| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere FragenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.04.2012, 22:11
| #1 |
 |  Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hallo, im Vorraus schon mal sorry wenn ich hier irgend etwas falsch mache oder zu viel poste, ist mein allererster Post hier und ich gebe mein Bestes die 7 goldenen Regeln zu befolgen. nach rund 4 Jahren aktiver Internetnutzung hatte ich nun zum ersten mal auch das Pech mir ein wirklich ernstes Problem einzufangen, eine Clone Variante des BKA Trojaners auf einem Windows 7 Home Premium 64bit System. In meinem Fall wurde aber einfach nur der Bildschirm schwarz und in dicker fetter roter Schrift stand dort "Aus Sicherheitsgründen wurde ihr Windows System blockiert" sowie die Schaltfläche "Upgraden und Bezahlen" Ich habe den PC dann aus- und wieder eingeschaltet woraufhin diese Meldung verschwand, beschloss aber vorerst Offline zu bleiben und habe in der MSconfig im Systemstart gesehen dass sich dort 2 Programme aktiviert hatten die ich dort noch nie zuvor gesehen habe und welche sich auch nicht mehr deaktivieren ließen, bzw. der Haken ließ sich entfernen, aber nach schließen und wieder öffnen des MSconfig Fensters war der Haken wieder da, die beiden Verdächtigen waren SkypePM.exe und ein Verzeichnis das eine lange Buchstaben- & Zahlenfolge in eckigen Klammern war. AntiVir Vollscan fand dann auf einen Schlag 17 Viren und hat diese in Quarantäne gestellt. Habe mir dann über ein anderes, nicht infiziertes System (genauer gesagt meine PS3) noch Malwarebytes Anti Malware runtergeladen und selbiges im Vollscan durchlaufen lassen. Dieses Fand dann auch einen Trojaner und einen geänderten Registry Wert(Logfile poste ich im Anschluss an diesen text) und hat ihn in Quarantäne gestellt / Registry repariert, das führte schon mal dazu dass die SkypePM.exe aus dem Autostart in der MSconfig verschwunden war, das andere Ding war aber noch drin und ließ sich nach wie vor nicht ausschalten. Nachdem ich dann heute wieder Online war habe ich mit msconfig, Taskmanager Aktive Prozesse / Dienste / Leistungen usw. und "cmd" -> netstat-befehl alles so gut überwacht wie ich als Laie kann, stutzig gemacht hat mich das netstat permanent einen langen sich wiederholenden kryptischen Code ausgegeben hat obwohl ich nichts anderes als Google und Skype offen hatte. Ich habe dann gerade die Malware Bytes Datenbank aktualisiert und nochmal einen Quickscan gemacht, dabei wurde nun auch die gefälschte SkypePM.exe nun erkannt und entfernt, Neustart des Rechners auch ausgeführt wie von Malwarebytes Anti-Malware angegeben. Seitdem ist es in der Netstat auch wieder "ruhig" und zeigt mir nur die normalen Kommunikationen an. Auch sind die Dateien und Verzeichnisse in denen die gefälschte SkypePM.exe und der Kiuvva-Virus zu finden waren nun leer und werden bei Malware Bytes Anti Malware als erfolgreich entfernt und oder in Quarantäne angezeigt. So, hier poste ich nun die beiden Logfiles dazu, habe danach aber noch eine letzte Frage. Also, die beiden Logfiles mit Funden: Logfile 1: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Chris :: CHRIS-PC [Administrator] 23.04.2012 15:15:33 mbam-log-2012-04-23 (15-15-33).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1047626 Laufzeit: 4 Stunde(n), 43 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Chris\AppData\Roaming\Aca\kiuvva.exe (Trojan.ZbotR.Gen) -> 2180 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{DC736266-0F31-4B18-0FB1-ECD9C8BABBF9} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Chris\AppData\Roaming\Aca\kiuvva.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Chris\AppData\Roaming\Aca\kiuvva.exe (Trojan.ZbotR.Gen) -> Löschen bei Neustart. (Ende) Logfile 2 Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Chris :: CHRIS-PC [Administrator] 25.04.2012 22:02:37 mbam-log-2012-04-25 (22-02-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 250783 Laufzeit: 2 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Chris\AppData\Local\Skype\SkypePM.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hoffe habe das richtig gemacht soweit mit dem Posten der Logfiles, falls nicht sorry und gelobe Besserung. Hier noch meine letzte Frage: Mir ist aufgefallen dass ich im Task Manager unter Prozesse 2 mal iexplore.exe*32 aktiv habe und habe dazu auch Google bemüht, jedoch habe ich dort nur entweder veraltete Threads oder Threads gefunden in denen nur Leute dieses Problem hatten die den Internet-Explorer gar nicht nutzen. Ich habe allerdings seit ich den PC neu habe schon immer 2 Explorer darauf gehabt, einen für 32, den anderen für 64 Bit und nutze mal den Einen, mal den Anderen, kann es also sein dass es in meinem Fall legitim ist dass ich den Prozess dort 2 mal habe? Wenn ich im Kontextmenü "Dateipfad öffnen" wähle führt es mich auch beide male zum selben Speicherort, nämlich Acer (C  > Programme(x86) > Internet Explorer. Einer der beiden Prozesse benutzt um die 64.000k Arbeitsspeicher, der andere um die 10.000k. Ist dies legitim in der wie oben beschrieben Situation oder hab ich da noch ein anderes Problem?Die CPU Auslastung liegt jedenfalls unter 2 % und beide Prozesse starten auch nur dann wenn ich den Internet Explorer öffne und beenden sich wieder wenn ich ihn schließe. Wenn ich den einen beende schließt sich der Explorer auch komplett, beim Schließen des Anderen stellt sich die gerade geöffnete Registerkarte wieder her. So last but not least hoffe ich dann dass mir irgendjemand freundlicherweise helfen kann in einem, wenn nicht gar allen Punkten und ob ich mein System besser neu aufsetzen sollte oder jetzt soweit alles wieder ok ist. Vielen Dank schon mal an jeden der sich die Zeit genommen hat sich durch die Wand an Text zu lesen und hoffe dass, wenn ich Fehler gemacht haben sollte diese mir bei meinem allerersten Post hier nachgesehen werden. Dann warte ich mal auf Antworten und Hilfe. Danke =) |
|
26.04.2012, 16:10
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hast du "nur" zwei Scans mit Malwarebytes gemacht?
__________________Wenn ja, dann wiederhol den Vollscan, denn du hast den ersten Vollscan mit alten Signaturen gemacht Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
26.04.2012, 23:23
| #3 |
| | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hallo,
__________________seltsamerweise finde ich in den Avira Log Berichten nur noch einen Bericht der einen einzigen Virusfund aufweist, in der Quarantäne jedoch sind mehrere Dateien, allerdings "nur" Heuristiken. Nebenbei fiel mir auf dass die Berichte-Sektion von Avira scheinbar einen "Schluckauf" hat und sich permanent aktualisierte, was das Auswählen etwas schwierig machte. Ich poste hier mal den Log und hoffe das bringt was: Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 23. April 2012 20:35
Es wird nach 3671617 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CHRIS-PC
Versionsinformationen:
BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 08.07.2011 11:55:14
AVSCAN.DLL : 10.0.5.0 57192 Bytes 08.07.2011 11:55:14
LUKE.DLL : 10.3.0.5 45416 Bytes 08.07.2011 11:55:14
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 08.07.2011 11:55:14
AVREG.DLL : 10.3.0.9 88833 Bytes 29.07.2011 10:13:28
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 20:29:29
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:59:19
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 17:58:04
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 09:47:44
VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 09:47:44
VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 09:47:44
VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 09:47:44
VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 09:47:44
VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 09:47:44
VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 09:47:44
VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 09:47:44
VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 09:47:45
VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 09:47:45
VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 09:47:45
VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 09:47:46
VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 09:47:46
VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 09:53:28
VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 09:53:28
VBASE019.VDF : 7.11.27.159 148992 Bytes 13.04.2012 09:53:29
VBASE020.VDF : 7.11.27.201 207360 Bytes 17.04.2012 21:52:54
VBASE021.VDF : 7.11.28.3 237568 Bytes 19.04.2012 21:52:54
VBASE022.VDF : 7.11.28.49 193536 Bytes 20.04.2012 21:52:55
VBASE023.VDF : 7.11.28.50 2048 Bytes 20.04.2012 21:52:55
VBASE024.VDF : 7.11.28.51 2048 Bytes 20.04.2012 21:52:55
VBASE025.VDF : 7.11.28.52 2048 Bytes 20.04.2012 21:52:55
VBASE026.VDF : 7.11.28.53 2048 Bytes 20.04.2012 21:52:55
VBASE027.VDF : 7.11.28.54 2048 Bytes 20.04.2012 21:52:55
VBASE028.VDF : 7.11.28.55 2048 Bytes 20.04.2012 21:52:55
VBASE029.VDF : 7.11.28.56 2048 Bytes 20.04.2012 21:52:55
VBASE030.VDF : 7.11.28.57 2048 Bytes 20.04.2012 21:52:55
VBASE031.VDF : 7.11.28.76 50176 Bytes 22.04.2012 21:52:55
Engineversion : 8.2.10.52
AEVDF.DLL : 8.1.2.2 106868 Bytes 17.11.2011 14:12:17
AESCRIPT.DLL : 8.1.4.17 446842 Bytes 22.04.2012 21:53:00
AESCN.DLL : 8.1.8.2 131444 Bytes 31.01.2012 17:54:13
AESBX.DLL : 8.2.5.5 606579 Bytes 18.03.2012 13:54:24
AERDL.DLL : 8.1.9.15 639348 Bytes 20.09.2011 16:06:26
AEPACK.DLL : 8.2.16.9 807287 Bytes 08.04.2012 09:47:53
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 08.04.2012 09:47:52
AEHEUR.DLL : 8.1.4.19 4673910 Bytes 22.04.2012 21:53:00
AEHELP.DLL : 8.1.19.1 254327 Bytes 08.04.2012 09:47:48
AEGEN.DLL : 8.1.5.27 422261 Bytes 22.04.2012 21:52:56
AEEXP.DLL : 8.1.0.29 82293 Bytes 15.04.2012 09:53:49
AEEMU.DLL : 8.1.3.0 393589 Bytes 13.12.2010 07:39:10
AECORE.DLL : 8.1.25.6 201078 Bytes 18.03.2012 13:54:16
AEBB.DLL : 8.1.1.0 53618 Bytes 13.12.2010 07:39:10
AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:20
AVPREF.DLL : 10.0.3.2 44904 Bytes 08.07.2011 11:55:14
AVREP.DLL : 10.0.0.10 174120 Bytes 02.06.2011 17:38:55
AVARKT.DLL : 10.0.26.1 255336 Bytes 08.07.2011 11:55:13
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 08.07.2011 11:55:13
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:20
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 08.07.2011 11:55:13
RCTEXT.DLL : 10.0.64.0 98664 Bytes 08.07.2011 11:55:13
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fc4a6b5\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Montag, 23. April 2012 20:35
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WTGService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBS3S4Detection.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'kiuvva.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FABS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkLicenseServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'aavus.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'M:\Important Downloads\MsgPlusLive-470.exe'
M:\Important Downloads\MsgPlusLive-470.exe
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a7e0a11.qua' verschoben!
Ende des Suchlaufs: Montag, 23. April 2012 20:35
Benötigte Zeit: 00:03 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
67 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
66 Dateien ohne Befall
5 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.26.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Chris :: CHRIS-PC [Administrator] 26.04.2012 18:22:06 mbam-log-2012-04-26 (18-22-06).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 874478 Laufzeit: 3 Stunde(n), 13 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Vielen Dank schon mal für die Hilfen heute. |
|
27.04.2012, 13:40
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2012, 22:17
| #5 |
| | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hallo, hier das angeforderte Logfile von ESET Online Scan: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-27 09:14:37
# local_time=2012-04-27 11:14:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 3509 72074311 61269 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 2877 87167340 0 0
# compatibility_mode=8192 67108863 100 0 150 150 0 0
# scanned=812454
# found=3
# cleaned=0
# scan_time=23786
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1620d7bf-3e581d53 Java/Exploit.Agent.NBC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\FixCamera.exe a variant of Win32/KillProc.B application (unable to clean) 00000000000000000000000000000000 I
|
|
28.04.2012, 14:06
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere FragenZitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen |
|
28.04.2012, 14:21
| #7 |
| | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hallo, Danke für den Tip mit Softonic, werde ich mich dann in Zukunft dran halten. Zu den Fragen: 1.) Geht der normale Modus uneingeschränkt? Ja, soweit geht alles normal, Internet, Programme usw. Nichts macht Probleme. Auch hab ich dank des Netstat -b Befehls gesehen dass die ungewöhnlich hohe Anzahl an hergestellten Verbindungen im Netstat -a von Skype ausgeht, nachdem ich mich darüber ausgiebig informiert habe scheint das wohl normal zu sein da sich Skype eines Peer2Peer Netzwerks bedient und diese Verbindungen auch wirklich nur dann auftauchen wenn Skype läuft. Nur dass ich nach wie vor 2 x iexplore.exe*32 im Taskmanager unter Prozesse habe, aber auch nur dann wenn ich den Internet Explorer aufhabe kommt mir nach wie vor komisch vor, obwohl ich letztens eine Quelle gefunden habe die aussagte, dass das unter Internet Explorer 8 wohl normal sein könnte. Aber eine ist mir da noch ein bisschen wenig. 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? Der einzigste leere Ordner ist der Autostart Ordner, aber das sollte ja auch so sein. Bei Eigenschaften zeigt er allerdings eine Datei an. Ansonsten ist dort alles normal. |
|
30.04.2012, 08:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Das mit dem IE ist normal Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2012, 19:52
| #9 |
| | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hallo, hier das OTL Log. OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.04.2012 20:15:15 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Chris\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 73,75% Memory free 7,86 Gb Paging File | 6,59 Gb Available in Paging File | 83,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,45 Gb Total Space | 59,23 Gb Free Space | 13,06% Space Free | Partition Type: NTFS Drive D: | 453,96 Gb Total Space | 171,71 Gb Free Space | 37,83% Space Free | Partition Type: NTFS Drive M: | 232,88 Gb Total Space | 6,45 Gb Free Space | 2,77% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.30 20:11:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe PRC - [2012.04.04 14:09:20 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.08 13:55:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.02 19:38:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.06.02 19:09:36 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.11.18 13:09:24 | 000,330,696 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe PRC - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.04.04 14:09:20 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.03.22 20:17:14 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.07.08 13:55:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.02 19:38:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.08 01:25:00 | 004,159,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.11.18 13:09:24 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2010.05.24 23:11:07 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Site License.3.0) SRV - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.13 19:43:55 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.11.13 19:43:55 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.23 19:09:42 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.08.23 19:09:42 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.07.08 13:55:14 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.08 13:55:14 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.12.18 17:20:20 | 003,552,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.05 16:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2008.02.23 03:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2012.02.03 00:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2011.11.13 19:43:55 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011.11.13 19:43:55 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173601110406pe4g5v135w46i1v435 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173601110406pe4g5v135w46i1v435 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173601110406pe4g5v135w46i1v435 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173601110406pe4g5v135w46i1v435 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173601110406pe4g5v135w46i1v435 IE - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE413 IE - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.search.yahoo.com/web?fr=yfp-t-708" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.23 05:21:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 08:57:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.29 08:58:17 | 000,000,000 | ---D | M] [2011.03.12 17:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions [2011.01.04 00:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2011.03.12 17:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\o5ptckwn.default\extensions [2011.04.17 01:30:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.04.17 01:30:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012.04.23 05:21:49 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.04.17 01:30:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.09 00:52:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.09 00:52:15 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.07.09 00:52:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.09 00:52:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.09 00:52:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-959428496-2458057116-3099617895-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-959428496-2458057116-3099617895-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-959428496-2458057116-3099617895-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-959428496-2458057116-3099617895-1007..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{113524B5-2A40-49CE-B4F5-CCE4B841B236}: NameServer = 62.220.18.8 89.246.64.8 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.27 06:42:55 | 000,015,360 | ---- | M] () - D:\AutoScreenRecorder_01.avi -- [ NTFS ] O32 - AutoRun File - [2012.03.09 03:24:40 | 062,944,256 | ---- | M] () - D:\AutoScreenRecorder_02.avi -- [ NTFS ] O32 - AutoRun File - [2012.03.09 03:37:32 | 117,049,344 | ---- | M] () - D:\AutoScreenRecorder_03.avi -- [ NTFS ] O32 - AutoRun File - [2012.03.09 03:55:13 | 150,961,152 | ---- | M] () - D:\AutoScreenRecorder_04.avi -- [ NTFS ] O32 - AutoRun File - [2012.04.05 01:27:51 | 160,654,336 | ---- | M] () - D:\AutoScreenRecorder_05.avi -- [ NTFS ] O33 - MountPoints2\{1c488ac8-0d59-11e1-a6e5-8a6d7fa82ba7}\Shell - "" = AutoRun O33 - MountPoints2\{1c488ac8-0d59-11e1-a6e5-8a6d7fa82ba7}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{1c488ad4-0d59-11e1-a6e5-8a6d7fa82ba7}\Shell - "" = AutoRun O33 - MountPoints2\{1c488ad4-0d59-11e1-a6e5-8a6d7fa82ba7}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{27af586d-0e1e-11e1-8d99-dca8986bc2a7}\Shell - "" = AutoRun O33 - MountPoints2\{27af586d-0e1e-11e1-8d99-dca8986bc2a7}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{7b9689e6-0de0-11e1-b83c-ae3bda7e64a6}\Shell - "" = AutoRun O33 - MountPoints2\{7b9689e6-0de0-11e1-b83c-ae3bda7e64a6}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{7b9689f7-0de0-11e1-b83c-ae3bda7e64a6}\Shell - "" = AutoRun O33 - MountPoints2\{7b9689f7-0de0-11e1-b83c-ae3bda7e64a6}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Hotkey Utility - hkey= - key= - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SkypePM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: snp2uvc - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: Wisdom-soft AutoScreenRecorder 3.1 Free - hkey= - key= - File not found MsConfig:64bit - StartUpReg: {DC736266-0F31-4B18-0FB1-ECD9C8BABBF9} - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: VIDC.ZMBV - C:\Windows\SysWow64\zmbv.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.30 20:11:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2012.04.30 02:06:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Assassins Creed Maps [2012.04.27 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.04.23 15:14:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes [2012.04.23 15:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.23 15:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.23 15:14:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.04.23 15:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.04.23 15:14:12 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\malwarebytes_antimalware_1.61.exe [2012.04.23 15:12:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Infektion Report [2012.04.23 04:59:36 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.04.22 23:46:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Unab [2012.04.16 00:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2012.04.16 00:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7 [2012.04.14 14:17:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Operation Rainfall EU COMPLETE! [2012.04.06 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Assassin's Creed Revelations [2012.04.05 05:25:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Minecraft Worlds [2012.04.04 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PunkBuster [2012.04.04 14:04:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Battlefield 3 [2012.04.04 00:30:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\bizarre creations [2012.04.03 21:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.04.03 21:14:48 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.04.03 21:14:48 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.04.03 20:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.04.03 18:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2010.05.24 22:40:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.30 20:18:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.30 20:11:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2012.04.30 18:42:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.30 18:42:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.30 18:35:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.30 18:34:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.30 18:34:49 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys [2012.04.26 01:49:19 | 000,007,618 | ---- | M] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg [2012.04.23 15:15:10 | 001,762,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.23 15:15:10 | 000,749,460 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.23 15:15:10 | 000,704,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.23 15:15:10 | 000,169,190 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.23 15:15:10 | 000,141,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.23 15:14:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.23 04:02:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\malwarebytes_antimalware_1.61.exe [2012.04.16 20:17:22 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\LEGO Digital Designer.lnk [2012.04.12 01:18:24 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.04.12 01:18:24 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.12 01:18:08 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.04.04 14:09:20 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.03 20:41:10 | 000,000,221 | ---- | M] () -- C:\Users\Chris\Desktop\Blur.url [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.23 15:14:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.03 20:57:19 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.04.03 20:41:10 | 000,000,221 | ---- | C] () -- C:\Users\Chris\Desktop\Blur.url [2012.03.08 19:09:14 | 000,000,376 | ---- | C] () -- C:\Windows\wininit.ini [2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.11.18 22:53:07 | 000,000,032 | ---- | C] () -- C:\Windows\Autostart.INI [2011.11.11 15:09:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.11.11 15:07:54 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.11.10 00:33:02 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.10 00:33:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.06 22:50:59 | 000,000,745 | ---- | C] () -- C:\Windows\eReg.dat [2011.11.06 01:37:06 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI [2011.10.21 18:43:07 | 000,007,618 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.08.14 23:18:46 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2011.08.14 22:38:39 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.08.14 22:38:38 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.08.14 22:38:38 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.08.14 22:21:59 | 000,041,021 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.06.21 09:20:34 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{5D925F52-F8B3-4AF0-BD12-A37C728477A3} [2011.03.12 17:51:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.19 23:09:51 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll [2011.02.19 23:09:51 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll [2011.02.19 23:09:22 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2011.01.11 05:48:10 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.01.10 12:07:14 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.01.10 12:07:14 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.01.10 12:07:14 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.01.10 12:07:14 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.01.10 12:07:14 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.01.10 12:07:14 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.01.10 12:07:14 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.01.10 12:07:14 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.01.10 12:07:14 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.01.10 12:07:14 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.01.10 12:07:14 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.01.10 12:07:14 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.01.10 12:07:14 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.01.10 12:07:14 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.01.10 12:07:14 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.01.10 12:07:14 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.01.10 12:07:14 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.01.10 12:07:14 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.01.10 12:07:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.01.08 00:30:14 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.01.05 19:23:04 | 001,739,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.04 16:45:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.04 12:42:23 | 000,000,021 | ---- | C] () -- C:\Windows\CS_setup.ini [2010.05.27 21:34:51 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.05.24 22:20:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.07.18 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.bsnes [2012.04.03 23:40:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft [2011.03.12 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bioshock [2011.11.19 00:19:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bioshock2 [2012.04.04 00:30:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\bizarre creations [2011.02.17 17:49:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft [2011.01.04 00:20:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.17 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Epson [2011.01.04 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeScreenToVideo [2011.11.30 22:54:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0 [2012.04.29 01:45:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ [2012.04.22 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IMVU [2012.02.03 19:32:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IMVUClient [2011.12.13 01:01:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LEGO Company [2011.01.04 09:15:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MAGIX [2011.01.03 21:49:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OEM [2012.02.15 00:55:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin [2011.11.10 00:32:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PunkBuster [2011.08.09 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\runic games [2012.04.16 05:22:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client [2011.06.02 19:32:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony [2011.01.05 19:23:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP [2012.04.10 16:26:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft [2012.04.22 23:49:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unab [2011.12.16 23:55:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Verbindungsassistent [2011.01.04 00:53:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vivox [2011.02.17 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\XMedia Recode [2012.02.14 17:52:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.07.18 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.bsnes [2012.04.03 23:40:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft [2011.01.10 11:55:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Adobe [2011.01.04 12:44:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ArcSoft [2011.02.08 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Avira [2011.03.12 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bioshock [2011.11.19 00:19:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bioshock2 [2012.04.04 00:30:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\bizarre creations [2011.02.17 17:49:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft [2011.01.04 00:20:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.17 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Epson [2011.01.04 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeScreenToVideo [2011.01.03 21:51:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Google [2011.11.30 22:54:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0 [2012.04.29 01:45:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ [2011.01.03 21:48:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Identities [2012.04.22 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IMVU [2012.02.03 19:32:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IMVUClient [2011.01.10 12:07:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InstallShield [2012.02.19 03:13:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InstallShield Installation Information [2011.12.13 01:01:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LEGO Company [2011.01.03 21:49:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Macromedia [2011.01.04 09:15:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MAGIX [2012.04.23 15:14:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Media Center Programs [2011.10.10 19:05:59 | 000,000,000 | --SD | M] -- C:\Users\Chris\AppData\Roaming\Microsoft [2011.03.12 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla [2011.09.07 23:01:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nero [2011.09.18 03:11:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NVIDIA [2011.01.03 21:49:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OEM [2012.02.15 00:55:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin [2011.11.10 00:32:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PunkBuster [2011.06.23 18:14:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Real [2011.08.09 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\runic games [2011.01.04 20:39:12 | 000,000,000 | RH-D | M] -- C:\Users\Chris\AppData\Roaming\SecuROM [2012.04.30 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Skype [2012.04.30 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\skypePM [2012.04.16 05:22:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client [2011.06.02 19:32:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony [2011.01.05 19:23:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP [2012.04.10 16:26:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft [2012.04.22 23:49:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unab [2011.12.16 23:55:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Verbindungsassistent [2011.01.04 00:53:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vivox [2012.04.25 13:36:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\vlc [2011.01.29 11:39:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinRAR [2011.02.17 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\XMedia Recode < %APPDATA%\*.exe /s > [2010.10.27 02:21:56 | 007,509,008 | ---- | M] (Vivox, Inc.) -- C:\Users\Chris\AppData\Roaming\IMVUClient\1VivoxVoice.exe [2011.12.10 08:38:12 | 000,013,312 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\devicefingerprint.exe [2011.12.10 08:38:22 | 000,158,208 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\devicefingerprint_old.exe [2011.07.27 18:28:54 | 000,009,216 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\devicefingerprint_v94.exe [2012.01.30 22:35:26 | 000,053,504 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\IMVUClient.exe [2012.01.30 22:35:28 | 000,022,784 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [2012.01.30 22:35:28 | 000,097,200 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\IMVUupdater.exe [2012.01.23 19:11:54 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Users\Chris\AppData\Roaming\IMVUClient\plugin-container.exe [2012.02.03 19:32:32 | 000,077,972 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\Uninstall.exe [2011.12.10 08:01:06 | 000,049,664 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\w9xpopen.exe [2011.12.10 09:14:12 | 000,134,144 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\WriteMiniDump.exe [2012.02.03 19:32:20 | 023,400,256 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe [2004.10.22 07:16:58 | 000,118,736 | ---- | M] (Macrovision Corporation) -- C:\Users\Chris\AppData\Roaming\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe [2012.04.16 20:15:46 | 153,558,120 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\LEGO Company\LEGO Digital Designer\setupLDD-PC-4_2_5.exe [2011.05.10 17:51:18 | 000,376,320 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe [2012.01.11 22:35:46 | 000,010,134 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe [2011.02.17 22:39:13 | 000,835,440 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe [2011.11.15 05:34:39 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe [2011.11.15 21:18:16 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe [2011.11.15 20:46:56 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Chris\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.12.09 11:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\OEM\Preload\4K\X86\iaStor.sys [2009.12.09 11:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\OEM\Preload\4KD\X86\iaStor.sys [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\OEM\Preload\Autorun\DRV\Intel Storage Generic Driver\iaStor.sys [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_093f326ff5f9285e\iaStor.sys [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\OEM\Preload\4K\X64\iaStor.sys [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\OEM\Preload\4KD\X64\iaStor.sys [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\drivers\iaStor.sys [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a850f9740f1a3db7\iaStor.sys [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c102f5ecab1a70a7\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > [/code] Und danke schon mal mit der Info über den Internet Explorer, das erleichtert mich nun noch ein ganzes Stück weiter. Schon blöd wenn man nie vorher auf sowas achtet. |
|
01.05.2012, 12:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.27 06:42:55 | 000,015,360 | ---- | M] () - D:\AutoScreenRecorder_01.avi -- [ NTFS ]
O32 - AutoRun File - [2012.03.09 03:24:40 | 062,944,256 | ---- | M] () - D:\AutoScreenRecorder_02.avi -- [ NTFS ]
O32 - AutoRun File - [2012.03.09 03:37:32 | 117,049,344 | ---- | M] () - D:\AutoScreenRecorder_03.avi -- [ NTFS ]
O32 - AutoRun File - [2012.03.09 03:55:13 | 150,961,152 | ---- | M] () - D:\AutoScreenRecorder_04.avi -- [ NTFS ]
O32 - AutoRun File - [2012.04.05 01:27:51 | 160,654,336 | ---- | M] () - D:\AutoScreenRecorder_05.avi -- [ NTFS ]
O33 - MountPoints2\{1c488ac8-0d59-11e1-a6e5-8a6d7fa82ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{1c488ac8-0d59-11e1-a6e5-8a6d7fa82ba7}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{1c488ad4-0d59-11e1-a6e5-8a6d7fa82ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{1c488ad4-0d59-11e1-a6e5-8a6d7fa82ba7}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{27af586d-0e1e-11e1-8d99-dca8986bc2a7}\Shell - "" = AutoRun
O33 - MountPoints2\{27af586d-0e1e-11e1-8d99-dca8986bc2a7}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{7b9689e6-0de0-11e1-b83c-ae3bda7e64a6}\Shell - "" = AutoRun
O33 - MountPoints2\{7b9689e6-0de0-11e1-b83c-ae3bda7e64a6}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{7b9689f7-0de0-11e1-b83c-ae3bda7e64a6}\Shell - "" = AutoRun
O33 - MountPoints2\{7b9689f7-0de0-11e1-b83c-ae3bda7e64a6}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:DFC5A2B2
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2012, 13:05
| #11 |
| | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hallo, oben Beschriebenes ausgeführt, hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AutoScreenRecorder_01.avi moved successfully.
D:\AutoScreenRecorder_02.avi moved successfully.
D:\AutoScreenRecorder_03.avi moved successfully.
D:\AutoScreenRecorder_04.avi moved successfully.
D:\AutoScreenRecorder_05.avi moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c488ac8-0d59-11e1-a6e5-8a6d7fa82ba7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c488ac8-0d59-11e1-a6e5-8a6d7fa82ba7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c488ac8-0d59-11e1-a6e5-8a6d7fa82ba7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c488ac8-0d59-11e1-a6e5-8a6d7fa82ba7}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c488ad4-0d59-11e1-a6e5-8a6d7fa82ba7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c488ad4-0d59-11e1-a6e5-8a6d7fa82ba7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c488ad4-0d59-11e1-a6e5-8a6d7fa82ba7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c488ad4-0d59-11e1-a6e5-8a6d7fa82ba7}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27af586d-0e1e-11e1-8d99-dca8986bc2a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27af586d-0e1e-11e1-8d99-dca8986bc2a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27af586d-0e1e-11e1-8d99-dca8986bc2a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27af586d-0e1e-11e1-8d99-dca8986bc2a7}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b9689e6-0de0-11e1-b83c-ae3bda7e64a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b9689e6-0de0-11e1-b83c-ae3bda7e64a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b9689e6-0de0-11e1-b83c-ae3bda7e64a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b9689e6-0de0-11e1-b83c-ae3bda7e64a6}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b9689f7-0de0-11e1-b83c-ae3bda7e64a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b9689f7-0de0-11e1-b83c-ae3bda7e64a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b9689f7-0de0-11e1-b83c-ae3bda7e64a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b9689f7-0de0-11e1-b83c-ae3bda7e64a6}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Chris
->Temp folder emptied: 183414199 bytes
->Temporary Internet Files folder emptied: 1401764308 bytes
->Java cache emptied: 5044741 bytes
->FireFox cache emptied: 91183486 bytes
->Google Chrome cache emptied: 6332102 bytes
->Flash cache emptied: 123929 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser.Chris-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1269760 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 275097106 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.873,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Chris
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
User: UpdatusUser
User: UpdatusUser.Chris-PC
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.2 log created on 05012012_135740
Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
PS: Da dieser Trojan.ZBotR.Gen ja auch Banking Passwörter auslesen konnte (ich mach zwar keins aber): Ich nutze Programme wie Steam usw. wo man auch Geld aufladen und einlösen kann, wäre wohl besser wenn ich da jetzt alles ändere insofern das System sauber ist, oder? |
|
01.05.2012, 16:22
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere FragenZitat:
 Du findest sie wieder im Ordner C:\_OTL\MovedFiles Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2012, 16:33
| #13 |
| | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hallo, hier das TDSSKiller Logfile: Code:
ATTFilter 17:29:26.0565 4624 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:29:26.0830 4624 ============================================================
17:29:26.0830 4624 Current date / time: 2012/05/01 17:29:26.0830
17:29:26.0830 4624 SystemInfo:
17:29:26.0830 4624
17:29:26.0830 4624 OS Version: 6.1.7601 ServicePack: 1.0
17:29:26.0830 4624 Product type: Workstation
17:29:26.0830 4624 ComputerName: CHRIS-PC
17:29:26.0830 4624 UserName: Chris
17:29:26.0830 4624 Windows directory: C:\Windows
17:29:26.0830 4624 System windows directory: C:\Windows
17:29:26.0830 4624 Running under WOW64
17:29:26.0830 4624 Processor architecture: Intel x64
17:29:26.0830 4624 Number of processors: 4
17:29:26.0830 4624 Page size: 0x1000
17:29:26.0830 4624 Boot type: Normal boot
17:29:26.0830 4624 ============================================================
17:29:27.0361 4624 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:29:27.0392 4624 Drive \Device\Harddisk6\DR6 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:29:27.0423 4624 ============================================================
17:29:27.0423 4624 \Device\Harddisk0\DR0:
17:29:27.0423 4624 MBR partitions:
17:29:27.0423 4624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3000800, BlocksNum 0x32000
17:29:27.0423 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3032800, BlocksNum 0x38AE7000
17:29:27.0423 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3BB19800, BlocksNum 0x38BEC800
17:29:27.0423 4624 \Device\Harddisk6\DR6:
17:29:27.0423 4624 MBR partitions:
17:29:27.0423 4624 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:29:27.0423 4624 ============================================================
17:29:27.0454 4624 C: <-> \Device\Harddisk0\DR0\Partition1
17:29:27.0485 4624 D: <-> \Device\Harddisk0\DR0\Partition2
17:29:27.0532 4624 M: <-> \Device\Harddisk6\DR6\Partition0
17:29:27.0532 4624 ============================================================
17:29:27.0532 4624 Initialize success
17:29:27.0532 4624 ============================================================
17:30:14.0644 4308 ============================================================
17:30:14.0644 4308 Scan started
17:30:14.0644 4308 Mode: Manual; SigCheck; TDLFS;
17:30:14.0644 4308 ============================================================
17:30:15.0050 4308 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:30:15.0159 4308 1394ohci - ok
17:30:15.0237 4308 AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
17:30:15.0253 4308 AAV UpdateService - ok
17:30:15.0346 4308 ABBYY.Licensing.PDFTransformer.Site License.3.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
17:30:15.0393 4308 ABBYY.Licensing.PDFTransformer.Site License.3.0 - ok
17:30:15.0471 4308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:30:15.0487 4308 ACPI - ok
17:30:15.0549 4308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:30:15.0627 4308 AcpiPmi - ok
17:30:15.0674 4308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:30:15.0705 4308 adp94xx - ok
17:30:15.0752 4308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:30:15.0783 4308 adpahci - ok
17:30:15.0799 4308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:30:15.0814 4308 adpu320 - ok
17:30:15.0846 4308 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:30:16.0017 4308 AeLookupSvc - ok
17:30:16.0080 4308 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:30:16.0142 4308 AFD - ok
17:30:16.0173 4308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:30:16.0204 4308 agp440 - ok
17:30:16.0220 4308 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:30:16.0267 4308 ALG - ok
17:30:16.0282 4308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:30:16.0298 4308 aliide - ok
17:30:16.0314 4308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:30:16.0329 4308 amdide - ok
17:30:16.0345 4308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:30:16.0407 4308 AmdK8 - ok
17:30:16.0423 4308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:30:16.0454 4308 AmdPPM - ok
17:30:16.0501 4308 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:30:16.0532 4308 amdsata - ok
17:30:16.0548 4308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:30:16.0563 4308 amdsbs - ok
17:30:16.0594 4308 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:30:16.0610 4308 amdxata - ok
17:30:16.0672 4308 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:30:16.0688 4308 AntiVirSchedulerService - ok
17:30:16.0735 4308 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:30:16.0750 4308 AntiVirService - ok
17:30:16.0813 4308 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:30:16.0953 4308 AppID - ok
17:30:16.0984 4308 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:30:17.0062 4308 AppIDSvc - ok
17:30:17.0094 4308 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:30:17.0140 4308 Appinfo - ok
17:30:17.0140 4308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:30:17.0156 4308 arc - ok
17:30:17.0187 4308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:30:17.0203 4308 arcsas - ok
17:30:17.0281 4308 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:30:17.0374 4308 aspnet_state - ok
17:30:17.0390 4308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:30:17.0468 4308 AsyncMac - ok
17:30:17.0468 4308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:30:17.0484 4308 atapi - ok
17:30:17.0733 4308 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
17:30:17.0936 4308 atikmdag - ok
17:30:18.0108 4308 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
17:30:18.0139 4308 atksgt - ok
17:30:18.0201 4308 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:30:18.0264 4308 AudioEndpointBuilder - ok
17:30:18.0279 4308 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:30:18.0310 4308 AudioSrv - ok
17:30:18.0326 4308 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
17:30:18.0342 4308 avgntflt - ok
17:30:18.0357 4308 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
17:30:18.0373 4308 avipbb - ok
17:30:18.0404 4308 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:30:18.0498 4308 AxInstSV - ok
17:30:18.0544 4308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:30:18.0591 4308 b06bdrv - ok
17:30:18.0622 4308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:30:18.0654 4308 b57nd60a - ok
17:30:18.0685 4308 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:30:18.0732 4308 BDESVC - ok
17:30:18.0732 4308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:30:18.0794 4308 Beep - ok
17:30:18.0872 4308 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:30:18.0934 4308 BFE - ok
17:30:18.0997 4308 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:30:19.0075 4308 BITS - ok
17:30:19.0106 4308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:30:19.0153 4308 blbdrive - ok
17:30:19.0200 4308 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:30:19.0246 4308 bowser - ok
17:30:19.0246 4308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:30:19.0262 4308 BrFiltLo - ok
17:30:19.0278 4308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:30:19.0309 4308 BrFiltUp - ok
17:30:19.0340 4308 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:30:19.0434 4308 Browser - ok
17:30:19.0449 4308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:30:19.0496 4308 Brserid - ok
17:30:19.0496 4308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:30:19.0527 4308 BrSerWdm - ok
17:30:19.0527 4308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:30:19.0558 4308 BrUsbMdm - ok
17:30:19.0558 4308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:30:19.0590 4308 BrUsbSer - ok
17:30:19.0605 4308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:30:19.0636 4308 BTHMODEM - ok
17:30:19.0652 4308 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:30:19.0683 4308 bthserv - ok
17:30:19.0699 4308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:30:19.0730 4308 cdfs - ok
17:30:19.0777 4308 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:30:19.0808 4308 cdrom - ok
17:30:19.0839 4308 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:30:19.0886 4308 CertPropSvc - ok
17:30:19.0902 4308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:30:19.0917 4308 circlass - ok
17:30:19.0948 4308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:30:19.0964 4308 CLFS - ok
17:30:20.0026 4308 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:20.0042 4308 clr_optimization_v2.0.50727_32 - ok
17:30:20.0089 4308 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:30:20.0104 4308 clr_optimization_v2.0.50727_64 - ok
17:30:20.0167 4308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:20.0260 4308 clr_optimization_v4.0.30319_32 - ok
17:30:20.0307 4308 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:30:20.0338 4308 clr_optimization_v4.0.30319_64 - ok
17:30:20.0354 4308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:30:20.0385 4308 CmBatt - ok
17:30:20.0432 4308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:30:20.0448 4308 cmdide - ok
17:30:20.0510 4308 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:30:20.0541 4308 CNG - ok
17:30:20.0557 4308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:30:20.0557 4308 Compbatt - ok
17:30:20.0604 4308 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:30:20.0650 4308 CompositeBus - ok
17:30:20.0666 4308 COMSysApp - ok
17:30:20.0666 4308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:30:20.0682 4308 crcdisk - ok
17:30:20.0728 4308 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:30:20.0791 4308 CryptSvc - ok
17:30:20.0947 4308 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:30:20.0994 4308 cvhsvc - ok
17:30:21.0056 4308 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:30:21.0118 4308 DcomLaunch - ok
17:30:21.0150 4308 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:30:21.0212 4308 defragsvc - ok
17:30:21.0274 4308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:30:21.0337 4308 DfsC - ok
17:30:21.0384 4308 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:30:21.0462 4308 Dhcp - ok
17:30:21.0477 4308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:30:21.0508 4308 discache - ok
17:30:21.0524 4308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:30:21.0540 4308 Disk - ok
17:30:21.0586 4308 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:30:21.0602 4308 Dnscache - ok
17:30:21.0633 4308 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:30:21.0696 4308 dot3svc - ok
17:30:21.0742 4308 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:30:21.0789 4308 DPS - ok
17:30:21.0820 4308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:30:21.0836 4308 drmkaud - ok
17:30:21.0898 4308 dump_wmimmc - ok
17:30:21.0992 4308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:30:22.0023 4308 DXGKrnl - ok
17:30:22.0054 4308 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:30:22.0101 4308 EapHost - ok
17:30:22.0273 4308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:30:22.0366 4308 ebdrv - ok
17:30:22.0460 4308 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:30:22.0507 4308 EFS - ok
17:30:22.0569 4308 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:30:22.0663 4308 ehRecvr - ok
17:30:22.0694 4308 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:30:22.0741 4308 ehSched - ok
17:30:22.0803 4308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:30:22.0834 4308 elxstor - ok
17:30:22.0866 4308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:30:22.0881 4308 ErrDev - ok
17:30:22.0928 4308 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:30:22.0990 4308 EventSystem - ok
17:30:23.0068 4308 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
17:30:23.0100 4308 ew_hwusbdev - ok
17:30:23.0131 4308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:30:23.0193 4308 exfat - ok
17:30:23.0271 4308 Fabs - ok
17:30:23.0318 4308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:30:23.0365 4308 fastfat - ok
17:30:23.0443 4308 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:30:23.0505 4308 Fax - ok
17:30:23.0505 4308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:30:23.0536 4308 fdc - ok
17:30:23.0536 4308 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:30:23.0630 4308 fdPHost - ok
17:30:23.0630 4308 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:30:23.0677 4308 FDResPub - ok
17:30:23.0692 4308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:30:23.0692 4308 FileInfo - ok
17:30:23.0724 4308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:30:23.0755 4308 Filetrace - ok
17:30:23.0911 4308 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
17:30:24.0020 4308 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
17:30:24.0020 4308 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
17:30:24.0098 4308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:30:24.0114 4308 flpydisk - ok
17:30:24.0160 4308 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:30:24.0176 4308 FltMgr - ok
17:30:24.0270 4308 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:30:24.0316 4308 FontCache - ok
17:30:24.0379 4308 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:30:24.0394 4308 FontCache3.0.0.0 - ok
17:30:24.0410 4308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:30:24.0426 4308 FsDepends - ok
17:30:24.0457 4308 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:30:24.0472 4308 Fs_Rec - ok
17:30:24.0519 4308 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:30:24.0535 4308 fvevol - ok
17:30:24.0550 4308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:30:24.0566 4308 gagp30kx - ok
17:30:24.0582 4308 GearAspiWDM (7508fcfb8d93556213f530dffaedec45) C:\Windows\system32\drivers\GEARAspiWDM.sys
17:30:24.0582 4308 GearAspiWDM - ok
17:30:24.0644 4308 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:30:24.0722 4308 gpsvc - ok
17:30:24.0862 4308 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
17:30:24.0894 4308 Greg_Service - ok
17:30:24.0972 4308 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:30:24.0987 4308 gupdate - ok
17:30:25.0018 4308 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:30:25.0034 4308 gupdatem - ok
17:30:25.0065 4308 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:30:25.0081 4308 gusvc - ok
17:30:25.0128 4308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:30:25.0174 4308 hcw85cir - ok
17:30:25.0252 4308 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:30:25.0284 4308 HdAudAddService - ok
17:30:25.0330 4308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:30:25.0362 4308 HDAudBus - ok
17:30:25.0377 4308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:30:25.0393 4308 HidBatt - ok
17:30:25.0408 4308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:30:25.0440 4308 HidBth - ok
17:30:25.0440 4308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:30:25.0455 4308 HidIr - ok
17:30:25.0486 4308 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:30:25.0533 4308 hidserv - ok
17:30:25.0549 4308 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:30:25.0564 4308 HidUsb - ok
17:30:25.0596 4308 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:30:25.0627 4308 hkmsvc - ok
17:30:25.0689 4308 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:30:25.0736 4308 HomeGroupListener - ok
17:30:25.0767 4308 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:30:25.0798 4308 HomeGroupProvider - ok
17:30:25.0830 4308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:30:25.0830 4308 HpSAMD - ok
17:30:25.0908 4308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:30:25.0986 4308 HTTP - ok
17:30:26.0017 4308 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:30:26.0079 4308 hwdatacard - ok
17:30:26.0110 4308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:30:26.0126 4308 hwpolicy - ok
17:30:26.0173 4308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:30:26.0188 4308 i8042prt - ok
17:30:26.0235 4308 iaStor (bf5442dc14608d18949dc83de37e667a) C:\Windows\system32\DRIVERS\iaStor.sys
17:30:26.0266 4308 iaStor - ok
17:30:26.0344 4308 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:30:26.0376 4308 iaStorV - ok
17:30:26.0532 4308 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:30:26.0547 4308 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:30:26.0547 4308 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:30:26.0672 4308 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:30:26.0703 4308 idsvc - ok
17:30:26.0797 4308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:30:26.0812 4308 iirsp - ok
17:30:26.0859 4308 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:30:26.0937 4308 IKEEXT - ok
17:30:27.0062 4308 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
17:30:27.0109 4308 IntcAzAudAddService - ok
17:30:27.0171 4308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:30:27.0202 4308 intelide - ok
17:30:27.0218 4308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:30:27.0249 4308 intelppm - ok
17:30:27.0280 4308 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:30:27.0327 4308 IPBusEnum - ok
17:30:27.0358 4308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:30:27.0405 4308 IpFilterDriver - ok
17:30:27.0483 4308 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:30:27.0546 4308 iphlpsvc - ok
17:30:27.0577 4308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:30:27.0592 4308 IPMIDRV - ok
17:30:27.0608 4308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:30:27.0655 4308 IPNAT - ok
17:30:27.0670 4308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:30:27.0686 4308 IRENUM - ok
17:30:27.0702 4308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:30:27.0717 4308 isapnp - ok
17:30:27.0764 4308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:30:27.0795 4308 iScsiPrt - ok
17:30:27.0826 4308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:30:27.0858 4308 kbdclass - ok
17:30:27.0904 4308 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:30:27.0936 4308 kbdhid - ok
17:30:27.0982 4308 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:30:27.0998 4308 KeyIso - ok
17:30:28.0014 4308 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:30:28.0029 4308 KSecDD - ok
17:30:28.0045 4308 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:30:28.0060 4308 KSecPkg - ok
17:30:28.0076 4308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:30:28.0123 4308 ksthunk - ok
17:30:28.0154 4308 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:30:28.0216 4308 KtmRm - ok
17:30:28.0248 4308 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:30:28.0310 4308 LanmanServer - ok
17:30:28.0341 4308 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:30:28.0404 4308 LanmanWorkstation - ok
17:30:28.0450 4308 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
17:30:28.0466 4308 lirsgt - ok
17:30:28.0482 4308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:30:28.0513 4308 lltdio - ok
17:30:28.0544 4308 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:30:28.0638 4308 lltdsvc - ok
17:30:28.0653 4308 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:30:28.0700 4308 lmhosts - ok
17:30:28.0731 4308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:30:28.0731 4308 LSI_FC - ok
17:30:28.0762 4308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:30:28.0762 4308 LSI_SAS - ok
17:30:28.0794 4308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:30:28.0794 4308 LSI_SAS2 - ok
17:30:28.0825 4308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:30:28.0840 4308 LSI_SCSI - ok
17:30:28.0856 4308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:30:28.0903 4308 luafv - ok
17:30:28.0965 4308 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:30:28.0981 4308 Mcx2Svc - ok
17:30:29.0012 4308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:30:29.0028 4308 megasas - ok
17:30:29.0043 4308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:30:29.0059 4308 MegaSR - ok
17:30:29.0074 4308 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:30:29.0121 4308 MMCSS - ok
17:30:29.0137 4308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:30:29.0184 4308 Modem - ok
17:30:29.0215 4308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:30:29.0246 4308 monitor - ok
17:30:29.0293 4308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:30:29.0324 4308 mouclass - ok
17:30:29.0340 4308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:30:29.0386 4308 mouhid - ok
17:30:29.0418 4308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:30:29.0433 4308 mountmgr - ok
17:30:29.0480 4308 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:30:29.0496 4308 mpio - ok
17:30:29.0511 4308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:30:29.0542 4308 mpsdrv - ok
17:30:29.0620 4308 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:30:29.0667 4308 MpsSvc - ok
17:30:29.0714 4308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:30:29.0745 4308 MRxDAV - ok
17:30:29.0808 4308 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:30:29.0839 4308 mrxsmb - ok
17:30:29.0901 4308 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:30:29.0964 4308 mrxsmb10 - ok
17:30:29.0979 4308 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:30:30.0010 4308 mrxsmb20 - ok
17:30:30.0042 4308 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:30:30.0057 4308 msahci - ok
17:30:30.0073 4308 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:30:30.0104 4308 msdsm - ok
17:30:30.0120 4308 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:30:30.0151 4308 MSDTC - ok
17:30:30.0182 4308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:30:30.0244 4308 Msfs - ok
17:30:30.0260 4308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:30:30.0291 4308 mshidkmdf - ok
17:30:30.0338 4308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:30:30.0338 4308 msisadrv - ok
17:30:30.0354 4308 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:30:30.0432 4308 MSiSCSI - ok
17:30:30.0432 4308 msiserver - ok
17:30:30.0447 4308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:30:30.0478 4308 MSKSSRV - ok
17:30:30.0494 4308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:30:30.0525 4308 MSPCLOCK - ok
17:30:30.0525 4308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:30:30.0572 4308 MSPQM - ok
17:30:30.0634 4308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:30:30.0666 4308 MsRPC - ok
17:30:30.0666 4308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:30:30.0681 4308 mssmbios - ok
17:30:30.0790 4308 MSSQL$BWDATOOLSET - ok
17:30:30.0837 4308 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:30:30.0853 4308 MSSQLServerADHelper - ok
17:30:30.0868 4308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:30:30.0931 4308 MSTEE - ok
17:30:30.0946 4308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:30:30.0962 4308 MTConfig - ok
17:30:30.0993 4308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:30:30.0993 4308 Mup - ok
17:30:31.0024 4308 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
17:30:31.0040 4308 mwlPSDFilter - ok
17:30:31.0040 4308 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
17:30:31.0040 4308 mwlPSDNServ - ok
17:30:31.0056 4308 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
17:30:31.0056 4308 mwlPSDVDisk - ok
17:30:31.0102 4308 MWLService (0036634e5c92be109056f7e2380103a9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
17:30:31.0134 4308 MWLService - ok
17:30:31.0212 4308 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:30:31.0258 4308 napagent - ok
17:30:31.0305 4308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:30:31.0352 4308 NativeWifiP - ok
17:30:31.0430 4308 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:30:31.0461 4308 NDIS - ok
17:30:31.0477 4308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:30:31.0524 4308 NdisCap - ok
17:30:31.0539 4308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:30:31.0586 4308 NdisTapi - ok
17:30:31.0617 4308 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:30:31.0664 4308 Ndisuio - ok
17:30:31.0711 4308 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:30:31.0773 4308 NdisWan - ok
17:30:31.0804 4308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:30:31.0836 4308 NDProxy - ok
17:30:31.0992 4308 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:30:32.0038 4308 Nero BackItUp Scheduler 4.0 - ok
17:30:32.0085 4308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:30:32.0116 4308 NetBIOS - ok
17:30:32.0194 4308 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:30:32.0257 4308 NetBT - ok
17:30:32.0288 4308 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:30:32.0304 4308 Netlogon - ok
17:30:32.0350 4308 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:30:32.0413 4308 Netman - ok
17:30:32.0506 4308 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:32.0553 4308 NetMsmqActivator - ok
17:30:32.0553 4308 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:32.0569 4308 NetPipeActivator - ok
17:30:32.0616 4308 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:30:32.0662 4308 netprofm - ok
17:30:32.0678 4308 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:32.0678 4308 NetTcpActivator - ok
17:30:32.0694 4308 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:32.0694 4308 NetTcpPortSharing - ok
17:30:32.0740 4308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:30:32.0756 4308 nfrd960 - ok
17:30:32.0803 4308 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:30:32.0865 4308 NlaSvc - ok
17:30:32.0881 4308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:30:32.0912 4308 Npfs - ok
17:30:32.0928 4308 npggsvc - ok
17:30:32.0928 4308 NPPTNT2 - ok
17:30:32.0943 4308 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:30:32.0990 4308 nsi - ok
17:30:33.0006 4308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:30:33.0052 4308 nsiproxy - ok
17:30:33.0162 4308 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:30:33.0208 4308 Ntfs - ok
17:30:33.0286 4308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:30:33.0333 4308 Null - ok
17:30:33.0801 4308 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:30:33.0988 4308 nvlddmkm - ok
17:30:34.0082 4308 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:30:34.0098 4308 nvraid - ok
17:30:34.0144 4308 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:30:34.0160 4308 nvstor - ok
17:30:34.0254 4308 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
17:30:34.0285 4308 nvsvc - ok
17:30:34.0488 4308 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:30:34.0581 4308 nvUpdatusService - ok
17:30:34.0628 4308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:30:34.0644 4308 nv_agp - ok
17:30:34.0690 4308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:30:34.0706 4308 ohci1394 - ok
17:30:34.0784 4308 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:34.0800 4308 ose - ok
17:30:35.0065 4308 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:30:35.0221 4308 osppsvc - ok
17:30:35.0283 4308 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:30:35.0330 4308 p2pimsvc - ok
17:30:35.0377 4308 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:30:35.0408 4308 p2psvc - ok
17:30:35.0455 4308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:30:35.0470 4308 Parport - ok
17:30:35.0517 4308 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:30:35.0533 4308 partmgr - ok
17:30:35.0595 4308 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
17:30:35.0611 4308 Partner Service - ok
17:30:35.0642 4308 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:30:35.0673 4308 PcaSvc - ok
17:30:35.0689 4308 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:30:35.0704 4308 pci - ok
17:30:35.0720 4308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:30:35.0736 4308 pciide - ok
17:30:35.0751 4308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:30:35.0767 4308 pcmcia - ok
17:30:35.0782 4308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:30:35.0782 4308 pcw - ok
17:30:35.0845 4308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:30:35.0923 4308 PEAUTH - ok
17:30:36.0001 4308 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:30:36.0016 4308 PerfHost - ok
17:30:36.0141 4308 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:30:36.0219 4308 pla - ok
17:30:36.0297 4308 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:30:36.0344 4308 PlugPlay - ok
17:30:36.0375 4308 PnkBstrA - ok
17:30:36.0391 4308 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:30:36.0422 4308 PNRPAutoReg - ok
17:30:36.0453 4308 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:30:36.0469 4308 PNRPsvc - ok
17:30:36.0547 4308 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:30:36.0609 4308 PolicyAgent - ok
17:30:36.0640 4308 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:30:36.0687 4308 Power - ok
17:30:36.0734 4308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:30:36.0781 4308 PptpMiniport - ok
17:30:36.0796 4308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:30:36.0796 4308 Processor - ok
17:30:36.0828 4308 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:30:36.0874 4308 ProfSvc - ok
17:30:36.0906 4308 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:30:36.0921 4308 ProtectedStorage - ok
17:30:36.0937 4308 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:30:36.0984 4308 Psched - ok
17:30:37.0077 4308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:30:37.0124 4308 ql2300 - ok
17:30:37.0202 4308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:30:37.0233 4308 ql40xx - ok
17:30:37.0264 4308 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:30:37.0296 4308 QWAVE - ok
17:30:37.0311 4308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:30:37.0327 4308 QWAVEdrv - ok
17:30:37.0342 4308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:30:37.0389 4308 RasAcd - ok
17:30:37.0405 4308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:30:37.0436 4308 RasAgileVpn - ok
17:30:37.0452 4308 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:30:37.0483 4308 RasAuto - ok
17:30:37.0514 4308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:37.0576 4308 Rasl2tp - ok
17:30:37.0623 4308 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:30:37.0686 4308 RasMan - ok
17:30:37.0701 4308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:37.0764 4308 RasPppoe - ok
17:30:37.0779 4308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:30:37.0826 4308 RasSstp - ok
17:30:37.0857 4308 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:30:37.0920 4308 rdbss - ok
17:30:37.0935 4308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:30:37.0951 4308 rdpbus - ok
17:30:37.0966 4308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:38.0013 4308 RDPCDD - ok
17:30:38.0029 4308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:30:38.0076 4308 RDPENCDD - ok
17:30:38.0076 4308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:30:38.0107 4308 RDPREFMP - ok
17:30:38.0154 4308 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:30:38.0200 4308 RDPWD - ok
17:30:38.0232 4308 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:30:38.0247 4308 rdyboost - ok
17:30:38.0263 4308 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:30:38.0325 4308 RemoteAccess - ok
17:30:38.0356 4308 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:30:38.0388 4308 RemoteRegistry - ok
17:30:38.0403 4308 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:30:38.0434 4308 RpcEptMapper - ok
17:30:38.0450 4308 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:30:38.0466 4308 RpcLocator - ok
17:30:38.0544 4308 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:30:38.0590 4308 RpcSs - ok
17:30:38.0606 4308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:30:38.0653 4308 rspndr - ok
17:30:38.0700 4308 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:30:38.0778 4308 RTL8167 - ok
17:30:38.0824 4308 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:30:38.0840 4308 SamSs - ok
17:30:38.0887 4308 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:30:38.0902 4308 sbp2port - ok
17:30:38.0934 4308 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:30:38.0996 4308 SCardSvr - ok
17:30:39.0043 4308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:30:39.0105 4308 scfilter - ok
17:30:39.0199 4308 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:30:39.0261 4308 Schedule - ok
17:30:39.0292 4308 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:30:39.0324 4308 SCPolicySvc - ok
17:30:39.0339 4308 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:30:39.0370 4308 SDRSVC - ok
17:30:39.0402 4308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:30:39.0433 4308 secdrv - ok
17:30:39.0448 4308 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:30:39.0480 4308 seclogon - ok
17:30:39.0495 4308 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:30:39.0542 4308 SENS - ok
17:30:39.0558 4308 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:30:39.0589 4308 SensrSvc - ok
17:30:39.0604 4308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:30:39.0620 4308 Serenum - ok
17:30:39.0651 4308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:30:39.0667 4308 Serial - ok
17:30:39.0682 4308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:30:39.0714 4308 sermouse - ok
17:30:39.0776 4308 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:30:39.0823 4308 SessionEnv - ok
17:30:39.0854 4308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:30:39.0870 4308 sffdisk - ok
17:30:39.0870 4308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:30:39.0885 4308 sffp_mmc - ok
17:30:39.0901 4308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:30:39.0916 4308 sffp_sd - ok
17:30:39.0916 4308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:39.0948 4308 sfloppy - ok
17:30:40.0026 4308 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:30:40.0057 4308 Sftfs - ok
17:30:40.0166 4308 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:30:40.0197 4308 sftlist - ok
17:30:40.0306 4308 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:30:40.0322 4308 Sftplay - ok
17:30:40.0338 4308 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:30:40.0353 4308 Sftredir - ok
17:30:40.0369 4308 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:30:40.0369 4308 Sftvol - ok
17:30:40.0400 4308 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:30:40.0416 4308 sftvsa - ok
17:30:40.0462 4308 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:30:40.0540 4308 SharedAccess - ok
17:30:40.0618 4308 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:30:40.0665 4308 ShellHWDetection - ok
17:30:40.0712 4308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:30:40.0728 4308 SiSRaid2 - ok
17:30:40.0759 4308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:30:40.0759 4308 SiSRaid4 - ok
17:30:40.0774 4308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:30:40.0821 4308 Smb - ok
17:30:40.0837 4308 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:30:40.0868 4308 SNMPTRAP - ok
17:30:41.0055 4308 SNP2UVC (7b90d750dcbf72524dd38b105d29f8c1) C:\Windows\system32\DRIVERS\snp2uvc.sys
17:30:41.0149 4308 SNP2UVC ( UnsignedFile.Multi.Generic ) - warning
17:30:41.0149 4308 SNP2UVC - detected UnsignedFile.Multi.Generic (1)
17:30:41.0211 4308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:30:41.0227 4308 spldr - ok
17:30:41.0305 4308 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:30:41.0367 4308 Spooler - ok
17:30:41.0554 4308 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:30:41.0617 4308 sppsvc - ok
17:30:41.0664 4308 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:30:41.0726 4308 sppuinotify - ok
17:30:41.0835 4308 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:30:41.0851 4308 SQLBrowser - ok
17:30:41.0913 4308 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:30:41.0929 4308 SQLWriter - ok
17:30:41.0991 4308 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:30:42.0069 4308 srv - ok
17:30:42.0116 4308 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:30:42.0163 4308 srv2 - ok
17:30:42.0194 4308 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:30:42.0225 4308 srvnet - ok
17:30:42.0256 4308 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:30:42.0334 4308 SSDPSRV - ok
17:30:42.0350 4308 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:30:42.0412 4308 SstpSvc - ok
17:30:42.0475 4308 Steam Client Service - ok
17:30:42.0568 4308 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:30:42.0584 4308 Stereo Service - ok
17:30:42.0600 4308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:30:42.0600 4308 stexstor - ok
17:30:42.0678 4308 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:30:42.0740 4308 stisvc - ok
17:30:42.0771 4308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:30:42.0771 4308 swenum - ok
17:30:42.0818 4308 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:30:42.0865 4308 swprv - ok
17:30:42.0990 4308 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:30:43.0068 4308 SysMain - ok
17:30:43.0146 4308 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:30:43.0192 4308 TabletInputService - ok
17:30:43.0239 4308 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:30:43.0302 4308 TapiSrv - ok
17:30:43.0317 4308 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:30:43.0380 4308 TBS - ok
17:30:43.0504 4308 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:30:43.0551 4308 Tcpip - ok
17:30:43.0676 4308 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:30:43.0723 4308 TCPIP6 - ok
17:30:43.0770 4308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:30:43.0832 4308 tcpipreg - ok
17:30:43.0848 4308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:30:43.0879 4308 TDPIPE - ok
17:30:43.0910 4308 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:30:43.0941 4308 TDTCP - ok
17:30:43.0972 4308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:30:44.0019 4308 tdx - ok
17:30:44.0035 4308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:30:44.0050 4308 TermDD - ok
17:30:44.0113 4308 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:30:44.0175 4308 TermService - ok
17:30:44.0175 4308 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:30:44.0206 4308 Themes - ok
17:30:44.0238 4308 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:30:44.0269 4308 THREADORDER - ok
17:30:44.0284 4308 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:30:44.0331 4308 TrkWks - ok
17:30:44.0409 4308 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:30:44.0456 4308 TrustedInstaller - ok
17:30:44.0503 4308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:44.0565 4308 tssecsrv - ok
17:30:44.0596 4308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:30:44.0628 4308 TsUsbFlt - ok
17:30:44.0659 4308 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:30:44.0721 4308 tunnel - ok
17:30:44.0737 4308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:30:44.0752 4308 uagp35 - ok
17:30:44.0799 4308 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:30:44.0862 4308 udfs - ok
17:30:44.0877 4308 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:30:44.0893 4308 UI0Detect - ok
17:30:44.0908 4308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:30:44.0924 4308 uliagpkx - ok
17:30:44.0955 4308 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:30:44.0986 4308 umbus - ok
17:30:44.0986 4308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:30:45.0002 4308 UmPass - ok
17:30:45.0080 4308 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:30:45.0096 4308 Updater Service - ok
17:30:45.0127 4308 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:30:45.0189 4308 upnphost - ok
17:30:45.0236 4308 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:30:45.0267 4308 usbaudio - ok
17:30:45.0283 4308 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:45.0314 4308 usbccgp - ok
17:30:45.0345 4308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:30:45.0392 4308 usbcir - ok
17:30:45.0423 4308 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:30:45.0439 4308 usbehci - ok
17:30:45.0470 4308 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:30:45.0517 4308 usbhub - ok
17:30:45.0532 4308 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:30:45.0564 4308 usbohci - ok
17:30:45.0610 4308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:30:45.0626 4308 usbprint - ok
17:30:45.0688 4308 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe
17:30:45.0704 4308 USBS3S4Detection - ok
17:30:45.0720 4308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:30:45.0735 4308 usbscan - ok
17:30:45.0766 4308 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:45.0798 4308 USBSTOR - ok
17:30:45.0813 4308 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:30:45.0829 4308 usbuhci - ok
17:30:45.0860 4308 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:30:45.0876 4308 usbvideo - ok
17:30:45.0891 4308 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:30:45.0922 4308 UxSms - ok
17:30:45.0969 4308 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:30:45.0985 4308 VaultSvc - ok
17:30:46.0000 4308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:30:46.0016 4308 vdrvroot - ok
17:30:46.0063 4308 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:30:46.0141 4308 vds - ok
17:30:46.0156 4308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:46.0172 4308 vga - ok
17:30:46.0188 4308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:30:46.0234 4308 VgaSave - ok
17:30:46.0281 4308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:30:46.0312 4308 vhdmp - ok
17:30:46.0312 4308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:30:46.0328 4308 viaide - ok
17:30:46.0359 4308 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:30:46.0375 4308 volmgr - ok
17:30:46.0437 4308 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:30:46.0468 4308 volmgrx - ok
17:30:46.0500 4308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:30:46.0531 4308 volsnap - ok
17:30:46.0546 4308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:30:46.0562 4308 vsmraid - ok
17:30:46.0671 4308 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:30:46.0749 4308 VSS - ok
17:30:46.0827 4308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:30:46.0858 4308 vwifibus - ok
17:30:46.0905 4308 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:30:46.0952 4308 W32Time - ok
17:30:46.0968 4308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:30:46.0983 4308 WacomPen - ok
17:30:47.0014 4308 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:47.0046 4308 WANARP - ok
17:30:47.0046 4308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:47.0077 4308 Wanarpv6 - ok
17:30:47.0202 4308 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:30:47.0264 4308 wbengine - ok
17:30:47.0326 4308 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:30:47.0373 4308 WbioSrvc - ok
17:30:47.0420 4308 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:30:47.0467 4308 wcncsvc - ok
17:30:47.0482 4308 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:30:47.0529 4308 WcsPlugInService - ok
17:30:47.0545 4308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:30:47.0560 4308 Wd - ok
17:30:47.0623 4308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:30:47.0670 4308 Wdf01000 - ok
17:30:47.0685 4308 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:30:47.0763 4308 WdiServiceHost - ok
17:30:47.0779 4308 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:30:47.0794 4308 WdiSystemHost - ok
17:30:47.0857 4308 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:30:47.0888 4308 WebClient - ok
17:30:47.0904 4308 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:30:47.0950 4308 Wecsvc - ok
17:30:47.0966 4308 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:30:48.0013 4308 wercplsupport - ok
17:30:48.0028 4308 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:30:48.0060 4308 WerSvc - ok
17:30:48.0075 4308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:30:48.0106 4308 WfpLwf - ok
17:30:48.0122 4308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:30:48.0138 4308 WIMMount - ok
17:30:48.0169 4308 WinDefend - ok
17:30:48.0169 4308 WinHttpAutoProxySvc - ok
17:30:48.0231 4308 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:30:48.0278 4308 Winmgmt - ok
17:30:48.0403 4308 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:30:48.0481 4308 WinRM - ok
17:30:48.0590 4308 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:30:48.0637 4308 Wlansvc - ok
17:30:48.0808 4308 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:30:48.0886 4308 wlidsvc - ok
17:30:48.0949 4308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:30:48.0980 4308 WmiAcpi - ok
17:30:49.0011 4308 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:30:49.0042 4308 wmiApSrv - ok
17:30:49.0074 4308 WMPNetworkSvc - ok
17:30:49.0089 4308 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:30:49.0105 4308 WPCSvc - ok
17:30:49.0152 4308 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:30:49.0167 4308 WPDBusEnum - ok
17:30:49.0183 4308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:30:49.0214 4308 ws2ifsl - ok
17:30:49.0245 4308 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:30:49.0261 4308 wscsvc - ok
17:30:49.0261 4308 WSearch - ok
17:30:49.0339 4308 WTGService (a583f4bf607ebc5709578433207a76a8) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
17:30:49.0370 4308 WTGService - ok
17:30:49.0526 4308 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:30:49.0635 4308 wuauserv - ok
17:30:49.0698 4308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:30:49.0729 4308 WudfPf - ok
17:30:49.0760 4308 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:49.0807 4308 WUDFRd - ok
17:30:49.0854 4308 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:30:49.0900 4308 wudfsvc - ok
17:30:49.0916 4308 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:30:49.0947 4308 WwanSvc - ok
17:30:49.0978 4308 X6va003 - ok
17:30:50.0010 4308 X6va005 - ok
17:30:50.0025 4308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:30:50.0197 4308 \Device\Harddisk0\DR0 - ok
17:30:50.0197 4308 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6
17:30:50.0353 4308 \Device\Harddisk6\DR6 - ok
17:30:50.0353 4308 Boot (0x1200) (0851ae516132e464fd94cf7f16afdea2) \Device\Harddisk0\DR0\Partition0
17:30:50.0353 4308 \Device\Harddisk0\DR0\Partition0 - ok
17:30:50.0368 4308 Boot (0x1200) (5c481b9d8dec64ebfbeb90c4e4a52c17) \Device\Harddisk0\DR0\Partition1
17:30:50.0368 4308 \Device\Harddisk0\DR0\Partition1 - ok
17:30:50.0384 4308 Boot (0x1200) (8ba28846e3097fa35f6fb88749e1dee1) \Device\Harddisk0\DR0\Partition2
17:30:50.0384 4308 \Device\Harddisk0\DR0\Partition2 - ok
17:30:50.0384 4308 Boot (0x1200) (11d470468b0ef056b38d561fd3a69283) \Device\Harddisk6\DR6\Partition0
17:30:50.0400 4308 \Device\Harddisk6\DR6\Partition0 - ok
17:30:50.0400 4308 ============================================================
17:30:50.0400 4308 Scan finished
17:30:50.0400 4308 ============================================================
17:30:50.0415 2768 Detected object count: 3
17:30:50.0415 2768 Actual detected object count: 3
17:31:01.0522 2768 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:01.0522 2768 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:01.0522 2768 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:01.0522 2768 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:01.0522 2768 SNP2UVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:01.0522 2768 SNP2UVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.05.2012, 16:42
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2012, 18:55
| #15 |
| | Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen Hallo, hier das ComboFix Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-01.02 - Chris 01.05.2012 19:17:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4023.2868 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
M:\install.exe
M:\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-01 bis 2012-05-01 ))))))))))))))))))))))))))))))
.
.
2012-05-01 17:31 . 2012-05-01 17:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-01 17:31 . 2012-05-01 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 11:57 . 2012-05-01 11:57 -------- d-----w- C:\_OTL
2012-04-27 14:35 . 2012-04-27 14:35 -------- d-----w- c:\program files (x86)\ESET
2012-04-27 13:50 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E5AB12-C940-461D-92D2-9DCED40ECB8A}\mpengine.dll
2012-04-23 13:14 . 2012-04-23 13:14 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-04-23 13:14 . 2012-04-23 13:14 -------- d-----w- c:\programdata\Malwarebytes
2012-04-23 13:14 . 2012-04-23 13:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 13:14 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-22 21:46 . 2012-04-22 21:49 -------- d-----w- c:\users\Chris\AppData\Roaming\Unab
2012-04-15 22:41 . 2012-04-23 03:21 -------- d-----w- c:\program files (x86)\ICQ7.7
2012-04-12 01:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 01:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 01:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 01:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 01:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 01:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 12:04 . 2012-04-06 23:48 -------- d-----w- c:\users\Chris\AppData\Local\PunkBuster
2012-04-03 22:30 . 2012-04-03 22:30 -------- d-----w- c:\users\Chris\AppData\Roaming\bizarre creations
2012-04-03 19:16 . 2012-04-23 03:21 -------- d-----w- c:\users\UpdatusUser.Chris-PC
2012-04-03 18:57 . 2012-04-11 23:18 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-03 18:56 . 2012-04-03 18:56 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 23:18 . 2011-11-09 22:33 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-11 23:18 . 2011-11-09 22:33 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-04 12:09 . 2011-11-09 22:33 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-29 01:24 . 2012-03-29 01:24 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-29 01:24 . 2012-03-29 01:24 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 00:02 . 2011-09-18 00:48 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-09-18 00:48 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2010-05-24 21:17 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2010-05-24 21:17 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2010-05-24 21:17 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-29 21:00 . 2011-04-07 21:18 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-04-07 21:19 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-04-07 21:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-04-07 21:19 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2011-04-07 21:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2010-02-17 08:47 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 11:26 . 2012-02-29 11:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-23 08:18 . 2011-01-03 20:45 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 17:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 21:12 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 21:12 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-05 01:06 . 2012-02-05 01:06 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-05 01:06 . 2012-02-05 01:06 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-05 01:06 . 2011-01-04 18:36 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-05 01:06 . 2011-01-04 18:36 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-03 04:34 . 2012-03-13 21:12 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 22:50 . 2011-01-04 12:20 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-02-02 22:50 . 2011-01-04 12:20 5265 ----a-w- c:\windows\SysWow64\nppt9x.vxd
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-24 21:11 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03 135664]
R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-11-13 117248]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03 135664]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-05-24 332272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 X6va003;X6va003;c:\users\Chris\AppData\Local\Temp\0032091.tmp [x]
R3 X6va005;X6va005;c:\users\Chris\AppData\Local\Temp\005BB94.tmp [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-06-02 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2010-11-18 330696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03 20:12]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03 20:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-24 21:11 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173601110406pe4g5v135w46i1v435
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: Interfaces\{113524B5-2A40-49CE-B4F5-CCE4B841B236}: NameServer = 62.220.18.8 89.246.64.8
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o5ptckwn.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.search.yahoo.com/web?fr=yfp-t-708
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-AdamantiumArmor-PlugIn für die deutsche Version_is1 - k:\dokumente\Games\PlugIns für Morrowind\Official PlugIns\unins001.exe
AddRemove-Bcsounds-PlugIn für die deutsche Version_is1 - k:\dokumente\Games\PlugIns für Morrowind\Official PlugIns\Entpackt\unins000.exe
AddRemove-EQB_Artifact-PlugIn für die deutsche Version_is1 - k:\dokumente\Games\PlugIns für Morrowind\Official PlugIns\Entpackt\unins001.exe
AddRemove-Firemoth-PlugIn für die deutsche Version_is1 - k:\dokumente\Games\PlugIns für Morrowind\Official PlugIns\unins003.exe
AddRemove-MasterIndex-PlugIn für die deutsche Version_is1 - k:\dokumente\Games\PlugIns für Morrowind\Official PlugIns\unins000.exe
AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\Chris\AppData\Local\Temp\0032091.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\Chris\AppData\Local\Temp\005BB94.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-959428496-2458057116-3099617895-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-959428496-2458057116-3099617895-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-959428496-2458057116-3099617895-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0e,9b,0c,22,58,4d,fa,08,3d,61,fa,b1,6c,a9,47,13,aa,ba,90,09,17,be,b8,
69,1c,75,9f,92,25,e1,6f,b4,9e,68,9a,20,f7,28,11,dd,fb,09,6f,de,d2,d0,1c,f9,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-959428496-2458057116-3099617895-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,10,03,57,8b,57,80,cf,90,c4,e9,7b,f9,ad,87,85,08,7d,a9,00,cf,
b0,eb,8b,14,c5,34,c1,01,17,55,79,10,12,ac,d1,99,47,ff,4c,40,26,c5,3d,1e,d2,\
"rkeysecu"=hex:a0,ea,c6,b6,4f,78,91,3b,4f,0f,48,e0,3c,ea,0c,d5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-01 19:40:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-05-01 17:40
.
Vor Suchlauf: 13 Verzeichnis(se), 66.359.148.544 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 65.975.087.104 Bytes frei
.
- - End Of File - - F7AF4C7C49E732AF865048CBC7D511D7
|
|
| Themen zu Vorgehensweise nach Entfernung von BKA Trojaner Clone + weitere Fragen |
| 7 viren, administrator, auslastung, bildschirm, blockiert, dateisystem, entfernen, explorer, fehler, frage, google, heuristiks/extra, heuristiks/shuriken, iexplore.exe, internet, logfile, malware bytes, neu aufsetzen, problem, schließen, software, starten, trojan.ransom, trojaner, viren, windows, windows 7 home |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
