000,000,000 | R--D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2011.12.28 03:28:06 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{01FAB632-2A94-4B50-822E-C52A82940E4B} [2011.12.28 03:27:32 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F09702F9-0ED7-45FA-9A1A-71B367749883} [2011.12.28 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Documents\MAGIX Downloads [2011.12.28 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Documents\MAGIX [2011.12.28 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Desktop\LVG [2011.12.28 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\AA3DeployClient [2011.12.28 00:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient [2011.12.28 00:28:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Army Game [2011.12.28 00:26:41 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Deployment [2011.12.28 00:26:41 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Apps [2011.12.27 18:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.27 18:11:49 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Malwarebytes [2011.12.27 18:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.27 18:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.27 18:11:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.27 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.27 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Desktop\TojanerProblem [2011.12.27 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.12.27 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2011.12.27 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{AFC89C23-78B5-475F-B339-A43938CEA293} [2011.12.27 15:26:32 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7D0D9999-9D1F-4BD4-B662-9F95DC5F7CF2} [2011.12.27 01:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3B6266D0-7444-4AE2-8D4E-114A8301484E} [2011.12.27 01:07:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{14851934-D13D-4DB3-B2A6-40DECEBA9D92} [2011.12.26 23:52:49 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{85453B69-0E2A-4872-8A8D-1AE65EF81138} [2011.12.26 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{16FDBAEA-DA7F-4B4D-962D-D2B8EA1CA857} [2011.12.26 01:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.12.26 01:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2011.12.25 23:41:20 | 000,000,000 | -HSD | C] -- C:\Users\Kenan\AppData\Local\7b30d2dc [2011.12.25 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{4097FA4C-9D70-4AA5-B2B9-D4804BDFCDE5} [2011.12.25 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F2DFA48B-E564-4C34-A091-E4B1A76E57C0} [2011.12.24 04:36:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{356B2BD4-C637-453A-A928-C95E35A79404} [2011.12.24 04:36:29 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{95794BDC-4537-44F3-812E-C60025A45557} [2011.12.22 13:22:27 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9E016A2C-20B2-4F21-9089-703853DB0E9F} [2011.12.22 13:22:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{5DED2D16-B78E-4774-BADE-D17C533EC8C9} [2011.12.22 13:19:59 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2011.12.22 13:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.12.22 13:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2011.12.21 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{89F44C35-72F8-40FC-B496-16C1C967306E} [2011.12.21 17:32:27 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{98151295-4EA8-4948-BC61-EB567DAB216E} [2011.12.20 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{912FD41C-3F90-4C9F-A2B7-135BB80D6A77} [2011.12.20 22:29:24 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F48B745D-C36A-4250-9764-DA63AD418595} [2011.12.20 07:43:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{BFB836D3-9B1E-43AD-B045-98370C24772A} [2011.12.20 07:43:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{363DE245-CD4B-4E36-B97B-1433F9973606} [2011.12.19 15:04:16 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{712E116B-11CB-41A4-91AE-1C1F4DB7A6EF} [2011.12.19 15:03:54 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3969DDF9-D401-4CDB-A06B-9F579DD8992B} [2011.12.19 02:58:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{36E9085F-4514-4CA7-9893-117652816E07} [2011.12.19 02:57:47 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{A212D5B5-5501-4096-9382-4D7826D72FD2} [2011.12.18 03:07:17 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{5EDBC034-3C75-4641-B36C-E7DF2F32995B} [2011.12.18 03:06:51 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9E28DEC3-F719-403F-B6C6-FC1BEDC04639} [2011.12.17 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Alte Eigene Dateien [2011.12.17 13:13:38 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9B14F8F8-1CA4-4BC8-A7A5-2DA8F8186B7E} [2011.12.17 13:13:16 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{34C35E28-59B8-44F9-850A-B8355ECCB123} [2011.12.17 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C [2011.12.16 16:55:07 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{18E5DD89-2AA5-46F1-A29A-A842CEB85186} [2011.12.16 16:54:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{DBFF224F-3230-4514-9BDA-BE899133CDA2} [2011.12.15 16:34:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Canon [2011.12.15 15:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2011.12.15 15:38:34 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2011.12.15 15:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP830 [2011.12.15 15:38:15 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2011.12.15 15:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2011.12.15 13:40:52 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8EE8681F-60F3-42D4-9FAB-B59590C2EF0A} [2011.12.15 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C365A675-4E27-4D0C-8891-39FBDD124F06} [2011.12.15 01:23:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Kontoauszug [2011.12.15 01:18:11 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FF6FAB9C-08CF-4A9A-94BD-0DDBB7EACDA8} [2011.12.15 01:17:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3E4A7DA7-FB50-41B5-B031-0918B6C0D84B} [2011.12.14 11:54:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7E9CC605-4313-4F4F-98FD-B380AF3ACD72} [2011.12.14 11:54:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{1AE83126-F6AE-47D7-8D32-D3A199495F14} [2011.12.13 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F7FB9F2C-7FDD-4F81-8ADE-7935BB9F10E7} [2011.12.13 16:10:59 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{66AC74EF-0B74-4663-8859-8349E2FF29B6} [2011.12.13 16:10:43 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{26E554F7-C435-46C8-837A-DCE38FA3ED94} [2011.12.13 16:10:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{4983CC8D-A5E7-46E1-B6E4-5E55E4604865} [2011.12.12 16:20:24 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{20C7DC7C-1F22-445C-8871-A34ABD314460} [2011.12.12 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{ED66214D-49C4-4865-8F77-590A97613D8F} [2011.12.12 15:31:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Logitech [2011.12.12 15:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011.12.12 15:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech [2011.12.12 15:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2011.12.12 01:36:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{6365C5F8-BB88-4184-B5CA-A7BC81B1E389} [2011.12.12 01:35:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{EB1BDBDC-A6AB-4A6B-893A-C0A80F872CDC} [2011.12.12 01:35:21 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B0A8DE83-EFC6-4518-8753-1F28948DF2A3} [2011.12.11 10:25:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{08DB0319-EF89-4A9D-AA25-4DD8322FC108} [2011.12.11 10:25:04 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B5A9D93C-35EF-4AC0-8E48-F31C3F76A94D} [2011.12.10 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9FB750D1-FFA9-4A7F-91CA-E15E69AF43F5} [2011.12.10 10:21:25 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{64FB4C92-503C-4D46-8BBD-D7814401BF1E} [2011.12.10 10:21:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{DE49E76C-9F84-43B9-ACDA-B1D376E1464F} [2011.12.10 10:20:39 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9FE3D653-96FF-433F-9ADE-05A78ED90381} [2011.12.09 18:57:21 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3F6E10BE-4A0B-4271-B3CF-CFB4B68B2830} [2011.12.09 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{618D3C4C-16AB-4684-BABA-0168DA8E3787} [2011.12.08 20:20:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8E3D0343-BCDC-46AE-8224-C080EDC94074} [2011.12.08 20:19:26 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{68A665AB-C347-4E76-B39A-19ACB0080D1D} [2011.12.08 08:18:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{213521B6-371D-45A2-AD0F-3DAD7934C93C} [2011.12.08 08:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{E8BB6C7F-18AE-49BE-BC66-932D36FD3459} [2011.12.07 16:11:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{067D6B16-E092-4087-A173-05BDE4A7DB9B} [2011.12.07 16:10:25 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{0D2EBEE2-F039-4446-9D07-D9D610C281D8} [2011.12.06 19:55:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{440767DB-EA3B-450F-93A4-5E5E5B7D8807} [2011.12.06 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{920B6E0C-369B-42DB-8BCD-4F9DD2033398} [2011.12.06 07:54:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9AD451E7-959B-4792-B1D1-FA4342872C1C} [2011.12.06 07:53:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{6D5A00AD-1CF7-4E50-8BE4-EAB4115A4A55} [2011.12.05 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{52FECB12-8E06-4CBC-ABF5-0FFB04122285} [2011.12.05 10:33:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FF1F798A-C78C-4E19-A493-212B2F1D7546} [2011.12.04 21:30:29 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8523CB02-F205-497F-852D-4E4040E6D89C} [2011.12.04 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B6A5DA82-D435-4961-859B-5BE2EC5B3BDD} [2011.12.03 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B9959A64-663F-47D2-A8B2-9BFA4C323732} [2011.12.03 20:25:51 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{EA3ED08A-0BD4-4856-A71F-DB86CC8749DC} [2011.12.03 14:35:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D [2011.12.03 14:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DDD [2011.12.03 14:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TriDef 3D [2011.12.02 08:09:13 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C947CCEE-A8E6-4BFF-A9A5-FA94C6A2A4C6} [2011.12.02 08:08:39 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7B3F4C86-EE62-4ED3-AD72-885053AF60C1} [2011.12.01 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{D120E7D6-FAC5-4BEB-9D39-4D837C5898FE} [2011.12.01 20:07:38 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8D396F78-758E-44C4-994B-0085236D45E3} [2011.12.01 08:06:59 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{1DEBD5DA-032C-4E0C-BB58-444A5CBC8B24} [2011.12.01 08:06:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C1E42293-DDB9-44DC-A92E-8B1701D4B7E2} [2011.11.30 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{28641252-25C2-4FC3-B559-F9C70A87513F} [2011.11.30 16:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B3244799-1403-4A7D-B066-E65668B6E95E} [2011.11.29 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{12A55EBD-0793-4FA7-9DF7-FB29E29127CE} [2011.11.29 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{90E15804-6FB5-4184-83A9-AE403E28BC4C} [2011.11.29 07:10:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B537DE02-4EB0-4EDD-B285-95BF18309038} [2011.11.29 07:09:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FB3CC972-285A-4EF6-963C-2C54584B9093} [2011.11.28 18:45:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{87B0ED36-08F3-41D4-BAD3-CE6F947C9446} [2011.11.28 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{50F48384-5140-49E0-A640-8F5EC53072B0} [2011.11.28 18:40:52 | 000,000,000 | R--D | C] -- C:\Users\Kenan\Dropbox [2011.11.28 18:39:10 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.11.28 18:38:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Dropbox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Kenan\Desktop\*.tmp files -> C:\Users\Kenan\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.28 11:37:13 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 11:37:13 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 11:34:07 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.28 11:34:07 | 000,698,976 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.28 11:34:07 | 000,652,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.28 11:34:07 | 000,149,000 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.28 11:34:07 | 000,121,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.28 11:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.28 11:29:36 | 466,984,959 | -HS- | M] () -- C:\hiberfil.sys [2011.12.28 03:45:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.28 00:28:48 | 000,000,316 | ---- | M] () -- C:\Users\Kenan\Desktop\AA3Deploy.appref-ms [2011.12.27 15:49:13 | 000,000,000 | ---- | M] () -- C:\Users\Kenan\defogger_reenable [2011.12.21 23:51:03 | 002,903,606 | ---- | M] () -- C:\Users\Kenan\Desktop\htc_sensation.pdf [2011.12.15 21:18:20 | 000,439,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.12 15:28:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.09 19:49:12 | 000,464,353 | ---- | M] () -- C:\test.xml [2011.12.08 20:42:31 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Kenan\Desktop\*.tmp files -> C:\Users\Kenan\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.28 03:45:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.28 00:28:48 | 000,000,316 | ---- | C] () -- C:\Users\Kenan\Desktop\AA3Deploy.appref-ms [2011.12.27 15:49:13 | 000,000,000 | ---- | C] () -- C:\Users\Kenan\defogger_reenable [2011.12.21 23:50:48 | 002,903,606 | ---- | C] () -- C:\Users\Kenan\Desktop\htc_sensation.pdf [2011.12.15 15:38:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\CNCFLbNL.DLL [2011.12.12 15:28:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf [2011.12.03 14:35:22 | 000,001,400 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO3DPortal.lnk [2011.11.08 23:17:05 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.11.08 23:17:05 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.08 23:17:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.11.08 23:17:05 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2011.11.08 23:17:05 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2011.11.08 23:17:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.13 22:14:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.09.12 03:21:52 | 000,005,120 | ---- | C] () -- C:\Users\Kenan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.10 22:02:06 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\AV32UID.DAT [2011.08.10 03:57:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2011.08.10 03:11:58 | 000,000,000 | ---- | C] () -- C:\Windows\MusicMaker.INI [2011.08.10 03:07:11 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.08.10 03:05:50 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.08.10 02:59:45 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.08.10 02:52:26 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2011.07.12 23:25:14 | 000,007,648 | ---- | C] () -- C:\Users\Kenan\AppData\Local\Resmon.ResmonCfg [2011.06.30 08:01:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.29 14:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.29 14:06:23 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.04.14 04:56:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.04.14 04:56:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.04 11:00:37 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.02.11 00:03:27 | 001,594,978 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll ========== LOP Check ========== [2011.12.22 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Canon [2011.12.23 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Dropbox [2011.08.29 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Leadertech [2011.09.10 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\MAGIX [2011.09.12 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Solveig Multimedia [2011.11.21 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\streamripper [2011.12.10 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Windows Live Writer [2011.12.03 02:47:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XBMC [2011.08.16 10:23:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XP Modus [2011.11.27 13:04:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.07.12 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Adobe [2011.07.11 00:36:40 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\ArcSoft [2011.07.10 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Atheros [2011.07.10 23:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\ATI [2011.10.14 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Avira [2011.12.22 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Canon [2011.07.11 00:16:24 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\CyberLink [2011.08.05 04:29:19 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\DivX [2011.12.23 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Dropbox [2011.07.10 23:19:35 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Identities [2011.07.10 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Intel Corporation [2011.08.29 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Leadertech [2011.06.29 14:25:23 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Macromedia [2011.09.10 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\MAGIX [2011.12.27 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Malwarebytes [2011.03.15 03:36:01 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Media Center Programs [2011.11.08 23:18:31 | 000,000,000 | --SD | M] -- C:\Users\Kenan\AppData\Roaming\Microsoft [2011.07.11 01:17:12 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Mozilla [2011.07.12 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\NCH Software [2011.12.15 17:10:24 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Skype [2011.11.17 21:15:08 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\skypePM [2011.09.12 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Solveig Multimedia [2011.07.12 00:27:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Sony Corporation [2011.11.21 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\streamripper [2011.11.27 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Winamp [2011.12.10 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Windows Live Writer [2011.08.09 10:40:05 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\WinRAR [2011.12.03 02:47:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XBMC [2011.08.16 10:23:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XP Modus < %APPDATA%\*.exe /s > [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.12.05 20:18:12 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenan\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.06.29 14:25:02 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kenan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.11.08 23:18:31 | 000,010,134 | R--- | M] () -- C:\Users\Kenan\AppData\Roaming\Microsoft\Installer\{15CDC9CF-D347-1F6D-2EDB-D0F41B136758}\ARPPRODUCTICON.exe [2007.11.27 07:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe [2011.05.18 09:49:08 | 002,486,784 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\NCH Software\Components\soxdec\soxdec.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
28.12.2011, 21:46
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal
[2011.11.21 17:53:37 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.07.19 10:00:58 | 000,002,227 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
[2011.12.25 23:41:20 | 000,000,000 | -HSD | C] -- C:\Users\Kenan\AppData\Local\7b30d2dc
[2011.12.15 15:38:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\CNCFLbNL.DLL
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2011, 22:41
| #10 |
| | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt So hier ist der OTL Fix Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.dat scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
C:\Users\Kenan\AppData\Local\7b30d2dc\U folder moved successfully.
Folder move failed. C:\Users\Kenan\AppData\Local\7b30d2dc scheduled to be moved on reboot.
C:\Windows\SysNative\CNCFLbNL.DLL moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kenan
->Temp folder emptied: 868724518 bytes
->Temporary Internet Files folder emptied: 296434303 bytes
->Java cache emptied: 3732855 bytes
->FireFox cache emptied: 871853030 bytes
->Flash cache emptied: 87655 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138210983 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 254786 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.078,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12282011_222332
Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.dat scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
C:\Users\Kenan\AppData\Local\7b30d2dc folder moved successfully.
C:\Users\Kenan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
28.12.2011, 23:38
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2011, 00:09
| #12 |
| | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Hier ist die Log: Code:
ATTFilter 00:04:44.0603 5656 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:04:44.0713 5656 ============================================================
00:04:44.0713 5656 Current date / time: 2011/12/29 00:04:44.0713
00:04:44.0713 5656 SystemInfo:
00:04:44.0713 5656
00:04:44.0713 5656 OS Version: 6.1.7601 ServicePack: 1.0
00:04:44.0713 5656 Product type: Workstation
00:04:44.0713 5656 ComputerName: KENAN-VAIO
00:04:44.0713 5656 UserName: Kenan
00:04:44.0713 5656 Windows directory: C:\Windows
00:04:44.0713 5656 System windows directory: C:\Windows
00:04:44.0713 5656 Running under WOW64
00:04:44.0713 5656 Processor architecture: Intel x64
00:04:44.0713 5656 Number of processors: 4
00:04:44.0713 5656 Page size: 0x1000
00:04:44.0713 5656 Boot type: Normal boot
00:04:44.0713 5656 ============================================================
00:04:45.0149 5656 Initialize success
00:05:50.0693 5324 ============================================================
00:05:50.0693 5324 Scan started
00:05:50.0693 5324 Mode: Manual; SigCheck; TDLFS;
00:05:50.0693 5324 ============================================================
00:05:50.0989 5324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:05:51.0052 5324 1394ohci - ok
00:05:51.0177 5324 acedrv07 (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys
00:05:51.0192 5324 acedrv07 ( UnsignedFile.Multi.Generic ) - warning
00:05:51.0192 5324 acedrv07 - detected UnsignedFile.Multi.Generic (1)
00:05:51.0239 5324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:05:51.0255 5324 ACPI - ok
00:05:51.0286 5324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:05:51.0333 5324 AcpiPmi - ok
00:05:51.0395 5324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:05:51.0411 5324 adp94xx - ok
00:05:51.0473 5324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:05:51.0473 5324 adpahci - ok
00:05:51.0520 5324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:05:51.0535 5324 adpu320 - ok
00:05:51.0598 5324 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:05:51.0645 5324 AFD - ok
00:05:51.0707 5324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:05:51.0707 5324 agp440 - ok
00:05:51.0738 5324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:05:51.0738 5324 aliide - ok
00:05:51.0785 5324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:05:51.0785 5324 amdide - ok
00:05:51.0816 5324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:05:51.0847 5324 AmdK8 - ok
00:05:52.0035 5324 amdkmdag (2d969426b5d901fb91a3f4f94b2eb5b8) C:\Windows\system32\DRIVERS\atikmdag.sys
00:05:52.0315 5324 amdkmdag - ok
00:05:52.0378 5324 amdkmdap (a88d7aaed436780dcf420234873f719d) C:\Windows\system32\DRIVERS\atikmpag.sys
00:05:52.0393 5324 amdkmdap - ok
00:05:52.0440 5324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:05:52.0471 5324 AmdPPM - ok
00:05:52.0518 5324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:05:52.0534 5324 amdsata - ok
00:05:52.0565 5324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:05:52.0581 5324 amdsbs - ok
00:05:52.0612 5324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:05:52.0612 5324 amdxata - ok
00:05:52.0690 5324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:05:52.0846 5324 AppID - ok
00:05:52.0877 5324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:05:52.0893 5324 arc - ok
00:05:52.0924 5324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:05:52.0939 5324 arcsas - ok
00:05:53.0002 5324 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
00:05:53.0080 5324 ArcSoftKsUFilter - ok
00:05:53.0142 5324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:05:53.0283 5324 AsyncMac - ok
00:05:53.0329 5324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:05:53.0329 5324 atapi - ok
00:05:53.0376 5324 AthBTPort (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
00:05:53.0376 5324 AthBTPort - ok
00:05:53.0485 5324 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
00:05:53.0595 5324 athr - ok
00:05:53.0657 5324 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
00:05:53.0657 5324 avgntflt - ok
00:05:53.0688 5324 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
00:05:53.0688 5324 avipbb - ok
00:05:53.0719 5324 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:05:53.0735 5324 avkmgr - ok
00:05:53.0797 5324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:05:53.0829 5324 b06bdrv - ok
00:05:53.0875 5324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:05:53.0907 5324 b57nd60a - ok
00:05:53.0938 5324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:05:53.0985 5324 Beep - ok
00:05:54.0016 5324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:05:54.0031 5324 blbdrive - ok
00:05:54.0094 5324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:05:54.0141 5324 bowser - ok
00:05:54.0172 5324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:05:54.0203 5324 BrFiltLo - ok
00:05:54.0234 5324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:05:54.0250 5324 BrFiltUp - ok
00:05:54.0297 5324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:05:54.0343 5324 Brserid - ok
00:05:54.0375 5324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:05:54.0390 5324 BrSerWdm - ok
00:05:54.0421 5324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:05:54.0437 5324 BrUsbMdm - ok
00:05:54.0468 5324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:05:54.0484 5324 BrUsbSer - ok
00:05:54.0546 5324 BTATH_A2DP (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
00:05:54.0546 5324 BTATH_A2DP - ok
00:05:54.0577 5324 btath_avdt (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
00:05:54.0593 5324 btath_avdt - ok
00:05:54.0640 5324 BTATH_BUS (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\DRIVERS\btath_bus.sys
00:05:54.0640 5324 BTATH_BUS - ok
00:05:54.0671 5324 BTATH_HCRP (a441b800e04cf8443faf519207563abb) C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:05:54.0687 5324 BTATH_HCRP - ok
00:05:54.0718 5324 BTATH_LWFLT (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:05:54.0718 5324 BTATH_LWFLT - ok
00:05:54.0749 5324 BTATH_RCP (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\DRIVERS\btath_rcp.sys
00:05:54.0749 5324 BTATH_RCP - ok
00:05:54.0827 5324 BtFilter (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys
00:05:54.0843 5324 BtFilter - ok
00:05:54.0889 5324 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:05:54.0921 5324 BthEnum - ok
00:05:54.0983 5324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:05:54.0999 5324 BTHMODEM - ok
00:05:55.0045 5324 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:05:55.0061 5324 BthPan - ok
00:05:55.0108 5324 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:05:55.0139 5324 BTHPORT - ok
00:05:55.0186 5324 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:05:55.0201 5324 BTHUSB - ok
00:05:55.0248 5324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:05:55.0279 5324 cdfs - ok
00:05:55.0326 5324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:05:55.0342 5324 cdrom - ok
00:05:55.0389 5324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:05:55.0404 5324 circlass - ok
00:05:55.0451 5324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:05:55.0467 5324 CLFS - ok
00:05:55.0513 5324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:05:55.0529 5324 CmBatt - ok
00:05:55.0545 5324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:05:55.0560 5324 cmdide - ok
00:05:55.0591 5324 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:05:55.0607 5324 CNG - ok
00:05:55.0623 5324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:05:55.0638 5324 Compbatt - ok
00:05:55.0685 5324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:05:55.0701 5324 CompositeBus - ok
00:05:55.0716 5324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:05:55.0716 5324 crcdisk - ok
00:05:55.0763 5324 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
00:05:55.0763 5324 CVirtA - ok
00:05:55.0825 5324 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
00:05:55.0841 5324 CVPNDRVA - ok
00:05:55.0872 5324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:05:55.0903 5324 DfsC - ok
00:05:55.0935 5324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:05:55.0966 5324 discache - ok
00:05:56.0013 5324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:05:56.0013 5324 Disk - ok
00:05:56.0059 5324 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
00:05:56.0059 5324 DNE - ok
00:05:56.0106 5324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:05:56.0122 5324 drmkaud - ok
00:05:56.0153 5324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:05:56.0169 5324 DXGKrnl - ok
00:05:56.0215 5324 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
00:05:56.0247 5324 e1yexpress - ok
00:05:56.0309 5324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:05:56.0387 5324 ebdrv - ok
00:05:56.0434 5324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:05:56.0449 5324 elxstor - ok
00:05:56.0481 5324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:05:56.0496 5324 ErrDev - ok
00:05:56.0543 5324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:05:56.0574 5324 exfat - ok
00:05:56.0621 5324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:05:56.0652 5324 fastfat - ok
00:05:56.0683 5324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:05:56.0699 5324 fdc - ok
00:05:56.0730 5324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:05:56.0730 5324 FileInfo - ok
00:05:56.0761 5324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:05:56.0793 5324 Filetrace - ok
00:05:56.0824 5324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:05:56.0839 5324 flpydisk - ok
00:05:56.0855 5324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:05:56.0871 5324 FltMgr - ok
00:05:56.0902 5324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:05:56.0917 5324 FsDepends - ok
00:05:56.0933 5324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:05:56.0933 5324 Fs_Rec - ok
00:05:56.0964 5324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:05:56.0964 5324 fvevol - ok
00:05:56.0995 5324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:05:56.0995 5324 gagp30kx - ok
00:05:57.0042 5324 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:05:57.0042 5324 hamachi - ok
00:05:57.0089 5324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:05:57.0105 5324 hcw85cir - ok
00:05:57.0151 5324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:05:57.0183 5324 HdAudAddService - ok
00:05:57.0214 5324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:05:57.0229 5324 HDAudBus - ok
00:05:57.0245 5324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:05:57.0276 5324 HidBatt - ok
00:05:57.0307 5324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:05:57.0323 5324 HidBth - ok
00:05:57.0354 5324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:05:57.0370 5324 HidIr - ok
00:05:57.0417 5324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:05:57.0432 5324 HidUsb - ok
00:05:57.0463 5324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:05:57.0479 5324 HpSAMD - ok
00:05:57.0510 5324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:05:57.0557 5324 HTTP - ok
00:05:57.0573 5324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:05:57.0588 5324 hwpolicy - ok
00:05:57.0619 5324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:05:57.0635 5324 i8042prt - ok
00:05:57.0666 5324 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
00:05:57.0682 5324 iaStor - ok
00:05:57.0729 5324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:05:57.0744 5324 iaStorV - ok
00:05:57.0775 5324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:05:57.0775 5324 iirsp - ok
00:05:57.0869 5324 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
00:05:57.0900 5324 IntcAzAudAddService - ok
00:05:57.0931 5324 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:05:57.0963 5324 IntcDAud - ok
00:05:57.0994 5324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:05:57.0994 5324 intelide - ok
00:05:58.0212 5324 intelkmd (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
00:05:58.0446 5324 intelkmd - ok
00:05:58.0477 5324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:05:58.0509 5324 intelppm - ok
00:05:58.0540 5324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:05:58.0571 5324 IpFilterDriver - ok
00:05:58.0587 5324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:05:58.0602 5324 IPMIDRV - ok
00:05:58.0633 5324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:05:58.0665 5324 IPNAT - ok
00:05:58.0696 5324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:05:58.0758 5324 IRENUM - ok
00:05:58.0789 5324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:05:58.0805 5324 isapnp - ok
00:05:58.0821 5324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:05:58.0836 5324 iScsiPrt - ok
00:05:58.0867 5324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:05:58.0883 5324 kbdclass - ok
00:05:58.0899 5324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:05:58.0914 5324 kbdhid - ok
00:05:58.0945 5324 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:05:58.0945 5324 KSecDD - ok
00:05:58.0977 5324 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:05:58.0977 5324 KSecPkg - ok
00:05:59.0008 5324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:05:59.0039 5324 ksthunk - ok
00:05:59.0086 5324 L1C (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:05:59.0086 5324 L1C - ok
00:05:59.0117 5324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:05:59.0164 5324 lltdio - ok
00:05:59.0195 5324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:05:59.0211 5324 LSI_FC - ok
00:05:59.0226 5324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:05:59.0242 5324 LSI_SAS - ok
00:05:59.0257 5324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:05:59.0257 5324 LSI_SAS2 - ok
00:05:59.0289 5324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:05:59.0289 5324 LSI_SCSI - ok
00:05:59.0320 5324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:05:59.0335 5324 luafv - ok
00:05:59.0429 5324 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:05:59.0429 5324 MBAMProtector - ok
00:05:59.0476 5324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:05:59.0476 5324 megasas - ok
00:05:59.0507 5324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:05:59.0523 5324 MegaSR - ok
00:05:59.0569 5324 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:05:59.0569 5324 MEIx64 - ok
00:05:59.0601 5324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:05:59.0632 5324 Modem - ok
00:05:59.0663 5324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:05:59.0679 5324 monitor - ok
00:05:59.0710 5324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:05:59.0725 5324 mouclass - ok
00:05:59.0757 5324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:05:59.0772 5324 mouhid - ok
00:05:59.0803 5324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:05:59.0819 5324 mountmgr - ok
00:05:59.0850 5324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:05:59.0850 5324 mpio - ok
00:05:59.0881 5324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:05:59.0913 5324 mpsdrv - ok
00:05:59.0928 5324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:05:59.0959 5324 MRxDAV - ok
00:05:59.0991 5324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:06:00.0022 5324 mrxsmb - ok
00:06:00.0053 5324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:06:00.0069 5324 mrxsmb10 - ok
00:06:00.0100 5324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:06:00.0100 5324 mrxsmb20 - ok
00:06:00.0131 5324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:06:00.0131 5324 msahci - ok
00:06:00.0162 5324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:06:00.0178 5324 msdsm - ok
00:06:00.0209 5324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:06:00.0240 5324 Msfs - ok
00:06:00.0256 5324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:06:00.0287 5324 mshidkmdf - ok
00:06:00.0318 5324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:06:00.0318 5324 msisadrv - ok
00:06:00.0349 5324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:06:00.0381 5324 MSKSSRV - ok
00:06:00.0412 5324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:06:00.0443 5324 MSPCLOCK - ok
00:06:00.0459 5324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:06:00.0490 5324 MSPQM - ok
00:06:00.0521 5324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:06:00.0521 5324 MsRPC - ok
00:06:00.0552 5324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:06:00.0552 5324 mssmbios - ok
00:06:00.0583 5324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:06:00.0599 5324 MSTEE - ok
00:06:00.0630 5324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:06:00.0646 5324 MTConfig - ok
00:06:00.0661 5324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:06:00.0677 5324 Mup - ok
00:06:00.0724 5324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:06:00.0739 5324 NativeWifiP - ok
00:06:00.0802 5324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:06:00.0833 5324 NDIS - ok
00:06:00.0864 5324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:06:00.0880 5324 NdisCap - ok
00:06:00.0927 5324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:06:00.0958 5324 NdisTapi - ok
00:06:00.0989 5324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:06:01.0020 5324 Ndisuio - ok
00:06:01.0051 5324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:06:01.0083 5324 NdisWan - ok
00:06:01.0114 5324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:06:01.0145 5324 NDProxy - ok
00:06:01.0176 5324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:06:01.0207 5324 NetBIOS - ok
00:06:01.0239 5324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:06:01.0270 5324 NetBT - ok
00:06:01.0317 5324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:06:01.0332 5324 nfrd960 - ok
00:06:01.0363 5324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:06:01.0395 5324 Npfs - ok
00:06:01.0410 5324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:06:01.0457 5324 nsiproxy - ok
00:06:01.0504 5324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:06:01.0551 5324 Ntfs - ok
00:06:01.0566 5324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:06:01.0597 5324 Null - ok
00:06:01.0629 5324 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:06:01.0660 5324 nusb3hub - ok
00:06:01.0691 5324 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:06:01.0722 5324 nusb3xhc - ok
00:06:01.0925 5324 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:06:02.0175 5324 nvlddmkm - ok
00:06:02.0206 5324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:06:02.0221 5324 nvraid - ok
00:06:02.0284 5324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:06:02.0299 5324 nvstor - ok
00:06:02.0331 5324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:06:02.0346 5324 nv_agp - ok
00:06:02.0393 5324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:06:02.0409 5324 ohci1394 - ok
00:06:02.0455 5324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:06:02.0471 5324 Parport - ok
00:06:02.0502 5324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:06:02.0502 5324 partmgr - ok
00:06:02.0533 5324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:06:02.0533 5324 pci - ok
00:06:02.0565 5324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:06:02.0565 5324 pciide - ok
00:06:02.0596 5324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:06:02.0611 5324 pcmcia - ok
00:06:02.0627 5324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:06:02.0643 5324 pcw - ok
00:06:02.0674 5324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:06:02.0721 5324 PEAUTH - ok
00:06:02.0752 5324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:06:02.0799 5324 PptpMiniport - ok
00:06:02.0814 5324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:06:02.0830 5324 Processor - ok
00:06:02.0861 5324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:06:02.0892 5324 Psched - ok
00:06:02.0939 5324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:06:02.0986 5324 ql2300 - ok
00:06:03.0017 5324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:06:03.0017 5324 ql40xx - ok
00:06:03.0048 5324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:06:03.0064 5324 QWAVEdrv - ok
00:06:03.0079 5324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:06:03.0111 5324 RasAcd - ok
00:06:03.0142 5324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:06:03.0173 5324 RasAgileVpn - ok
00:06:03.0189 5324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:06:03.0235 5324 Rasl2tp - ok
00:06:03.0251 5324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:06:03.0298 5324 RasPppoe - ok
00:06:03.0329 5324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:06:03.0360 5324 RasSstp - ok
00:06:03.0391 5324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:06:03.0423 5324 rdbss - ok
00:06:03.0438 5324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:06:03.0454 5324 rdpbus - ok
00:06:03.0469 5324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:06:03.0485 5324 RDPCDD - ok
00:06:03.0516 5324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:06:03.0547 5324 RDPENCDD - ok
00:06:03.0563 5324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:06:03.0594 5324 RDPREFMP - ok
00:06:03.0610 5324 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:06:03.0641 5324 RDPWD - ok
00:06:03.0672 5324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:06:03.0672 5324 rdyboost - ok
00:06:03.0735 5324 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:06:03.0750 5324 RFCOMM - ok
00:06:03.0797 5324 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\DRIVERS\rimssne64.sys
00:06:03.0828 5324 rimspci - ok
00:06:03.0859 5324 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\DRIVERS\risdsnxc64.sys
00:06:03.0875 5324 risdsnpe - ok
00:06:03.0906 5324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:06:03.0937 5324 rspndr - ok
00:06:03.0984 5324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:06:03.0984 5324 sbp2port - ok
00:06:04.0015 5324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:06:04.0047 5324 scfilter - ok
00:06:04.0093 5324 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
00:06:04.0109 5324 sdbus - ok
00:06:04.0140 5324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:06:04.0171 5324 secdrv - ok
00:06:04.0203 5324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:06:04.0218 5324 Serenum - ok
00:06:04.0249 5324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:06:04.0265 5324 Serial - ok
00:06:04.0296 5324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:06:04.0327 5324 sermouse - ok
00:06:04.0359 5324 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
00:06:04.0390 5324 SFEP - ok
00:06:04.0405 5324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:06:04.0421 5324 sffdisk - ok
00:06:04.0437 5324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:06:04.0452 5324 sffp_mmc - ok
00:06:04.0468 5324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:06:04.0483 5324 sffp_sd - ok
00:06:04.0499 5324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:06:04.0515 5324 sfloppy - ok
00:06:04.0561 5324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:06:04.0577 5324 SiSRaid2 - ok
00:06:04.0608 5324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:06:04.0608 5324 SiSRaid4 - ok
00:06:04.0639 5324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:06:04.0671 5324 Smb - ok
00:06:04.0717 5324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:06:04.0717 5324 spldr - ok
00:06:04.0764 5324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:06:04.0795 5324 srv - ok
00:06:04.0827 5324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:06:04.0858 5324 srv2 - ok
00:06:04.0873 5324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:06:04.0905 5324 srvnet - ok
00:06:04.0936 5324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:06:04.0951 5324 stexstor - ok
00:06:04.0983 5324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:06:04.0983 5324 swenum - ok
00:06:05.0045 5324 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
00:06:05.0061 5324 SynTP - ok
00:06:05.0139 5324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:06:05.0185 5324 Tcpip - ok
00:06:05.0232 5324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:06:05.0263 5324 TCPIP6 - ok
00:06:05.0279 5324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:06:05.0310 5324 tcpipreg - ok
00:06:05.0341 5324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:06:05.0373 5324 TDPIPE - ok
00:06:05.0388 5324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:06:05.0404 5324 TDTCP - ok
00:06:05.0435 5324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:06:05.0466 5324 tdx - ok
00:06:05.0497 5324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:06:05.0497 5324 TermDD - ok
00:06:05.0544 5324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:06:05.0591 5324 tssecsrv - ok
00:06:05.0622 5324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:06:05.0638 5324 TsUsbFlt - ok
00:06:05.0653 5324 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:06:05.0669 5324 TsUsbGD - ok
00:06:05.0700 5324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:06:05.0731 5324 tunnel - ok
00:06:05.0763 5324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:06:05.0778 5324 uagp35 - ok
00:06:05.0794 5324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:06:05.0841 5324 udfs - ok
00:06:05.0872 5324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:06:05.0872 5324 uliagpkx - ok
00:06:05.0903 5324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:06:05.0919 5324 umbus - ok
00:06:05.0950 5324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:06:05.0965 5324 UmPass - ok
00:06:05.0997 5324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:06:06.0012 5324 usbccgp - ok
00:06:06.0028 5324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:06:06.0043 5324 usbcir - ok
00:06:06.0075 5324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:06:06.0090 5324 usbehci - ok
00:06:06.0137 5324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:06:06.0153 5324 usbhub - ok
00:06:06.0184 5324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:06:06.0199 5324 usbohci - ok
00:06:06.0231 5324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:06:06.0246 5324 usbprint - ok
00:06:06.0293 5324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:06:06.0309 5324 usbscan - ok
00:06:06.0340 5324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:06:06.0355 5324 USBSTOR - ok
00:06:06.0371 5324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:06:06.0387 5324 usbuhci - ok
00:06:06.0418 5324 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:06:06.0433 5324 usbvideo - ok
00:06:06.0511 5324 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:06:06.0527 5324 VBoxDrv - ok
00:06:06.0558 5324 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:06:06.0574 5324 VBoxNetAdp - ok
00:06:06.0605 5324 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
00:06:06.0605 5324 VBoxNetFlt - ok
00:06:06.0652 5324 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
00:06:06.0652 5324 VBoxUSBMon - ok
00:06:06.0699 5324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:06:06.0714 5324 vdrvroot - ok
00:06:06.0730 5324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:06:06.0745 5324 vga - ok
00:06:06.0777 5324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:06:06.0808 5324 VgaSave - ok
00:06:06.0823 5324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:06:06.0839 5324 vhdmp - ok
00:06:06.0855 5324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:06:06.0870 5324 viaide - ok
00:06:06.0901 5324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:06:06.0917 5324 volmgr - ok
00:06:06.0933 5324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:06:06.0948 5324 volmgrx - ok
00:06:06.0979 5324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:06:06.0979 5324 volsnap - ok
00:06:07.0011 5324 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
00:06:07.0011 5324 vpcbus - ok
00:06:07.0073 5324 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
00:06:07.0104 5324 vpcnfltr - ok
00:06:07.0120 5324 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
00:06:07.0135 5324 vpcusb - ok
00:06:07.0182 5324 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
00:06:07.0198 5324 vpcvmm - ok
00:06:07.0245 5324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:06:07.0245 5324 vsmraid - ok
00:06:07.0291 5324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:06:07.0323 5324 vwifibus - ok
00:06:07.0338 5324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:06:07.0354 5324 vwififlt - ok
00:06:07.0401 5324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:06:07.0416 5324 vwifimp - ok
00:06:07.0447 5324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:06:07.0463 5324 WacomPen - ok
00:06:07.0494 5324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:06:07.0525 5324 WANARP - ok
00:06:07.0541 5324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:06:07.0572 5324 Wanarpv6 - ok
00:06:07.0635 5324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:06:07.0635 5324 Wd - ok
00:06:07.0666 5324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:06:07.0697 5324 Wdf01000 - ok
00:06:07.0728 5324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:06:07.0744 5324 WfpLwf - ok
00:06:07.0791 5324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:06:07.0791 5324 WIMMount - ok
00:06:07.0853 5324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:06:07.0869 5324 WinUsb - ok
00:06:07.0931 5324 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
00:06:07.0931 5324 WmBEnum - ok
00:06:07.0962 5324 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
00:06:07.0962 5324 WmFilter - ok
00:06:08.0009 5324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:06:08.0009 5324 WmiAcpi - ok
00:06:08.0040 5324 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
00:06:08.0040 5324 WmVirHid - ok
00:06:08.0071 5324 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
00:06:08.0071 5324 WmXlCore - ok
00:06:08.0103 5324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:06:08.0134 5324 ws2ifsl - ok
00:06:08.0149 5324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:06:08.0181 5324 WudfPf - ok
00:06:08.0212 5324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:06:08.0243 5324 WUDFRd - ok
00:06:08.0337 5324 X6va005 - ok
00:06:08.0415 5324 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
00:06:08.0430 5324 xusb21 - ok
00:06:08.0477 5324 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:06:08.0727 5324 \Device\Harddisk0\DR0 - ok
00:06:08.0742 5324 Boot (0x1200) (07fa0f7b29dc2ac220428cd4ee4b1de7) \Device\Harddisk0\DR0\Partition0
00:06:08.0742 5324 \Device\Harddisk0\DR0\Partition0 - ok
00:06:08.0773 5324 Boot (0x1200) (f60e8f2668641c4546f5695ea2fc72f5) \Device\Harddisk0\DR0\Partition1
00:06:08.0773 5324 \Device\Harddisk0\DR0\Partition1 - ok
00:06:08.0773 5324 ============================================================
00:06:08.0773 5324 Scan finished
00:06:08.0773 5324 ============================================================
00:06:08.0773 5260 Detected object count: 1
00:06:08.0773 5260 Actual detected object count: 1
00:06:50.0550 5260 acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:50.0550 5260 acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.12.2011, 00:36
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2011, 01:14
| #14 |
| | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Hier ist es. Dazu muss ich aber noch erwähnen, das combofix meinte das irgendetwas von avira noch laufen würde, obwohl ich den echtzeit Scanner geschlossen hatte. Code:
ATTFilter ComboFix 11-12-28.03 - Kenan 29.12.2011 1:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6055.4461 [GMT 1:00]
ausgeführt von:: c:\users\Kenan\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\assembly\tmp\U
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-29 ))))))))))))))))))))))))))))))
.
.
2011-12-29 00:08 . 2011-12-29 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-28 21:23 . 2011-12-28 21:23 -------- d-----w- C:\_OTL
2011-12-27 23:28 . 2011-12-27 23:29 -------- d-----w- c:\users\Kenan\AppData\Local\AA3DeployClient
2011-12-27 23:28 . 2011-12-27 23:28 -------- d-----w- c:\programdata\AA3DeployClient
2011-12-27 23:26 . 2011-12-27 23:29 -------- d-----w- c:\users\Kenan\AppData\Local\Deployment
2011-12-27 23:26 . 2011-12-27 23:26 -------- d-----w- c:\users\Kenan\AppData\Local\Apps
2011-12-27 17:31 . 2011-12-27 17:31 -------- d-----w- c:\program files (x86)\ESET
2011-12-27 17:11 . 2011-12-27 17:11 -------- d-----w- c:\users\Kenan\AppData\Roaming\Malwarebytes
2011-12-27 17:11 . 2011-12-27 17:11 -------- d-----w- c:\programdata\Malwarebytes
2011-12-27 17:11 . 2011-12-28 02:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-27 17:11 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 16:00 . 2011-12-27 16:00 -------- d-----w- c:\program files (x86)\7-Zip
2011-12-26 00:05 . 2011-12-26 00:05 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-23 11:03 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{871BF9DD-9CF3-4426-936A-795079160033}\mpengine.dll
2011-12-22 12:19 . 2009-03-18 16:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2011-12-22 12:19 . 2011-12-22 12:19 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-12-15 19:00 . 2011-11-04 01:53 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-15 19:00 . 2011-11-04 01:48 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-15 19:00 . 2011-11-04 01:44 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 19:00 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-15 19:00 . 2011-11-03 22:42 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-12-15 15:34 . 2011-12-22 14:33 -------- d-----w- c:\users\Kenan\AppData\Roaming\Canon
2011-12-15 14:47 . 2006-09-12 20:00 80896 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP7Q.DLL
2011-12-15 14:47 . 2006-09-12 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD7Q.DLL
2011-12-15 13:43 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 13:43 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 13:43 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 13:43 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 13:43 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 13:43 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-12 14:31 . 2011-12-12 14:31 -------- d-----w- c:\users\Kenan\AppData\Local\Logitech
2011-12-12 14:30 . 2011-12-12 14:30 -------- d-----w- c:\program files\Common Files\Logitech
2011-12-12 14:30 . 2011-12-12 14:30 -------- d-----w- c:\program files\Logitech
2011-12-03 13:35 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-12-03 13:35 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2011-12-03 13:35 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-12-03 13:35 . 2011-12-03 13:35 -------- d-----w- c:\programdata\DDD
2011-12-03 13:35 . 2011-12-03 13:35 -------- d-----w- c:\program files (x86)\TriDef 3D
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 22:41 . 2011-08-04 22:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 19:42 . 2011-10-14 18:26 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-18 21:21 . 2011-06-29 13:39 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-18 21:21 . 2011-06-29 13:39 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-10-11 13:00 . 2011-10-14 18:26 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-14 18:26 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-06-24 75048]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/18 23:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-06-24 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Kenan\AppData\Local\Temp\0059961.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-24 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-14 550080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 98389337
*Deregistered* - 98389337
*Deregistered* - CLKMDRV10_9EC60124
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-04 2188904]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page =
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Kenan\AppData\Local\Temp\0059961.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2480412338-4109954872-1758289751-1001\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-29 01:10:21
ComboFix-quarantined-files.txt 2011-12-29 00:10
.
Vor Suchlauf: 15 Verzeichnis(se), 353.961.250.816 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 355.661.479.936 Bytes frei
.
- - End Of File - - 56D50A04EFCE8287C4DE344B631C5826
|
|
29.12.2011, 01:16
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt |
| .dll, antivir, autostart, desktop, dllhost.exe, entfernen, fehlalarm, fehler, fehlermeldung, firefox, forum, frage, logfiles, modul, namen, neustart, nt.dll, problem, programm, prozesse, sched.exe, seite, server, system, temp, trojaner, trojaner tr/atraps.gen, trojaner tr/atraps.gen2, updates, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
