| |
| |||||||
Log-Analyse und Auswertung: AKM 50€ Trojaner - OTL schon ausgeführt, was dann?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.03.2012, 19:22
| #16 |
 |  AKM 50€ Trojaner - OTL schon ausgeführt, was dann? DivX gelöscht, und neues OTL file: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.03.2012 19:44:01 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Josefa\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,18 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 44,38% Memory free 6,35 Gb Paging File | 4,49 Gb Available in Paging File | 70,66% Paging File free Paging file location(s): c:\pagefile.sys 3253 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 32,82 Gb Free Space | 33,64% Space Free | Partition Type: NTFS Drive E: | 498,51 Gb Total Space | 138,50 Gb Free Space | 27,78% Space Free | Partition Type: NTFS Computer Name: JR_NOTEBOOK | User Name: Josefa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.24 20:29:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Josefa\Downloads\OTL.exe PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Josefa\AppData\Local\Akamai\netsession_win.exe PRC - [2012.03.04 23:48:40 | 000,934,752 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.03.04 23:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Josefa\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.07 09:08:30 | 000,216,064 | ---- | M] (Geek Software GmbH) -- E:\Program Files\PDF24\pdf24.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.20 16:31:00 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.12.20 16:30:31 | 001,493,608 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010.12.20 16:30:30 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.20 16:30:27 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.27 04:59:10 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.06.21 14:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.02.19 00:30:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll MOD - [2012.02.19 00:24:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012.02.19 00:24:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.19 00:24:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.02.19 00:24:23 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.02.19 00:24:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.02.19 00:24:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.19 00:24:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.19 00:24:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- E:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.10.15 16:20:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012.03.04 23:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 22:30:45 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai) SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.02.19 15:08:43 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.02.19 13:36:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.12.20 16:30:30 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.12.20 16:30:27 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.27 04:59:10 | 000,236,136 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.10.27 04:57:22 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.08.17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.08.17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.12.20 16:31:00 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.12.20 16:31:00 | 000,061,824 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.12.20 16:30:55 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.12.20 16:30:54 | 000,193,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.12.20 16:30:53 | 010,367,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.12.20 16:30:53 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2010.12.20 16:30:27 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010.11.20 12:50:37 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.02.22 10:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 11 4C 27 20 D0 CB 01 [binary data] IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\SearchScopes\{719AFD7A-89B2-48DB-9C8D-495A78555DB0}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.659.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Josefa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Josefa\AppData\Local\RewardsArcade\498\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.24 20:46:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.11 21:17:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011.03.22 13:34:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2012.03.11 21:17:39 | 000,000,000 | ---D | M] [2011.03.11 14:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josefa\AppData\Roaming\mozilla\Extensions [2011.03.11 14:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josefa\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2012.03.25 17:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions [2012.01.02 21:12:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.25 17:35:49 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2012.02.26 17:15:11 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\welcome@toolmin.com [2011.03.11 14:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josefa\AppData\Roaming\mozilla\Sunbird\Profiles\ganib2kj.default\extensions [2012.03.15 21:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.28 19:13:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\JOSEFA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T5B1BA2.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.03.24 20:46:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.06 20:32:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.06 20:32:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.06 20:32:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.06 20:32:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.26 17:15:11 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.01.06 20:32:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.06 20:32:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.16 03:46:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Josefa\AppData\Roaming\toolplugin\toolbar.dll () O3 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] E:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000..\Run: [Akamai NetSession Interface] C:\Users\Josefa\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000..\Run: [Facebook Update] C:\Users\Josefa\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000..\Run: [K3aRyluP6SiCkoR] C:\Users\Josefa\AppData\Roaming\flint4ytw.exe File not found O4 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000..\Run: [MediaGet2] C:\Users\Josefa\AppData\Local\MediaGet2\mediaget.exe --minimized File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Josefa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Josefa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Josefa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.158.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{077ED5A6-0BB6-4BCC-A1B2-0AE4632AF9B1}: NameServer = 194.48.124.202 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A0BAC69-0D12-4FCE-B866-3F442DFF6449}: DhcpNameServer = 10.158.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94AC04BF-4F2A-4D16-82A5-DCECFEBA9989}: DhcpNameServer = 193.170.110.64 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000 Winlogon: Shell - (C:\Users\Josefa\AppData\Roaming\flint4ytw.exe) - File not found O20 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000 Winlogon: UserInit - (C:\Users\Josefa\AppData\Roaming\flint4ytw.exe) - File not found O20 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.02.19 14:55:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{0cceed82-11fc-11e1-b70a-485d604687f4}\Shell - "" = AutoRun O33 - MountPoints2\{0cceed82-11fc-11e1-b70a-485d604687f4}\Shell\AutoRun\command - "" = IomegaEncryptionSetup v1.3.exe O33 - MountPoints2\{98cba69b-3c12-11e0-b022-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{98cba69b-3c12-11e0-b022-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Welcome.exe O33 - MountPoints2\{ce1ff176-f671-11e0-8ea2-00262dc41cd4}\Shell - "" = AutoRun O33 - MountPoints2\{ce1ff176-f671-11e0-8ea2-00262dc41cd4}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: HotkeyApp - hkey= - key= - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) MsConfig - StartUpReg: LMgrOSD - hkey= - key= - File not found MsConfig - StartUpReg: LMgrVolOSD - hkey= - key= - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {170BC2CF-4B8F-E633-860B-5BC03CE3CEF7} - Microsoft Windows Media Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45394181-28A0-ADC4-1E17-4CE49025A11C} - Microsoft Windows Media Player 12.0 ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {695CE607-29F4-8EA4-8A51-DCF625C4AC57} - .NET Framework ActiveX: {6BE484BB-1F36-551F-2F1D-C43808D3F1AF} - Internet Explorer ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FB0EB00B-0E98-DD15-F6D5-7E9BBF41C28E} - Java (Sun) ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.23 23:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.23 01:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.03.23 01:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.03.23 01:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.03.18 09:25:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.18 09:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.18 09:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.16 03:46:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.15 20:05:46 | 000,000,000 | ---D | C] -- C:\Users\Josefa\AppData\Roaming\Malwarebytes [2012.03.15 20:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.11 21:17:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.03.11 02:32:25 | 000,000,000 | ---D | C] -- C:\Users\Josefa\Desktop\BSP Buch [2012.03.09 23:08:27 | 000,000,000 | ---D | C] -- C:\Users\Josefa\Desktop\Panorama [2012.03.03 18:18:09 | 000,000,000 | ---D | C] -- C:\Users\Josefa\Documents\ZPS14 [2012.03.03 18:18:08 | 000,000,000 | ---D | C] -- C:\Users\Josefa\AppData\Roaming\Zoner [2012.03.03 18:18:08 | 000,000,000 | ---D | C] -- C:\Users\Josefa\AppData\Local\Zoner [2012.03.03 18:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner [2012.03.03 18:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 14 [2012.03.03 18:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner [2012.02.28 19:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.02.28 19:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.02.26 17:15:07 | 000,000,000 | ---D | C] -- C:\Users\Josefa\AppData\Roaming\toolplugin ========== Files - Modified Within 30 Days ========== [2012.03.25 19:43:00 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.25 19:43:00 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.25 19:32:30 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3033605226-1836221928-3340961897-1000UA.job [2012.03.25 19:32:28 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3033605226-1836221928-3340961897-1000Core.job [2012.03.25 19:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.25 17:32:42 | 000,722,736 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.25 17:32:42 | 000,661,510 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.25 17:32:42 | 000,157,244 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.25 17:32:42 | 000,129,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.24 08:44:23 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2012.03.23 01:37:28 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys [2012.03.22 20:55:45 | 000,485,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.21 22:30:39 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.18 07:24:12 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.03.16 03:46:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.03.15 19:52:12 | 000,000,000 | ---- | M] () -- C:\Windows\ViewNX2.INI [2012.03.15 19:48:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.03.15 19:48:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.03.13 17:10:56 | 313,256,741 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.03.12 13:39:39 | 001,711,984 | ---- | M] () -- C:\Users\Josefa\Desktop\Leno_individuell.pdf [2012.03.12 13:39:08 | 002,513,666 | ---- | M] () -- C:\Users\Josefa\Desktop\brettstapelbau.pdf [2012.03.11 03:27:16 | 000,000,600 | ---- | M] () -- C:\Users\Josefa\AppData\Local\PUTTY.RND [2012.03.11 00:39:27 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.03.10 19:08:38 | 000,042,733 | ---- | M] () -- C:\Users\Josefa\Desktop\post2.jpg [2012.03.10 18:34:18 | 001,647,628 | ---- | M] () -- C:\Users\Josefa\Desktop\DSC_0028x.jpg [2012.03.10 14:26:47 | 000,032,649 | ---- | M] () -- C:\Users\Josefa\Desktop\post.jpg [2012.03.06 23:08:49 | 026,774,240 | ---- | M] () -- C:\Users\Josefa\Desktop\Technische Mappe_Stand 09.2011_druck.pdf [2012.03.03 21:03:34 | 000,002,726 | ---- | M] () -- C:\Users\Josefa\Desktop\P1020527.JPG [2012.03.03 21:03:25 | 000,002,556 | ---- | M] () -- C:\Users\Josefa\Desktop\P1020528.JPG [2012.03.03 18:17:51 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14 FREE.lnk [2012.03.02 09:27:55 | 000,001,023 | ---- | M] () -- C:\Users\Josefa\Desktop\Dropbox.lnk [2012.03.02 09:27:55 | 000,001,003 | ---- | M] () -- C:\Users\Josefa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.28 19:13:03 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.02.26 17:44:37 | 000,001,593 | ---- | M] () -- C:\Users\Josefa\Desktop\DivX Movies.lnk ========== Files Created - No Company Name ========== [2012.03.18 09:25:31 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.15 19:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.03.15 19:48:11 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.03.15 19:48:11 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.03.12 13:39:39 | 001,711,984 | ---- | C] () -- C:\Users\Josefa\Desktop\Leno_individuell.pdf [2012.03.12 13:39:08 | 002,513,666 | ---- | C] () -- C:\Users\Josefa\Desktop\brettstapelbau.pdf [2012.03.11 00:39:27 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.03.10 19:08:36 | 000,042,733 | ---- | C] () -- C:\Users\Josefa\Desktop\post2.jpg [2012.03.10 18:33:57 | 001,647,628 | ---- | C] () -- C:\Users\Josefa\Desktop\DSC_0028x.jpg [2012.03.10 14:26:44 | 000,032,649 | ---- | C] () -- C:\Users\Josefa\Desktop\post.jpg [2012.03.06 23:08:47 | 026,774,240 | ---- | C] () -- C:\Users\Josefa\Desktop\Technische Mappe_Stand 09.2011_druck.pdf [2012.03.03 21:03:33 | 000,002,726 | ---- | C] () -- C:\Users\Josefa\Desktop\P1020527.JPG [2012.03.03 21:03:24 | 000,002,556 | ---- | C] () -- C:\Users\Josefa\Desktop\P1020528.JPG [2012.03.03 18:17:51 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14 FREE.lnk [2012.02.26 17:44:37 | 000,001,593 | ---- | C] () -- C:\Users\Josefa\Desktop\DivX Movies.lnk [2012.02.09 12:54:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Rock [2012.02.09 12:54:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Robot [2012.02.09 12:54:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Reverb [2012.02.09 12:54:12 | 000,000,268 | RH-- | C] () -- C:\Users\Josefa\AppData\Roaming\Repeat Routines [2012.02.09 12:54:12 | 000,000,268 | RH-- | C] () -- C:\Users\Josefa\AppData\Roaming\Receipts [2012.02.09 12:54:12 | 000,000,268 | RH-- | C] () -- C:\Users\Josefa\AppData\Roaming\Radio Sounds [2012.02.09 12:54:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.02.09 12:54:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.02.09 12:54:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.02.09 12:54:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sound Effects [2012.02.09 12:54:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Smooth Strings [2012.02.09 12:54:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Services [2011.08.13 14:31:15 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfwad.bin [2011.05.14 16:25:54 | 000,000,600 | ---- | C] () -- C:\Users\Josefa\AppData\Local\PUTTY.RND [2011.04.23 20:58:29 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.23 20:56:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.30 19:17:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.02.21 14:11:34 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.19 12:24:19 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2011.02.19 12:24:18 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe [2011.02.19 12:20:11 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2011.02.19 12:13:16 | 000,002,204 | R--- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011.02.11 19:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.10.27 05:21:58 | 000,416,865 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2010.10.27 05:21:58 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll [2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.06.08 15:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2010.06.08 15:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2010.04.20 16:31:43 | 000,936,832 | ---- | C] () -- C:\Windows\System32\M2ElevatedCalls.dll ========== LOP Check ========== [2012.03.22 21:05:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\cadwork [2011.09.09 17:40:34 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Abvent [2011.09.09 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Abvent_Artlantis3 [2011.08.31 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Artisteer [2011.04.16 17:18:41 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Autodesk [2011.11.19 16:26:23 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Azureus [2011.10.15 11:07:22 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\cadwork [2012.03.23 01:44:33 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Dropbox [2012.01.02 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\DVDVideoSoft [2012.01.02 21:12:28 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.13 15:35:43 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\EPSON [2012.03.11 15:24:00 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\FileZilla [2011.03.15 22:25:10 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Graphisoft [2011.04.26 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\JSGSoft.com [2012.02.09 12:56:35 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Nikon [2012.02.26 17:15:11 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\toolplugin [2012.03.03 18:18:08 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Zoner [2012.03.25 19:32:28 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3033605226-1836221928-3340961897-1000Core.job [2012.03.25 19:32:30 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3033605226-1836221928-3340961897-1000UA.job [2012.03.16 02:08:29 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.09 17:40:34 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Abvent [2011.09.09 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Abvent_Artlantis3 [2011.03.04 12:34:53 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Adobe [2011.08.31 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Apple Computer [2011.08.31 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Artisteer [2011.04.16 17:18:41 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Autodesk [2011.11.19 16:26:23 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Azureus [2011.10.15 11:07:22 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\cadwork [2011.09.09 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\DivX [2011.02.19 15:27:52 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Download Manager [2012.03.23 01:44:33 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Dropbox [2012.01.02 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\DVDVideoSoft [2012.01.02 21:12:28 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.13 15:35:43 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\EPSON [2012.03.11 15:24:00 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\FileZilla [2011.03.15 22:25:10 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Graphisoft [2011.02.19 12:09:01 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Identities [2011.02.19 12:11:49 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\InstallShield [2011.02.19 12:26:30 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Intel Corporation [2011.04.26 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\JSGSoft.com [2011.02.21 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Macromedia [2012.03.15 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Media Center Programs [2012.02.08 16:18:16 | 000,000,000 | --SD | M] -- C:\Users\Josefa\AppData\Roaming\Microsoft [2011.03.11 14:29:41 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Mozilla [2012.02.09 12:56:35 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Nikon [2012.03.24 20:31:32 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Skype [2011.07.14 12:20:55 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\skypePM [2012.02.26 17:15:11 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\toolplugin [2011.04.17 10:30:16 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\WinRAR [2012.03.03 18:18:08 | 000,000,000 | ---D | M] -- C:\Users\Josefa\AppData\Roaming\Zoner < %APPDATA%\*.exe /s > [2011.11.19 15:00:36 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Josefa\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Josefa\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Josefa\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.06.08 23:23:12 | 000,001,078 | R--- | M] () -- C:\Users\Josefa\AppData\Roaming\Microsoft\Installer\{0B15A52D-55B6-457A-8440-F0CE3B2FCDD1}\_2228C2973498FD04F23451.exe [2011.06.08 23:23:12 | 000,001,078 | R--- | M] () -- C:\Users\Josefa\AppData\Roaming\Microsoft\Installer\{0B15A52D-55B6-457A-8440-F0CE3B2FCDD1}\_6FEFF9B68218417F98F549.exe [2012.02.09 12:55:09 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Josefa\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:19 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\eventcls.dll [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < > < End of report > [/code] |
|
26.03.2012, 12:41
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
PRC - [2012.03.04 23:48:40 | 000,934,752 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.03.04 23:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 11 4C 27 20 D0 CB 01 [binary data]
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\SearchScopes\{719AFD7A-89B2-48DB-9C8D-495A78555DB0}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2012.03.25 17:35:49 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012.02.26 17:15:11 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\welcome@toolmin.com
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Josefa\AppData\Roaming\toolplugin\toolbar.dll ()
O3 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000..\Run: [K3aRyluP6SiCkoR] C:\Users\Josefa\AppData\Roaming\flint4ytw.exe File not found
O4 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000..\Run: [MediaGet2] C:\Users\Josefa\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000 Winlogon: Shell - (C:\Users\Josefa\AppData\Roaming\flint4ytw.exe) - File not found
O20 - HKU\S-1-5-21-3033605226-1836221928-3340961897-1000 Winlogon: UserInit - (C:\Users\Josefa\AppData\Roaming\flint4ytw.exe) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.19 14:55:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{0cceed82-11fc-11e1-b70a-485d604687f4}\Shell - "" = AutoRun
:Files
C:\Program Files\Common Files\Spigot
C:\Program Files\pdfforge Toolbar
C:\Program Files\Application Updater
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
26.03.2012, 16:52
| #18 |
| | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? ergebnis:
__________________Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Programme\Vuze_Remote\prxtbVuze.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuze.dll not found.
HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{719AFD7A-89B2-48DB-9C8D-495A78555DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{719AFD7A-89B2-48DB-9C8D-495A78555DB0}\ not found.
Registry key HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\Josefa\AppData\Roaming\Mozilla\FireFox\Profiles\2t5b1ba2.default\user.js moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\welcome@toolmin.com\chrome\content folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\welcome@toolmin.com\chrome folder moved successfully.
C:\Users\Josefa\AppData\Roaming\mozilla\Firefox\Profiles\2t5b1ba2.default\extensions\welcome@toolmin.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ deleted successfully.
C:\Users\Josefa\AppData\Roaming\toolplugin\toolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Windows\CurrentVersion\Run\\K3aRyluP6SiCkoR deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Josefa\AppData\Roaming\flint4ytw.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3033605226-1836221928-3340961897-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Josefa\AppData\Roaming\flint4ytw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cceed82-11fc-11e1-b70a-485d604687f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cceed82-11fc-11e1-b70a-485d604687f4}\ not found.
========== FILES ==========
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\5.1 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 448569 bytes
->Temporary Internet Files folder emptied: 19801009 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50164846 bytes
->Flash cache emptied: 954 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Josefa
->Temp folder emptied: 1385229 bytes
->Temporary Internet Files folder emptied: 1198898 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76203586 bytes
->Flash cache emptied: 689 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 291572 bytes
RecycleBin emptied: 3478164856 bytes
Total Files Cleaned = 3.460,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03262012_174223
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
26.03.2012, 18:31
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 19:09
| #20 |
| | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? wiedermal brav alles befolgt, oh großer meister^^  Code:
ATTFilter
20:00:37.0161 2892 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:00:37.0405 2892 ============================================================
20:00:37.0406 2892 Current date / time: 2012/03/26 20:00:37.0405
20:00:37.0406 2892 SystemInfo:
20:00:37.0406 2892
20:00:37.0406 2892 OS Version: 6.1.7601 ServicePack: 1.0
20:00:37.0406 2892 Product type: Workstation
20:00:37.0406 2892 ComputerName: JR_NOTEBOOK
20:00:37.0407 2892 UserName: Josefa
20:00:37.0407 2892 Windows directory: C:\Windows
20:00:37.0407 2892 System windows directory: C:\Windows
20:00:37.0407 2892 Processor architecture: Intel x86
20:00:37.0407 2892 Number of processors: 4
20:00:37.0407 2892 Page size: 0x1000
20:00:37.0407 2892 Boot type: Normal boot
20:00:37.0407 2892 ============================================================
20:00:38.0066 2892 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:00:38.0067 2892 \Device\Harddisk0\DR0:
20:00:38.0068 2892 MBR used
20:00:38.0068 2892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:00:38.0068 2892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
20:00:38.0068 2892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x3E506800
20:00:38.0174 2892 Initialize success
20:00:38.0174 2892 ============================================================
20:04:20.0251 4268 ============================================================
20:04:20.0251 4268 Scan started
20:04:20.0251 4268 Mode: Manual; SigCheck; TDLFS;
20:04:20.0251 4268 ============================================================
20:04:20.0704 4268 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:04:20.0844 4268 1394ohci - ok
20:04:20.0860 4268 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:04:20.0906 4268 ACPI - ok
20:04:20.0938 4268 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:04:21.0016 4268 AcpiPmi - ok
20:04:21.0140 4268 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:04:21.0187 4268 AdobeARMservice - ok
20:04:21.0343 4268 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:04:21.0390 4268 adp94xx - ok
20:04:21.0406 4268 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:04:21.0437 4268 adpahci - ok
20:04:21.0452 4268 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:04:21.0484 4268 adpu320 - ok
20:04:21.0530 4268 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:04:21.0640 4268 AeLookupSvc - ok
20:04:21.0671 4268 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:04:21.0796 4268 AFD - ok
20:04:21.0858 4268 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:04:21.0905 4268 agp440 - ok
20:04:21.0952 4268 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:04:21.0998 4268 aic78xx - ok
20:04:22.0201 4268 Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files\common files\akamai/netsession_win_7de0ed9.dll
20:04:22.0201 4268 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4
20:04:22.0201 4268 Akamai ( HiddenFile.Multi.Generic ) - warning
20:04:22.0201 4268 Akamai - detected HiddenFile.Multi.Generic (1)
20:04:22.0326 4268 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:04:22.0420 4268 ALG - ok
20:04:22.0482 4268 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:04:22.0498 4268 aliide - ok
20:04:22.0544 4268 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:04:22.0576 4268 amdagp - ok
20:04:22.0591 4268 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:04:22.0607 4268 amdide - ok
20:04:22.0638 4268 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:04:22.0716 4268 AmdK8 - ok
20:04:22.0747 4268 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:04:22.0810 4268 AmdPPM - ok
20:04:22.0841 4268 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:04:22.0903 4268 amdsata - ok
20:04:22.0934 4268 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:04:22.0997 4268 amdsbs - ok
20:04:23.0028 4268 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:04:23.0044 4268 amdxata - ok
20:04:23.0075 4268 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:04:23.0215 4268 AppID - ok
20:04:23.0324 4268 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:04:23.0387 4268 AppIDSvc - ok
20:04:23.0434 4268 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
20:04:23.0512 4268 Appinfo - ok
20:04:23.0558 4268 Application Updater - ok
20:04:23.0621 4268 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:04:23.0699 4268 AppMgmt - ok
20:04:23.0777 4268 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:04:23.0808 4268 arc - ok
20:04:23.0824 4268 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:04:23.0855 4268 arcsas - ok
20:04:23.0980 4268 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:04:24.0011 4268 aspnet_state - ok
20:04:24.0058 4268 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:24.0182 4268 AsyncMac - ok
20:04:24.0292 4268 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:04:24.0323 4268 atapi - ok
20:04:24.0416 4268 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:04:24.0526 4268 AudioEndpointBuilder - ok
20:04:24.0526 4268 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:04:24.0572 4268 Audiosrv - ok
20:04:24.0635 4268 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
20:04:24.0728 4268 AxInstSV - ok
20:04:24.0822 4268 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:04:24.0900 4268 b06bdrv - ok
20:04:24.0931 4268 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:04:25.0025 4268 b57nd60x - ok
20:04:25.0072 4268 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:04:25.0134 4268 BDESVC - ok
20:04:25.0150 4268 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:04:25.0196 4268 Beep - ok
20:04:25.0290 4268 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
20:04:25.0384 4268 BFE - ok
20:04:25.0446 4268 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
20:04:25.0508 4268 BITS - ok
20:04:25.0555 4268 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:04:25.0602 4268 blbdrive - ok
20:04:25.0649 4268 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:04:25.0727 4268 bowser - ok
20:04:25.0742 4268 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:04:25.0836 4268 BrFiltLo - ok
20:04:25.0852 4268 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:04:25.0914 4268 BrFiltUp - ok
20:04:25.0976 4268 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
20:04:26.0054 4268 Browser - ok
20:04:26.0086 4268 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:04:26.0179 4268 Brserid - ok
20:04:26.0195 4268 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:04:26.0242 4268 BrSerWdm - ok
20:04:26.0288 4268 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:04:26.0304 4268 BrUsbMdm - ok
20:04:26.0320 4268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:04:26.0366 4268 BrUsbSer - ok
20:04:26.0398 4268 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:04:26.0429 4268 BTHMODEM - ok
20:04:26.0476 4268 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:04:26.0554 4268 bthserv - ok
20:04:26.0600 4268 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:04:26.0694 4268 cdfs - ok
20:04:26.0756 4268 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:04:26.0819 4268 cdrom - ok
20:04:26.0881 4268 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:04:26.0959 4268 CertPropSvc - ok
20:04:26.0990 4268 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:04:27.0037 4268 circlass - ok
20:04:27.0068 4268 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:04:27.0131 4268 CLFS - ok
20:04:27.0193 4268 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:27.0240 4268 clr_optimization_v2.0.50727_32 - ok
20:04:27.0302 4268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:04:27.0334 4268 clr_optimization_v4.0.30319_32 - ok
20:04:27.0412 4268 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:04:27.0490 4268 CmBatt - ok
20:04:27.0521 4268 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:04:27.0568 4268 cmdide - ok
20:04:27.0614 4268 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
20:04:27.0661 4268 CNG - ok
20:04:27.0708 4268 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:04:27.0724 4268 Compbatt - ok
20:04:27.0802 4268 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:04:27.0880 4268 CompositeBus - ok
20:04:27.0895 4268 COMSysApp - ok
20:04:27.0911 4268 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:04:27.0942 4268 crcdisk - ok
20:04:27.0989 4268 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
20:04:28.0098 4268 CryptSvc - ok
20:04:28.0145 4268 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:04:28.0238 4268 CSC - ok
20:04:28.0254 4268 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
20:04:28.0301 4268 CscService - ok
20:04:28.0332 4268 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:04:28.0410 4268 DcomLaunch - ok
20:04:28.0441 4268 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:04:28.0504 4268 defragsvc - ok
20:04:28.0566 4268 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:04:28.0660 4268 DfsC - ok
20:04:28.0738 4268 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
20:04:28.0831 4268 Dhcp - ok
20:04:28.0862 4268 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:04:28.0925 4268 discache - ok
20:04:28.0972 4268 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:04:29.0018 4268 Disk - ok
20:04:29.0128 4268 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
20:04:29.0206 4268 Dnscache - ok
20:04:29.0252 4268 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
20:04:29.0315 4268 dot3svc - ok
20:04:29.0346 4268 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
20:04:29.0424 4268 DPS - ok
20:04:29.0486 4268 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:04:29.0533 4268 drmkaud - ok
20:04:29.0564 4268 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:04:29.0611 4268 DXGKrnl - ok
20:04:29.0642 4268 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:04:29.0705 4268 EapHost - ok
20:04:29.0814 4268 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:04:29.0939 4268 ebdrv - ok
20:04:30.0001 4268 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
20:04:30.0079 4268 EFS - ok
20:04:30.0142 4268 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
20:04:30.0235 4268 ehRecvr - ok
20:04:30.0266 4268 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:04:30.0360 4268 ehSched - ok
20:04:30.0454 4268 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:04:30.0500 4268 elxstor - ok
20:04:30.0532 4268 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:04:30.0563 4268 ErrDev - ok
20:04:30.0610 4268 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:04:30.0672 4268 EventSystem - ok
20:04:30.0719 4268 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:04:30.0781 4268 exfat - ok
20:04:30.0812 4268 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:04:30.0859 4268 fastfat - ok
20:04:30.0906 4268 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
20:04:31.0000 4268 Fax - ok
20:04:31.0046 4268 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:04:31.0093 4268 fdc - ok
20:04:31.0124 4268 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:04:31.0202 4268 fdPHost - ok
20:04:31.0218 4268 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:04:31.0265 4268 FDResPub - ok
20:04:31.0280 4268 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:04:31.0312 4268 FileInfo - ok
20:04:31.0327 4268 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:04:31.0390 4268 Filetrace - ok
20:04:31.0483 4268 FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:04:31.0608 4268 FLEXnet Licensing Service - ok
20:04:31.0733 4268 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:04:31.0780 4268 flpydisk - ok
20:04:31.0811 4268 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:04:31.0842 4268 FltMgr - ok
20:04:31.0904 4268 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
20:04:31.0982 4268 FontCache - ok
20:04:32.0076 4268 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:04:32.0123 4268 FontCache3.0.0.0 - ok
20:04:32.0170 4268 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:04:32.0201 4268 FsDepends - ok
20:04:32.0232 4268 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:04:32.0248 4268 Fs_Rec - ok
20:04:32.0279 4268 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:04:32.0326 4268 fvevol - ok
20:04:32.0357 4268 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:04:32.0419 4268 gagp30kx - ok
20:04:32.0466 4268 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
20:04:32.0544 4268 gpsvc - ok
20:04:32.0560 4268 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:04:32.0731 4268 hcw85cir - ok
20:04:32.0794 4268 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:04:32.0840 4268 HdAudAddService - ok
20:04:32.0872 4268 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:04:32.0934 4268 HDAudBus - ok
20:04:32.0981 4268 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
20:04:33.0043 4268 HECI - ok
20:04:33.0059 4268 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:04:33.0106 4268 HidBatt - ok
20:04:33.0137 4268 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:04:33.0168 4268 HidBth - ok
20:04:33.0184 4268 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:04:33.0230 4268 HidIr - ok
20:04:33.0246 4268 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:04:33.0308 4268 hidserv - ok
20:04:33.0371 4268 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
20:04:33.0418 4268 HidUsb - ok
20:04:33.0449 4268 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
20:04:33.0496 4268 hkmsvc - ok
20:04:33.0527 4268 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
20:04:33.0589 4268 HomeGroupListener - ok
20:04:33.0636 4268 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
20:04:33.0698 4268 HomeGroupProvider - ok
20:04:33.0761 4268 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:04:33.0792 4268 HpSAMD - ok
20:04:33.0854 4268 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:04:33.0948 4268 HTTP - ok
20:04:34.0010 4268 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:04:34.0042 4268 hwpolicy - ok
20:04:34.0120 4268 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:04:34.0182 4268 i8042prt - ok
20:04:34.0213 4268 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
20:04:34.0276 4268 iaStor - ok
20:04:34.0354 4268 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:04:34.0369 4268 IAStorDataMgrSvc - ok
20:04:34.0400 4268 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:04:34.0463 4268 iaStorV - ok
20:04:34.0541 4268 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:04:34.0588 4268 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:04:34.0588 4268 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:04:34.0697 4268 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:04:34.0790 4268 idsvc - ok
20:04:35.0056 4268 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:04:35.0336 4268 igfx - ok
20:04:35.0446 4268 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:04:35.0477 4268 iirsp - ok
20:04:35.0524 4268 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
20:04:35.0617 4268 IKEEXT - ok
20:04:35.0726 4268 IntcAzAudAddService (eef55e4de66fd16f636c26a8883c27f7) C:\Windows\system32\drivers\RTKVHDA.sys
20:04:35.0820 4268 IntcAzAudAddService - ok
20:04:35.0914 4268 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:04:35.0945 4268 intelide - ok
20:04:35.0992 4268 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:04:36.0054 4268 intelppm - ok
20:04:36.0085 4268 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:04:36.0148 4268 IPBusEnum - ok
20:04:36.0179 4268 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:04:36.0241 4268 IpFilterDriver - ok
20:04:36.0288 4268 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
20:04:36.0366 4268 iphlpsvc - ok
20:04:36.0397 4268 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:04:36.0460 4268 IPMIDRV - ok
20:04:36.0491 4268 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:04:36.0522 4268 IPNAT - ok
20:04:36.0569 4268 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:04:36.0616 4268 IRENUM - ok
20:04:36.0647 4268 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:04:36.0694 4268 isapnp - ok
20:04:36.0725 4268 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:04:36.0787 4268 iScsiPrt - ok
20:04:36.0803 4268 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:04:36.0834 4268 kbdclass - ok
20:04:36.0881 4268 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:04:36.0912 4268 kbdhid - ok
20:04:36.0959 4268 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:04:37.0006 4268 KeyIso - ok
20:04:37.0021 4268 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
20:04:37.0052 4268 KSecDD - ok
20:04:37.0068 4268 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
20:04:37.0115 4268 KSecPkg - ok
20:04:37.0146 4268 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:04:37.0208 4268 KtmRm - ok
20:04:37.0271 4268 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
20:04:37.0318 4268 L1C - ok
20:04:37.0364 4268 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
20:04:37.0427 4268 LanmanServer - ok
20:04:37.0474 4268 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
20:04:37.0552 4268 LanmanWorkstation - ok
20:04:37.0614 4268 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:04:37.0692 4268 lltdio - ok
20:04:37.0723 4268 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:04:37.0801 4268 lltdsvc - ok
20:04:37.0817 4268 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:04:37.0864 4268 lmhosts - ok
20:04:37.0942 4268 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:04:38.0051 4268 LMS - ok
20:04:38.0113 4268 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:04:38.0176 4268 LSI_FC - ok
20:04:38.0191 4268 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:04:38.0222 4268 LSI_SAS - ok
20:04:38.0254 4268 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:04:38.0269 4268 LSI_SAS2 - ok
20:04:38.0300 4268 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:04:38.0332 4268 LSI_SCSI - ok
20:04:38.0363 4268 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:04:38.0441 4268 luafv - ok
20:04:38.0488 4268 massfilter (0b058116d3d4ecca7ded38f16e0581b2) C:\Windows\system32\drivers\massfilter.sys
20:04:38.0550 4268 massfilter - ok
20:04:38.0581 4268 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:04:38.0612 4268 MBAMProtector - ok
20:04:38.0675 4268 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:04:38.0768 4268 MBAMService - ok
20:04:38.0800 4268 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
20:04:38.0831 4268 Mcx2Svc - ok
20:04:38.0893 4268 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:04:38.0909 4268 megasas - ok
20:04:38.0956 4268 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:04:38.0987 4268 MegaSR - ok
20:04:39.0065 4268 Microsoft SharePoint Workspace Audit Service - ok
20:04:39.0096 4268 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:04:39.0158 4268 MMCSS - ok
20:04:39.0174 4268 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:04:39.0221 4268 Modem - ok
20:04:39.0252 4268 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:04:39.0299 4268 monitor - ok
20:04:39.0346 4268 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:04:39.0377 4268 mouclass - ok
20:04:39.0408 4268 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:04:39.0455 4268 mouhid - ok
20:04:39.0486 4268 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:04:39.0548 4268 mountmgr - ok
20:04:39.0611 4268 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
20:04:39.0689 4268 MpFilter - ok
20:04:39.0720 4268 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:04:39.0767 4268 mpio - ok
20:04:39.0892 4268 MpKslc3445e54 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3E55C7C-D4D4-4414-98FB-B246A0AF9BAC}\MpKslc3445e54.sys
20:04:39.0923 4268 MpKslc3445e54 - ok
20:04:39.0938 4268 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:04:39.0970 4268 MpNWMon - ok
20:04:40.0001 4268 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:04:40.0048 4268 mpsdrv - ok
20:04:40.0110 4268 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
20:04:40.0204 4268 MpsSvc - ok
20:04:40.0235 4268 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:04:40.0282 4268 MRxDAV - ok
20:04:40.0328 4268 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:04:40.0375 4268 mrxsmb - ok
20:04:40.0422 4268 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:04:40.0500 4268 mrxsmb10 - ok
20:04:40.0531 4268 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:04:40.0594 4268 mrxsmb20 - ok
20:04:40.0625 4268 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:04:40.0640 4268 msahci - ok
20:04:40.0687 4268 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:04:40.0703 4268 msdsm - ok
20:04:40.0734 4268 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:04:40.0781 4268 MSDTC - ok
20:04:40.0828 4268 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:04:40.0859 4268 Msfs - ok
20:04:40.0874 4268 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:04:40.0921 4268 mshidkmdf - ok
20:04:40.0952 4268 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:04:40.0968 4268 msisadrv - ok
20:04:41.0015 4268 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:04:41.0062 4268 MSiSCSI - ok
20:04:41.0077 4268 msiserver - ok
20:04:41.0124 4268 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:04:41.0186 4268 MSKSSRV - ok
20:04:41.0296 4268 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:04:41.0327 4268 MsMpSvc - ok
20:04:41.0342 4268 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:04:41.0405 4268 MSPCLOCK - ok
20:04:41.0420 4268 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:04:41.0452 4268 MSPQM - ok
20:04:41.0483 4268 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:04:41.0530 4268 MsRPC - ok
20:04:41.0561 4268 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:04:41.0608 4268 mssmbios - ok
20:04:41.0623 4268 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:04:41.0654 4268 MSTEE - ok
20:04:41.0670 4268 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:04:41.0732 4268 MTConfig - ok
20:04:41.0764 4268 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:04:41.0795 4268 Mup - ok
20:04:41.0826 4268 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
20:04:41.0873 4268 napagent - ok
20:04:41.0920 4268 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:04:41.0951 4268 NativeWifiP - ok
20:04:42.0013 4268 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:04:42.0060 4268 NDIS - ok
20:04:42.0091 4268 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:04:42.0154 4268 NdisCap - ok
20:04:42.0185 4268 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:04:42.0232 4268 NdisTapi - ok
20:04:42.0278 4268 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:04:42.0341 4268 Ndisuio - ok
20:04:42.0372 4268 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:04:42.0434 4268 NdisWan - ok
20:04:42.0481 4268 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:04:42.0544 4268 NDProxy - ok
20:04:42.0575 4268 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:04:42.0622 4268 NetBIOS - ok
20:04:42.0653 4268 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:04:42.0731 4268 NetBT - ok
20:04:42.0778 4268 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:04:42.0824 4268 Netlogon - ok
20:04:42.0871 4268 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:04:42.0949 4268 Netman - ok
20:04:43.0043 4268 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:04:43.0074 4268 NetMsmqActivator - ok
20:04:43.0074 4268 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:04:43.0090 4268 NetPipeActivator - ok
20:04:43.0105 4268 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:04:43.0168 4268 netprofm - ok
20:04:43.0183 4268 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:04:43.0214 4268 NetTcpActivator - ok
20:04:43.0214 4268 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:04:43.0230 4268 NetTcpPortSharing - ok
20:04:43.0308 4268 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:04:43.0355 4268 nfrd960 - ok
20:04:43.0386 4268 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:04:43.0402 4268 NisDrv - ok
20:04:43.0511 4268 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:04:43.0573 4268 NisSrv - ok
20:04:43.0604 4268 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
20:04:43.0667 4268 NlaSvc - ok
20:04:43.0745 4268 nmwcd (b0a67de1a128389aea4d42c5a56215fd) C:\Windows\system32\drivers\ccdcmb.sys
20:04:43.0823 4268 nmwcd - ok
20:04:43.0948 4268 nmwcdc (025c54f9f8c8bc1894ea38529c742c54) C:\Windows\system32\drivers\ccdcmbo.sys
20:04:44.0010 4268 nmwcdc - ok
20:04:44.0041 4268 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:04:44.0104 4268 Npfs - ok
20:04:44.0135 4268 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:04:44.0213 4268 nsi - ok
20:04:44.0228 4268 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:04:44.0291 4268 nsiproxy - ok
20:04:44.0384 4268 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:04:44.0540 4268 Ntfs - ok
20:04:44.0634 4268 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:04:44.0696 4268 Null - ok
20:04:44.0743 4268 nusb3hub (ff6d3248e791e7a897bd8ea2fbacbcff) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:04:44.0806 4268 nusb3hub - ok
20:04:44.0837 4268 nusb3xhc (b5eb7e275f2967026c6031897624bc51) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:04:44.0868 4268 nusb3xhc - ok
20:04:45.0071 4268 nvlddmkm (ac8c39fe0f9551087ed0d40239a9db52) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:04:45.0398 4268 nvlddmkm - ok
20:04:45.0492 4268 nvpciflt (6b050791d479c338ec464213cdffaf4a) C:\Windows\system32\DRIVERS\nvpciflt.sys
20:04:45.0539 4268 nvpciflt - ok
20:04:45.0586 4268 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:04:45.0632 4268 nvraid - ok
20:04:45.0648 4268 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:04:45.0695 4268 nvstor - ok
20:04:45.0742 4268 nvsvc (cb45c7ed5220546107f154572db6202d) C:\Windows\system32\nvvsvc.exe
20:04:45.0804 4268 nvsvc - ok
20:04:45.0898 4268 nvUpdatusService (c9f1aa3cea686f8f966c0b4dadf67994) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:04:46.0022 4268 nvUpdatusService - ok
20:04:46.0147 4268 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:04:46.0178 4268 nv_agp - ok
20:04:46.0225 4268 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:04:46.0288 4268 ohci1394 - ok
20:04:46.0366 4268 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:04:46.0428 4268 ose - ok
20:04:46.0553 4268 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:04:46.0834 4268 osppsvc - ok
20:04:46.0927 4268 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:04:47.0005 4268 p2pimsvc - ok
20:04:47.0052 4268 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:04:47.0083 4268 p2psvc - ok
20:04:47.0146 4268 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:04:47.0177 4268 Parport - ok
20:04:47.0224 4268 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:04:47.0255 4268 partmgr - ok
20:04:47.0286 4268 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:04:47.0302 4268 Parvdm - ok
20:04:47.0333 4268 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:04:47.0395 4268 PcaSvc - ok
20:04:47.0442 4268 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:04:47.0473 4268 pci - ok
20:04:47.0504 4268 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:04:47.0551 4268 pciide - ok
20:04:47.0582 4268 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:04:47.0614 4268 pcmcia - ok
20:04:47.0629 4268 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:04:47.0645 4268 pcw - ok
20:04:47.0676 4268 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:04:47.0738 4268 PEAUTH - ok
20:04:47.0801 4268 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:04:47.0910 4268 PeerDistSvc - ok
20:04:48.0019 4268 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
20:04:48.0128 4268 pla - ok
20:04:48.0222 4268 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
20:04:48.0316 4268 PlugPlay - ok
20:04:48.0347 4268 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:04:48.0394 4268 PNRPAutoReg - ok
20:04:48.0425 4268 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:04:48.0456 4268 PNRPsvc - ok
20:04:48.0534 4268 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
20:04:48.0628 4268 PolicyAgent - ok
20:04:48.0659 4268 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
20:04:48.0752 4268 Power - ok
20:04:48.0815 4268 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:04:48.0893 4268 PptpMiniport - ok
20:04:48.0924 4268 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:04:48.0955 4268 Processor - ok
20:04:48.0986 4268 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
20:04:49.0049 4268 ProfSvc - ok
20:04:49.0064 4268 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:04:49.0096 4268 ProtectedStorage - ok
20:04:49.0127 4268 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:04:49.0174 4268 Psched - ok
20:04:49.0236 4268 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:04:49.0298 4268 ql2300 - ok
20:04:49.0314 4268 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:04:49.0361 4268 ql40xx - ok
20:04:49.0376 4268 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:04:49.0439 4268 QWAVE - ok
20:04:49.0454 4268 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:04:49.0501 4268 QWAVEdrv - ok
20:04:49.0517 4268 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:04:49.0564 4268 RasAcd - ok
20:04:49.0610 4268 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:04:49.0688 4268 RasAgileVpn - ok
20:04:49.0720 4268 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:04:49.0798 4268 RasAuto - ok
20:04:49.0829 4268 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:04:49.0922 4268 Rasl2tp - ok
20:04:49.0954 4268 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
20:04:50.0016 4268 RasMan - ok
20:04:50.0032 4268 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:04:50.0078 4268 RasPppoe - ok
20:04:50.0125 4268 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:04:50.0188 4268 RasSstp - ok
20:04:50.0234 4268 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:04:50.0297 4268 rdbss - ok
20:04:50.0312 4268 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:04:50.0344 4268 rdpbus - ok
20:04:50.0375 4268 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:04:50.0453 4268 RDPCDD - ok
20:04:50.0484 4268 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:04:50.0531 4268 RDPDR - ok
20:04:50.0562 4268 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:04:50.0593 4268 RDPENCDD - ok
20:04:50.0624 4268 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:04:50.0656 4268 RDPREFMP - ok
20:04:50.0702 4268 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
20:04:50.0765 4268 RdpVideoMiniport - ok
20:04:50.0796 4268 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
20:04:50.0936 4268 RDPWD - ok
20:04:50.0983 4268 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:04:51.0046 4268 rdyboost - ok
20:04:51.0092 4268 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:04:51.0155 4268 RemoteAccess - ok
20:04:51.0186 4268 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:04:51.0248 4268 RemoteRegistry - ok
20:04:51.0248 4268 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:04:51.0295 4268 RpcEptMapper - ok
20:04:51.0311 4268 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:04:51.0358 4268 RpcLocator - ok
20:04:51.0389 4268 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:04:51.0451 4268 RpcSs - ok
20:04:51.0514 4268 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:04:51.0607 4268 rspndr - ok
20:04:51.0654 4268 RSUSBSTOR (0340a381b920a6e68178b832889f33f8) C:\Windows\system32\Drivers\RtsUStor.sys
20:04:51.0701 4268 RSUSBSTOR - ok
20:04:51.0748 4268 rtl8192se (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys
20:04:51.0810 4268 rtl8192se - ok
20:04:51.0826 4268 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:04:51.0872 4268 s3cap - ok
20:04:51.0904 4268 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:04:51.0919 4268 SamSs - ok
20:04:51.0966 4268 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:04:51.0997 4268 sbp2port - ok
20:04:52.0028 4268 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:04:52.0091 4268 SCardSvr - ok
20:04:52.0122 4268 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:04:52.0200 4268 scfilter - ok
20:04:52.0231 4268 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
20:04:52.0340 4268 Schedule - ok
20:04:52.0372 4268 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:04:52.0418 4268 SCPolicySvc - ok
20:04:52.0434 4268 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
20:04:52.0496 4268 SDRSVC - ok
20:04:52.0559 4268 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:04:52.0621 4268 secdrv - ok
20:04:52.0652 4268 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:04:52.0715 4268 seclogon - ok
20:04:52.0730 4268 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:04:52.0793 4268 SENS - ok
20:04:52.0824 4268 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:04:52.0886 4268 SensrSvc - ok
20:04:52.0949 4268 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:04:52.0996 4268 Serenum - ok
20:04:53.0011 4268 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:04:53.0074 4268 Serial - ok
20:04:53.0105 4268 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:04:53.0152 4268 sermouse - ok
20:04:53.0198 4268 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
20:04:53.0261 4268 SessionEnv - ok
20:04:53.0292 4268 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:04:53.0308 4268 sffdisk - ok
20:04:53.0339 4268 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:04:53.0401 4268 sffp_mmc - ok
20:04:53.0417 4268 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:04:53.0448 4268 sffp_sd - ok
20:04:53.0479 4268 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:04:53.0510 4268 sfloppy - ok
20:04:53.0557 4268 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:04:53.0698 4268 SharedAccess - ok
20:04:53.0744 4268 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
20:04:53.0791 4268 ShellHWDetection - ok
20:04:53.0869 4268 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:04:53.0900 4268 sisagp - ok
20:04:53.0947 4268 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:04:53.0963 4268 SiSRaid2 - ok
20:04:53.0994 4268 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:04:54.0025 4268 SiSRaid4 - ok
20:04:54.0072 4268 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
20:04:54.0197 4268 SkypeUpdate - ok
20:04:54.0244 4268 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:04:54.0322 4268 Smb - ok
20:04:54.0368 4268 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:04:54.0431 4268 SNMPTRAP - ok
20:04:54.0462 4268 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:04:54.0478 4268 spldr - ok
20:04:54.0524 4268 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
20:04:54.0602 4268 Spooler - ok
20:04:54.0712 4268 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
20:04:54.0868 4268 sppsvc - ok
20:04:54.0946 4268 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
20:04:55.0024 4268 sppuinotify - ok
20:04:55.0086 4268 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:04:55.0133 4268 srv - ok
20:04:55.0164 4268 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:04:55.0211 4268 srv2 - ok
20:04:55.0226 4268 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:04:55.0258 4268 srvnet - ok
20:04:55.0289 4268 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:04:55.0336 4268 SSDPSRV - ok
20:04:55.0351 4268 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:04:55.0429 4268 SstpSvc - ok
20:04:55.0507 4268 Stereo Service (47a0a473ad1822e9e6c76e519bd0a023) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:04:55.0616 4268 Stereo Service - ok
20:04:55.0663 4268 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:04:55.0710 4268 stexstor - ok
20:04:55.0757 4268 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
20:04:55.0788 4268 StiSvc - ok
20:04:55.0835 4268 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:04:55.0850 4268 storflt - ok
20:04:55.0882 4268 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:04:55.0897 4268 storvsc - ok
20:04:55.0928 4268 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:04:55.0944 4268 swenum - ok
20:04:55.0975 4268 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:04:56.0038 4268 swprv - ok
20:04:56.0069 4268 Synth3dVsc - ok
20:04:56.0116 4268 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
20:04:56.0147 4268 SynTP - ok
20:04:56.0194 4268 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
20:04:56.0272 4268 SysMain - ok
20:04:56.0303 4268 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
20:04:56.0365 4268 TabletInputService - ok
20:04:56.0412 4268 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
20:04:56.0474 4268 TapiSrv - ok
20:04:56.0506 4268 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:04:56.0584 4268 TBS - ok
20:04:56.0677 4268 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:04:56.0740 4268 Tcpip - ok
20:04:56.0864 4268 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:04:56.0927 4268 TCPIP6 - ok
20:04:56.0974 4268 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:04:57.0036 4268 tcpipreg - ok
20:04:57.0067 4268 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:04:57.0145 4268 TDPIPE - ok
20:04:57.0192 4268 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
20:04:57.0223 4268 TDTCP - ok
20:04:57.0270 4268 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:04:57.0317 4268 tdx - ok
20:04:57.0348 4268 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:04:57.0379 4268 TermDD - ok
20:04:57.0426 4268 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
20:04:57.0488 4268 TermService - ok
20:04:57.0504 4268 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:04:57.0551 4268 Themes - ok
20:04:57.0582 4268 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:04:57.0629 4268 THREADORDER - ok
20:04:57.0644 4268 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:04:57.0691 4268 TrkWks - ok
20:04:57.0738 4268 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
20:04:57.0816 4268 TrustedInstaller - ok
20:04:57.0878 4268 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:04:57.0925 4268 tssecsrv - ok
20:04:57.0972 4268 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:04:58.0050 4268 TsUsbFlt - ok
20:04:58.0050 4268 tsusbhub - ok
20:04:58.0097 4268 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:04:58.0144 4268 tunnel - ok
20:04:58.0190 4268 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:04:58.0237 4268 uagp35 - ok
20:04:58.0284 4268 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:04:58.0331 4268 udfs - ok
20:04:58.0378 4268 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:04:58.0424 4268 UI0Detect - ok
20:04:58.0471 4268 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:04:58.0502 4268 uliagpkx - ok
20:04:58.0534 4268 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:04:58.0580 4268 umbus - ok
20:04:58.0612 4268 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:04:58.0643 4268 UmPass - ok
20:04:58.0674 4268 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
20:04:58.0736 4268 UmRdpService - ok
20:04:58.0877 4268 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:04:59.0064 4268 UNS - ok
20:04:59.0142 4268 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:04:59.0220 4268 upnphost - ok
20:04:59.0267 4268 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:04:59.0329 4268 usbccgp - ok
20:04:59.0360 4268 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:04:59.0407 4268 usbcir - ok
20:04:59.0438 4268 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
20:04:59.0516 4268 usbehci - ok
20:04:59.0532 4268 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:04:59.0579 4268 usbhub - ok
20:04:59.0610 4268 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
20:04:59.0672 4268 usbohci - ok
20:04:59.0704 4268 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:04:59.0750 4268 usbprint - ok
20:04:59.0797 4268 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:04:59.0844 4268 usbscan - ok
20:04:59.0906 4268 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
20:04:59.0969 4268 usbser - ok
20:04:59.0984 4268 UsbserFilt (4f8fbc51a1c0a17310846b417a447f91) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
20:05:00.0016 4268 UsbserFilt - ok
20:05:00.0047 4268 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:05:00.0109 4268 USBSTOR - ok
20:05:00.0140 4268 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
20:05:00.0172 4268 usbuhci - ok
20:05:00.0234 4268 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
20:05:00.0281 4268 usbvideo - ok
20:05:00.0312 4268 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:05:00.0374 4268 UxSms - ok
20:05:00.0390 4268 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:05:00.0421 4268 VaultSvc - ok
20:05:00.0452 4268 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:05:00.0468 4268 vdrvroot - ok
20:05:00.0515 4268 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
20:05:00.0577 4268 vds - ok
20:05:00.0593 4268 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:05:00.0624 4268 vga - ok
20:05:00.0655 4268 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:05:00.0718 4268 VgaSave - ok
20:05:00.0718 4268 VGPU - ok
20:05:00.0749 4268 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:05:00.0780 4268 vhdmp - ok
20:05:00.0811 4268 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:05:00.0842 4268 viaagp - ok
20:05:00.0858 4268 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:05:00.0889 4268 ViaC7 - ok
20:05:00.0936 4268 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:05:00.0967 4268 viaide - ok
20:05:00.0998 4268 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:05:01.0030 4268 vmbus - ok
20:05:01.0045 4268 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:05:01.0076 4268 VMBusHID - ok
20:05:01.0108 4268 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:05:01.0139 4268 volmgr - ok
20:05:01.0186 4268 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:05:01.0217 4268 volmgrx - ok
20:05:01.0232 4268 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:05:01.0264 4268 volsnap - ok
20:05:01.0310 4268 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
20:05:01.0342 4268 vpcbus - ok
20:05:01.0388 4268 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:05:01.0466 4268 vpcnfltr - ok
20:05:01.0498 4268 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
20:05:01.0560 4268 vpcusb - ok
20:05:01.0607 4268 vpcuxd (c35c2c888aff276e95ad3db3b7a8d003) C:\Windows\system32\DRIVERS\vpcuxd.sys
20:05:01.0638 4268 vpcuxd - ok
20:05:01.0716 4268 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
20:05:01.0778 4268 vpcvmm - ok
20:05:01.0810 4268 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:05:01.0856 4268 vsmraid - ok
20:05:01.0903 4268 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
20:05:01.0997 4268 VSS - ok
20:05:02.0090 4268 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:05:02.0137 4268 vwifibus - ok
20:05:02.0153 4268 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:05:02.0200 4268 vwififlt - ok
20:05:02.0231 4268 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:05:02.0262 4268 vwifimp - ok
20:05:02.0309 4268 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:05:02.0387 4268 W32Time - ok
20:05:02.0402 4268 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:05:02.0434 4268 WacomPen - ok
20:05:02.0496 4268 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:05:02.0558 4268 WANARP - ok
20:05:02.0574 4268 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:05:02.0621 4268 Wanarpv6 - ok
20:05:02.0699 4268 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
20:05:03.0011 4268 WatAdminSvc - ok
20:05:03.0104 4268 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
20:05:03.0214 4268 wbengine - ok
20:05:03.0292 4268 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:05:03.0338 4268 WbioSrvc - ok
20:05:03.0385 4268 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
20:05:03.0463 4268 wcncsvc - ok
20:05:03.0494 4268 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:05:03.0541 4268 WcsPlugInService - ok
20:05:03.0604 4268 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:05:03.0635 4268 Wd - ok
20:05:03.0650 4268 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:05:03.0682 4268 Wdf01000 - ok
20:05:03.0697 4268 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:05:03.0806 4268 WdiServiceHost - ok
20:05:03.0806 4268 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:05:03.0838 4268 WdiSystemHost - ok
20:05:03.0884 4268 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
20:05:03.0931 4268 WebClient - ok
20:05:03.0978 4268 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:05:04.0025 4268 Wecsvc - ok
20:05:04.0040 4268 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:05:04.0103 4268 wercplsupport - ok
20:05:04.0118 4268 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:05:04.0181 4268 WerSvc - ok
20:05:04.0243 4268 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:05:04.0321 4268 WfpLwf - ok
20:05:04.0337 4268 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:05:04.0368 4268 WIMMount - ok
20:05:04.0446 4268 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:05:04.0508 4268 WinDefend - ok
20:05:04.0508 4268 WinHttpAutoProxySvc - ok
20:05:04.0555 4268 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:05:04.0618 4268 Winmgmt - ok
20:05:04.0696 4268 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
20:05:04.0789 4268 WinRM - ok
20:05:04.0914 4268 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:05:04.0961 4268 WinUsb - ok
20:05:05.0039 4268 WisLMSvc (4c69a8e2e159c1c59bc4b688e9dd7f8c) C:\Program Files\Launch Manager\WisLMSvc.exe
20:05:05.0086 4268 WisLMSvc - ok
20:05:05.0148 4268 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:05:05.0210 4268 Wlansvc - ok
20:05:05.0288 4268 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:05:05.0335 4268 WmiAcpi - ok
20:05:05.0382 4268 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:05:05.0444 4268 wmiApSrv - ok
20:05:05.0538 4268 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:05:05.0632 4268 WMPNetworkSvc - ok
20:05:05.0710 4268 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:05:05.0772 4268 WPCSvc - ok
20:05:05.0803 4268 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
20:05:05.0866 4268 WPDBusEnum - ok
20:05:05.0928 4268 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:05:05.0990 4268 ws2ifsl - ok
20:05:06.0022 4268 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
20:05:06.0084 4268 wscsvc - ok
20:05:06.0131 4268 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:05:06.0193 4268 WSDPrintDevice - ok
20:05:06.0193 4268 WSearch - ok
20:05:06.0271 4268 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
20:05:06.0365 4268 wuauserv - ok
20:05:06.0458 4268 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:05:06.0521 4268 WudfPf - ok
20:05:06.0568 4268 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:05:06.0630 4268 WUDFRd - ok
20:05:06.0661 4268 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
20:05:06.0708 4268 wudfsvc - ok
20:05:06.0739 4268 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:05:06.0786 4268 WwanSvc - ok
20:05:06.0817 4268 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\system32\Drivers\x10hid.sys
20:05:06.0833 4268 X10Hid - ok
20:05:06.0880 4268 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
20:05:06.0911 4268 x10nets ( UnsignedFile.Multi.Generic ) - warning
20:05:06.0911 4268 x10nets - detected UnsignedFile.Multi.Generic (1)
20:05:06.0958 4268 ZTEusbmdm6k (46686fe8915bd8b2feb3a876e367010c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:05:07.0020 4268 ZTEusbmdm6k - ok
20:05:07.0036 4268 ZTEusbnmea (46686fe8915bd8b2feb3a876e367010c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:05:07.0067 4268 ZTEusbnmea - ok
20:05:07.0082 4268 ZTEusbser6k (46686fe8915bd8b2feb3a876e367010c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:05:07.0114 4268 ZTEusbser6k - ok
20:05:07.0145 4268 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:05:07.0270 4268 \Device\Harddisk0\DR0 - ok
20:05:07.0270 4268 Boot (0x1200) (e3cf23f62799f2f5b996aaa22ced8712) \Device\Harddisk0\DR0\Partition0
20:05:07.0270 4268 \Device\Harddisk0\DR0\Partition0 - ok
20:05:07.0301 4268 Boot (0x1200) (2ac1f28c6cb498c26c1932a76dde7db9) \Device\Harddisk0\DR0\Partition1
20:05:07.0301 4268 \Device\Harddisk0\DR0\Partition1 - ok
20:05:07.0316 4268 Boot (0x1200) (86878ed15004ac11e4c21bde858abba2) \Device\Harddisk0\DR0\Partition2
20:05:07.0316 4268 \Device\Harddisk0\DR0\Partition2 - ok
20:05:07.0316 4268 ============================================================
20:05:07.0316 4268 Scan finished
20:05:07.0316 4268 ============================================================
20:05:07.0332 4336 Detected object count: 3
20:05:07.0332 4336 Actual detected object count: 3
20:05:57.0408 4336 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:05:57.0408 4336 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:05:57.0408 4336 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:05:57.0408 4336 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:05:57.0408 4336 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
20:05:57.0408 4336 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.03.2012, 20:49
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> AKM 50€ Trojaner - OTL schon ausgeführt, was dann? |
|
29.03.2012, 20:12
| #22 |
| | AKM 50€ Trojaner - OTL schon ausgeführt, was dann?Code:
ATTFilter Combofix Logfile: |
|
29.03.2012, 20:41
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 00:21
| #24 |
| | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? gmer: Code:
ATTFilter GMER Logfile: Code:
ATTFilter OSAM Logfile: |
|
30.03.2012, 10:44
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? Wo ist das Log von aswMBR?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 11:52
| #26 |
| | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? habs 2 mal probiert und is immer wieder abgestürzt... werde es heute naqchmittag nochmal versuchen... |
|
30.03.2012, 15:04
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 19:38
| #28 |
| | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? habe das jetzt über den administatoraccount gemacht Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 20:12:41
-----------------------------
20:12:41.766 OS Version: Windows 6.1.7601 Service Pack 1
20:12:41.766 Number of processors: 4 586 0x2505
20:12:41.766 ComputerName: JR_NOTEBOOK UserName:
20:12:42.296 Initialize success
20:26:36.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:26:36.847 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
20:26:37.221 Disk 0 MBR read successfully
20:26:37.221 Disk 0 MBR scan
20:26:37.221 Disk 0 Windows 7 default MBR code
20:26:37.237 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:26:37.253 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
20:26:37.268 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 510477 MB offset 204802048
20:26:37.299 Disk 0 scanning sectors +1250258944
20:26:37.377 Disk 0 scanning C:\Windows\system32\drivers
20:26:45.957 Service scanning
20:26:52.104 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:27:00.653 Modules scanning
20:27:09.155 Disk 0 trace - called modules:
20:27:09.669 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:27:09.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87fa4030]
20:27:09.685 3 CLASSPNP.SYS[8c19359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x863fc028]
20:27:09.701 Scan finished successfully
20:27:53.084 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
20:27:53.147 The log file has been saved successfully to "C:\aswMBR.txt"
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 20:39:23
-----------------------------
20:39:23.468 OS Version: Windows 6.1.7601 Service Pack 1
20:39:23.468 Number of processors: 4 586 0x2505
20:39:23.468 ComputerName: JR_NOTEBOOK UserName: Josefa
20:39:23.873 Initialize success
20:39:27.336 AVAST engine defs: 12032901
20:39:32.048 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:39:32.048 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
20:39:32.110 Disk 0 MBR read successfully
20:39:32.110 Disk 0 MBR scan
20:39:32.110 Disk 0 Windows 7 default MBR code
20:39:32.141 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:39:32.157 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
20:39:32.172 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 510477 MB offset 204802048
20:39:32.204 Disk 0 scanning sectors +1250258944
20:39:32.344 Disk 0 scanning C:\Windows\system32\drivers
20:39:56.805 Service scanning
20:40:07.460 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:40:20.907 Modules scanning
20:40:36.148 Disk 0 trace - called modules:
20:40:36.179 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:40:36.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87fa4030]
20:40:36.195 3 CLASSPNP.SYS[8c19359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x863fc028]
20:40:36.195 Scan finished successfully
20:40:47.177 Disk 0 MBR has been saved successfully to "C:\Users\Josefa\Desktop\MBR.dat"
20:40:47.177 The log file has been saved successfully to "C:\Users\Josefa\Desktop\aswMBR.txt"
|
|
30.03.2012, 20:20
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2012, 08:33
| #30 |
| | AKM 50€ Trojaner - OTL schon ausgeführt, was dann? teil 1: scan mit malwarebytes... teil 2 folgt noch... Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.31.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Josefa :: JR_NOTEBOOK [Administrator] Schutz: Aktiviert 31.03.2012 08:21:01 mbam-log-2012-03-31 (08-21-01).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 423170 Laufzeit: 1 Stunde(n), 5 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu AKM 50€ Trojaner - OTL schon ausgeführt, was dann? |
| abgesicherter modus mit eingabeaufforderung, akm-virus, bildschirm, blauer, blauer bildschirm, booten, computer, crash, datei, dateien, daten, eingabeaufforderung, einloggen, gelöscht, laptop, malwarebytes, modus, notfall, programmierung, scan, seite, sekunden, starte, starten, startet, trojaner, versucht |
Linear-Darstellung
