|
Plagegeister aller Art und deren Bekämpfung: Starker Verdacht auf Virus/TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.04.2012, 12:13 | #1 |
| Starker Verdacht auf Virus/Trojaner Hallo! Mir ist aufgefallen das mein PC in den letzten Tagen deutlich langsamer wurde. Ebenfalls hat mein Antivirus (Avast) vor ca. 2 Wochen einen Trojaner gefunden, der aber gelöscht wurde, daher dachte ich es wäre wieder alles okay. Naja, ich habe nun wie in der Anleitung beschrieben die 3 Programme laufen lassen und die Logfiles angehängt. Ich hoffe ihr könnt mir weiterhelfen! MfG Mhh, hab ich was falsch gemacht? Ich möchte ja nicht nerven aber ich glaube mein Thread geht langsam unter Geändert von Da GuRu (30.04.2012 um 18:06 Uhr) Grund: Starker Verdacht auf Virus/Trojaner |
30.04.2012, 19:14 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/TrojanerZitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
30.04.2012, 19:55 | #3 |
| Starker Verdacht auf Virus/Trojaner Avast Reports:
__________________Code:
ATTFilter C:\Users\****\AppData\Local\Temp\cgs8h0.exe Bedrohung: Win32:Rootkit-gen [Rtk] C:\Users\****\AppData\Local\Temp\cgs8h1.exe Bedrohung: Win32:Rootkit-gen [Rtk] C:\Users\****\AppData\Local\Temp\cgs8h2.exe Bedrohung: Win32:Rootkit-gen [Rtk] C:\Users\****\AppData\Local\Temp\cgs8h3.exe Bedrohung: Win32:Rootkit-gen [Rtk] Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:21 on 30/04/2012 (****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- [code].DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by **** at 12:22:49 on 2012-04-30 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3583.2406 [GMT 2:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.facemoods.com/?a=ddrnw mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [PlayNC Launcher] mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [VIAAUD] c:\program files\via\viaudioi\vdeck\VIAAUD.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Free YouTube to MP3 Converter - c:\users\****\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\57E6A756E6762757265627 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\64259445A51224F6870275C414E40233033303 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\16577656 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\D496B6B6F6C69636A71224F68702 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593} : DhcpNameServer = 192.168.2.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\****\appdata\roaming\mozilla\firefox\profiles\wxoysspe.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw FF - prefs.js: network.proxy.http - 70.89.2.57 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\users\****\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-18 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-18 337880] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-16 218688] R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2010-8-10 11392] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-12-5 291840] R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2011-6-24 39424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-18 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-18 57688] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-25 44768] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-30 2358656] R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-6-1 37944] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-6 9067008] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-6 264192] R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-10-27 1559552] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-11-23 131856] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2012-1-7 95304] S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\drivers\wg111v3.sys [2011-7-8 376832] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 583680] S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-03-24 22:43:28 314880 ----a-w- c:\windows\system32\fmodex.dll 2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-06 05:59:41 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-06 05:59:41 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 12:23:15,06 =============== --- --- --- Attach: Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 01.06.2011 19:12:03 System Uptime: 30.04.2012 11:58:03 (1 hours ago) . Motherboard: ASRock | | N68-S3 UCC Processor: AMD Phenom(tm) II X6 1055T Processor | CPUSocket | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 395,408 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP187: 17.04.2012 23:12:30 - Windows Update RP188: 21.04.2012 03:32:02 - Windows Update RP189: 24.04.2012 17:53:41 - Windows Update RP190: 27.04.2012 20:02:31 - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.1) - Deutsch Aion AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Application Support Apple Software Update ASIO4ALL µTorrent Audiosurf avast! Free Antivirus Battlefield Play4Free Belkin Connect Wireless USB Adapter Bully Scholarship Edition Camtasia Studio 7 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CPUCooL (remove only) Curse Client D3DX10 DAEMON Tools Lite Diablo III Beta DIE SIEDLER - Das Erbe der Könige EVE Online (remove only) Fallout New Vegas FL Studio 10 FL Studio 9 Forsaken World Fraps (remove only) Free YouTube to MP3 Converter version 3.10.5.722 Garena 2010 GIMP 2.6.11 Global Agenda GUILD WARS Half-Life 2 Half-Life 2: Episode One Hardcore Hydra VSTi/DXi v1.2 IL Download Manager ILLUSION RapeLay iZotope Ozone 4 JA Launcher Java Auto Updater Java(TM) 6 Update 30 JDownloader 0.9 League of Legends LogMeIn Hamachi LOLReplay Malwarebytes Anti-Malware Version 1.60.1.1000 Mass Effect 2 German Messenger Plus! 5 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft XNA Framework Redistributable 4.0 MotioninJoy ds3 driver version 0.6.0005 Mozilla Firefox 11.0 (x86 de) MSVCRT MTA:SA v1.0.5 NCsoft Launcher NETGEAR WG111v3 wireless USB 2.0 adapter NVIDIA Drivers NVIDIA PhysX Ohm Force - Ohmicide VST Orcs Must Die! Pando Media Booster Platform PoiZone PunkBuster Services QuickTime Realtek High Definition Audio Driver reFX Nexus VSTi RTAS v2.2.0 Sandboxie 3.62 (32-bit) Sawer Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sonic Charge µTonic VSTi v2.0.1 Spiral Knights Supreme Commander Supreme Commander 2 Supreme Commander: Forged Alliance Sylenth1 v2.20 TeamSpeak 3 Client TeamViewer 6 Terraria thriXXX 3DSexVilla2-114.001 TmNationsForever Toxic Biohazard TP-LINK Drahtlos Tool Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VIA Plattform-Geräte-Manager VirtualDJ Home FREE Vista Anti-Lag 1.1.1 VLC media player 1.1.10 Waves Diamond Bundle v5.2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.01 (32-Bit) World of Warcraft X-Universe Plugin Manager V1.30 by Cycrow X3 Terran Conflict v3.1 . ==== End Of File =========================== Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-04-30 13:09:53 Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000069 SAMSUNG_ rev.1AJ1 Running: v7pnp6d1.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldqpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9203CDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x92384A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9203D85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x920422E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x92042330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x92042422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x92042252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x92042374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9204229A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x920423DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9203CE44] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x92384B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9203CAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9203CE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9203FD1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9203DB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9204230E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x92042352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x92042446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x92042278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x920423AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x920422C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x92042400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x92384CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9203D9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9203CEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9203CF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9203CB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9203CCEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9203CC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9203CD5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x92384D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9203CF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x92384BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9239AD92] Code 9A668BFC ZwTraceEvent Code 9A668BFB NtTraceEvent Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!NtTraceEvent 82E71E24 5 Bytes JMP 9A668C00 .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E825C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA7092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 244 82EAE884 4 Bytes [F8, CD, 03, 92] {CLC ; INT 0x3; XCHG EDX, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 26C 82EAE8AC 4 Bytes [5A, 4A, 38, 92] .text ntkrnlpa.exe!RtlSidHashLookup + 2CC 82EAE90C 2 Bytes [5E, D8] .text ntkrnlpa.exe!RtlSidHashLookup + 2CF 82EAE90F 1 Byte [92] .text ntkrnlpa.exe!RtlSidHashLookup + 320 82EAE960 8 Bytes [E4, 22, 04, 92, 30, 23, 04, ...] {IN AL, 0x22; ADD AL, 0x92; XOR [EBX], AH; ADD AL, 0x92} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830483BE 5 Bytes JMP 92397C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 830620CD 5 Bytes JMP 92399764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830AC75A 4 Bytes CALL 9203E1B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 830B474B 5 Bytes JMP 9A668DE0 PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830B486B 4 Bytes CALL 9203E1CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 830B6173 5 Bytes JMP 9A668D40 PAGE ntkrnlpa.exe!NtRequestPort + 2 830CA3D9 5 Bytes JMP 9A668CA0 PAGE ntkrnlpa.exe!ZwCreateProcessEx 8311A4FE 7 Bytes JMP 9239AD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9623A000, 0x3C12C5, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x95DB5300, 0x1BCE, 0xE8000020] ? C:\Users\****\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! .text kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[388] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[388] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[388] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[512] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\csrss.exe[520] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000A03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000A01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000D0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000D03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000D0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000D01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000D0600 .text C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\lsass.exe[580] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[580] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[580] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\lsass.exe[580] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001D0A08 .text C:\Windows\system32\lsass.exe[580] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001D03FC .text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001D0804 .text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001D01F8 .text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001D0600 .text C:\Windows\system32\lsm.exe[588] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[588] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[588] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[728] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC .text C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8 .text C:\Windows\system32\atiesrxx.exe[916] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002F0A08 .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002F03FC .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002F0804 .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002F01F8 .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002F0600 .text C:\Windows\system32\AUDIODG.EXE[940] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000A03FC .text C:\Windows\system32\AUDIODG.EXE[940] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000A01F8 .text C:\Windows\system32\AUDIODG.EXE[940] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001403FC .text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00140804 .text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00140600 .text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002B0A08 .text C:\Windows\System32\svchost.exe[984] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002B03FC .text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002B0804 .text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002B01F8 .text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002B0600 .text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00940A08 .text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 009403FC .text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00940804 .text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 009401F8 .text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00940600 .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00AF0A08 .text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 00AF03FC .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00AF0804 .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 00AF01F8 .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00AF0600 .text C:\Windows\system32\wbem\wmiprvse.exe[1176] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[1176] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1176] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001103FC .text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00110804 .text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00110600 .text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00570A08 .text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 005703FC .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00570804 .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 005701F8 .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00570600 .text C:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000903FC .text C:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000901F8 .text C:\Program Files\Sandboxie\SbieSvc.exe[1272] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00230A08 .text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002303FC .text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00230804 .text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002301F8 .text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00230600 .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC .text C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8 .text C:\Windows\system32\atieclxx.exe[1432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00180A08 .text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001803FC .text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00180804 .text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001801F8 .text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00180600 .text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 769130E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8 .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001F03FC .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001F0804 .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001F01F8 .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001F0600 .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00090A08 .text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000903FC .text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExW 767D210A 3 Bytes JMP 00090804 .text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExW + 4 767D210E 1 Byte [89] .text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWinEventHook 767D507E 3 Bytes JMP 000901F8 .text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWinEventHook + 4 767D5082 1 Byte [89] .text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00090600 .text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00210A08 .text C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002103FC .text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00210804 .text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002101F8 .text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00210600 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00090A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000903FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExW 767D210A 3 Bytes JMP 00090804 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExW + 4 767D210E 1 Byte [89] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWinEventHook 767D507E 3 Bytes JMP 000901F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWinEventHook + 4 767D5082 1 Byte [89] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00090600 .text C:\Users\****\Desktop\v7pnp6d1.exe[1876] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000A0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000A03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000A0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000A01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000A0600 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1916] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002F0A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002F03FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002F0804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002F01F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002F0600 .text C:\Windows\system32\wuauclt.exe[1960] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[1960] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[1960] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001003FC .text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00100804 .text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\PnkBstrA.exe[2012] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001503FC .text C:\Windows\system32\PnkBstrA.exe[2012] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001501F8 .text C:\Windows\system32\PnkBstrA.exe[2012] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001F0A08 .text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001F03FC .text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001F0804 .text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001F01F8 .text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 58259720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MapViewOfFile 7690C05C 5 Bytes JMP 5848E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!VirtualAlloc 76910594 5 Bytes JMP 5848E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2244] GDI32.dll!CreateDIBSection 76CC85F0 5 Bytes JMP 5848E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\System32\svchost.exe[2320] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2320] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2320] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[2320] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00210A08 .text C:\Windows\System32\svchost.exe[2320] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002103FC .text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00210804 .text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002101F8 .text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00210600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001C0A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001C03FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001C0804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001C01F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!GetWindowInfo 767D6A82 5 Bytes JMP 583CFE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!TrackPopupMenu 767F4B3B 5 Bytes JMP 583D03C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001C0600 .text C:\Windows\system32\taskhost.exe[2512] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[2512] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[2512] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2512] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[2512] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000E0600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2560] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[2720] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[2720] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00170804 .text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00170600 .text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2876] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Dwm.exe[2876] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000F03FC .text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000F0600 .text C:\Windows\Explorer.EXE[3000] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 002F03FC .text C:\Windows\Explorer.EXE[3000] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 002F01F8 .text C:\Windows\Explorer.EXE[3000] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\Explorer.EXE[3000] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 003A0A08 .text C:\Windows\Explorer.EXE[3000] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 003A03FC .text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 003A0804 .text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 003A01F8 .text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 003A0600 .text C:\Windows\system32\taskhost.exe[3112] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[3112] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[3112] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\taskhost.exe[3112] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskhost.exe[3112] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000803FC .text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00080804 .text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00080600 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00360A08 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 003603FC .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00360804 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 003601F8 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00360600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[3584] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00150A08 .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001503FC .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00150804 .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001501F8 .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00150600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4036] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Files - GMER 1.0.15 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000 0 bytes File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267 0 bytes File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267\PEV.DAT_{fab77c91-92aa-11e1-9930-0025229459ae} 0 bytes File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267\PEV.DAT_{fab77cab-92aa-11e1-9930-0025229459ae} 0 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 5120 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TMContainer00000000000000000002.regtrans-ms 524288 bytes |
01.05.2012, 14:06 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
01.05.2012, 19:45 | #5 |
| Starker Verdacht auf Virus/Trojaner Servus, tut mir leid das ich jetzt erst antworte, die Scans haben ewig gedauert Hier die Ergebnisse: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1494124cc92bd548aa1ba7646097929e # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-01 06:39:14 # local_time=2012-05-01 08:39:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776573 100 94 1365 88326770 0 0 # compatibility_mode=8192 67108863 100 0 241 241 0 0 # scanned=195866 # found=5 # cleaned=0 # scan_time=5927 C:\ProgramData\TmForever\Cache\0FE870AD2DFE199A115E0F2542758E69_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Sandbox\****\DefaultBox\drive\C\Windows\system32\install\WindowsUpdater.exe probably a variant of Win32/TrojanDropper.VB.GADMGGH trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\TmForever\Cache\0FE870AD2DFE199A115E0F2542758E69_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\****\AppData\Local\Temp\jar_cache3327211295830174052.tmp Java/Exploit.CVE-2012-0507.D trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\****\AppData\Local\Temp\Main.class a variant of Java/TrojanDownloader.Agent.NEC trojan (unable to clean) 00000000000000000000000000000000 I Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.01.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 **** :: **** [Administrator] 01.05.2012 17:40:42 mbam-log-2012-05-01 (17-40-42).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355621 Laufzeit: 1 Stunde(n), 13 Minute(n), 52 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\57E6A756E6762757265627 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\64259445A51224F6870275C414E40233033303 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\16577656 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\D496B6B6F6C69636A71224F68702 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593} : DhcpNameServer = 192.168.2.1 Grüße! |
02.05.2012, 12:34 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ --> Starker Verdacht auf Virus/Trojaner |
02.05.2012, 13:21 | #7 |
| Starker Verdacht auf Virus/Trojaner Das war der erste Fullscan, ansonsten habe ich Malwarebytes immer nur für einzelne Dateien verwendet. |
02.05.2012, 14:03 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 14:11 | #9 |
| Starker Verdacht auf Virus/Trojaner Das ist ja das komische, ich bin mir sicher das mit meinem Rechner was faul ist, aber im Startmenü ist alles vorhanden und es funktioniert auch alles wunderbar.. |
02.05.2012, 14:48 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 16:13 | #11 |
| Starker Verdacht auf Virus/TrojanerCode:
ATTFilter OTL logfile created on: 02.05.2012 15:58:44 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\****\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,89% Memory free 7,00 Gb Paging File | 5,59 Gb Available in Paging File | 79,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,41 Gb Total Space | 393,25 Gb Free Space | 42,22% Space Free | Partition Type: NTFS Computer Name:****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.02 15:56:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.12.06 05:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.12.05 23:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.12.04 15:48:54 | 001,728,512 | ---- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe ========== Modules (No Company Name) ========== MOD - [2012.04.12 19:19:47 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be286ce65226e3b86d3a90bc516a5adc\WindowsFormsIntegration.ni.dll MOD - [2012.04.12 09:52:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll MOD - [2012.04.12 09:52:41 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d932bdb0712c33e0000c75035dbe74d1\PresentationFramework.ni.dll MOD - [2012.04.12 09:52:17 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll MOD - [2012.04.12 09:52:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll MOD - [2012.04.12 09:52:08 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\66fdd11e758f6c833fbc173338c1ff5b\PresentationCore.ni.dll MOD - [2012.02.15 18:02:28 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll MOD - [2012.02.15 17:17:36 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll MOD - [2012.02.15 17:17:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll MOD - [2012.02.15 17:16:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll MOD - [2012.02.15 17:16:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MOD - [2012.02.15 17:16:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MOD - [2012.02.15 17:16:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2011.12.05 23:14:02 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2011.12.05 23:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.10.13 19:10:12 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll MOD - [2011.10.13 19:08:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2009.11.03 11:11:50 | 047,628,288 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.05.07 16:53:18 | 000,106,496 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.05.07 16:50:46 | 000,073,728 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008.02.14 13:57:00 | 000,094,208 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\CPUCooL\CooLSrv.exe -- (CPUCooLServer) SRV - [2012.03.24 18:03:20 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.12.05 23:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - [2012.03.07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.03.07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.03.07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.03.07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.03.07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.03.07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.01.16 14:58:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.12.06 05:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.12.06 04:11:50 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.11.23 15:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.11.10 19:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2011.10.17 19:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011.08.06 15:37:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.08.06 15:37:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.06.24 07:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01) DRV - [2010.11.11 21:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2010.09.16 19:33:40 | 001,559,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2010.08.10 15:49:36 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiomin.sys -- (ntiomin) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.01.06 17:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.11.25 21:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.11.18 18:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.04.30 13:06:56 | 000,287,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 05 63 4A 55 CC 01 [binary data] IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw" FF - prefs.js..network.proxy.http: "70.89.2.57" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.25 16:33:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 20:18:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.01 20:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.05.01 00:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions [2012.03.04 19:17:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.07.22 22:51:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.01 00:54:26 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.01 17:52:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.07.22 18:40:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\battlefieldplay4free@ea.com [2012.01.16 01:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.25 16:33:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXOYSSPE.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXOYSSPE.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.03.20 20:18:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.21 21:52:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.21 21:52:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.21 21:52:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 21:31:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.21 21:52:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.21 21:52:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.21 21:52:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found O4 - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell - "" = AutoRun O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell\AutoRun\command - "" = E:\StartSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk - C:\Programme\NETGEAR\WG111v3\WG111v3.exe - () MsConfig - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: PlusService - hkey= - key= - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.01 18:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.01 00:54:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\QuickScan [2012.04.30 12:09:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\****\Desktop\dds.com [2012.04.20 17:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta [2012.04.20 17:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III Beta [2012.04.20 17:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.04.05 22:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.04.05 21:54:58 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\BioWare [2012.04.05 21:17:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Unleashed [2012.04.05 21:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2 [2012.04.05 21:08:16 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\NFS Most Wanted [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.02 12:48:23 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.02 12:48:23 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.02 12:41:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.02 12:40:59 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys [2012.05.01 17:39:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.30 13:12:37 | 000,012,204 | ---- | M] () -- C:\Users\****\Desktop\Desktop.zip [2012.04.30 12:13:16 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\v7pnp6d1.exe [2012.04.30 12:09:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\****\Desktop\dds.com [2012.04.30 12:08:17 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2012.04.30 12:07:44 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe [2012.04.29 22:06:18 | 311,525,463 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.04.20 21:25:32 | 000,278,561 | ---- | M] () -- C:\Users\****\Desktop\Minecraft.exe [2012.04.20 17:27:56 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk [2012.04.11 22:21:45 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.11 22:21:45 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.11 22:21:45 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.11 22:21:45 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.07 19:28:34 | 000,001,674 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.04.05 22:51:58 | 000,001,514 | ---- | M] () -- C:\Users\****\Desktop\MassEffect2Launcher - Verknüpfung.lnk [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.03 15:58:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.04.03 14:48:43 | 000,000,854 | ---- | M] () -- C:\Users\****\.recently-used.xbel [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.30 13:12:37 | 000,012,204 | ---- | C] () -- C:\Users\****\Desktop\Desktop.zip [2012.04.30 12:13:08 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\v7pnp6d1.exe [2012.04.30 12:08:17 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2012.04.30 12:07:43 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2012.04.20 21:25:26 | 000,278,561 | ---- | C] () -- C:\Users\****\Desktop\Minecraft.exe [2012.04.20 17:27:27 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk [2012.04.05 22:51:58 | 000,001,514 | ---- | C] () -- C:\Users\****\Desktop\MassEffect2Launcher - Verknüpfung.lnk [2012.04.03 14:48:43 | 000,000,854 | ---- | C] () -- C:\Users\****\.recently-used.xbel [2012.02.28 17:55:01 | 000,007,680 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.30 20:00:38 | 000,001,674 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.12.06 04:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2011.12.06 04:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.11.14 21:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.06 15:37:01 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.08.06 15:37:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.07.22 19:27:38 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.07.22 19:27:37 | 000,138,056 | ---- | C] () -- C:\Users\****\AppData\Roaming\PnkBstrK.sys [2011.07.22 19:27:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.07.22 19:27:11 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.07.11 12:15:29 | 000,051,222 | ---- | C] () -- C:\Users\****\AppData\Roaming\room_v3.dat [2011.06.18 22:30:03 | 1782,587,392 | -H-- | C] () -- C:\Program Files\DATA1.CAB.gpotato [2011.06.18 18:10:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.06.01 20:53:08 | 000,704,512 | ---- | C] () -- C:\Windows\System32\cohelper.dll [2011.06.01 20:53:08 | 000,005,940 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.06.01 19:57:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.30 19:07:10 | 001,031,168 | ---- | C] () -- C:\Windows\System32\spk.dll [2010.11.11 21:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2010.08.10 15:49:36 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys ========== LOP Check ========== [2012.04.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2011.09.11 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.07.22 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.07.22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.16 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2011.06.18 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios [2011.10.19 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Image-Line [2011.10.26 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iZotope [2011.06.02 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2012.01.07 05:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy [2011.12.17 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mp3DirectCut [2012.05.01 00:54:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan [2011.10.19 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SynthMaker [2011.07.11 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.09.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\thriXXX [2011.07.06 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.09.07 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity [2011.11.03 05:35:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2012.04.05 22:17:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.04.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2011.06.23 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe [2011.12.30 15:27:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer [2011.06.01 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI [2011.09.11 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.07.22 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.07.22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.16 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2011.06.18 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios [2011.06.01 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities [2011.10.19 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Image-Line [2011.09.18 22:59:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield [2011.09.11 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield Installation Information [2011.10.26 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iZotope [2011.06.02 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2011.06.01 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia [2011.09.09 04:22:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs [2011.09.18 23:00:45 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft [2012.01.07 05:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy [2011.06.01 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla [2011.12.17 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mp3DirectCut [2012.05.01 00:54:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan [2011.08.19 02:27:40 | 000,000,000 | RH-D | M] -- C:\Users\****\AppData\Roaming\SecuROM [2012.05.01 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype [2011.10.19 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SynthMaker [2011.07.11 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.09.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\thriXXX [2011.07.06 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.09.07 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity [2011.11.03 05:35:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2011.06.18 01:09:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc [2011.06.02 15:00:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.09.11 18:43:45 | 000,331,776 | ---- | M] (Rockstar Games ) -- C:\Users\****\AppData\Roaming\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe [2011.06.01 21:05:18 | 000,038,208 | ---- | M] () -- C:\Users\****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.09.18 05:18:54 | 005,185,536 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe [2011.09.18 05:18:54 | 000,028,672 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe [2011.06.20 18:37:08 | 001,004,928 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\wxoysspe.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe < %SYSTEMDRIVE%\*.exe > [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\cmd.exe [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [1 C:\*.tmp files -> C:\*.tmp -> ] < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.12.06 05:12:52 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll ========== Files - Unicode (All) ========== [2011.06.28 19:05:29 | 000,000,988 | ---- | M] ()(C:\Users\****\AppData\Local\PMB Filer?pa) -- C:\Users\****\AppData\Local\PMB Filer耯pa [2011.06.28 18:55:33 | 000,000,988 | ---- | C] ()(C:\Users\****\AppData\Local\PMB Filer?pa) -- C:\Users\****\AppData\Local\PMB Filer耯pa < End of report > |
02.05.2012, 18:46 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 05 63 4A 55 CC 01 [binary data] IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw" FF - prefs.js..network.proxy.http: "70.89.2.57" FF - prefs.js..network.proxy.http_port: 8080 FF - user.js - File not found [2011.08.12 21:31:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found O4 - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000..\Run: [PlayNC Launcher] File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell - "" = AutoRun O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell\AutoRun\command - "" = E:\StartSetup.exe :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 22:00 | #13 |
| Starker Verdacht auf Virus/TrojanerCode:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found. Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: "hxxp://start.facemoods.com/?a=ddrnw" removed from browser.startup.homepage Prefs.js: "70.89.2.57" removed from network.proxy.http Prefs.js: 8080 removed from network.proxy.http_port C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VIAAUD deleted successfully. Registry value HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found. File D:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found. File E:\StartSetup.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: **** ->Temp folder emptied: 2946953418 bytes ->Temporary Internet Files folder emptied: 41529381 bytes ->Java cache emptied: 555384 bytes ->FireFox cache emptied: 677822679 bytes ->Flash cache emptied: 64782 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 132512897 bytes RecycleBin emptied: 8874440 bytes Total Files Cleaned = 3.632,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: **** ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.42.2 log created on 05022012_225552 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
03.05.2012, 14:10 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
03.05.2012, 17:32 | #15 |
| Starker Verdacht auf Virus/Trojaner Puh, endlich mal ein Scan der keine 2 Stunden braucht: Code:
ATTFilter 18:29:28.0202 2864 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 18:29:28.0300 2864 ============================================================ 18:29:28.0300 2864 Current date / time: 2012/05/03 18:29:28.0300 18:29:28.0300 2864 SystemInfo: 18:29:28.0300 2864 18:29:28.0300 2864 OS Version: 6.1.7600 ServicePack: 0.0 18:29:28.0300 2864 Product type: Workstation 18:29:28.0300 2864 ComputerName: NICO-PC 18:29:28.0301 2864 UserName: Nico 18:29:28.0301 2864 Windows directory: C:\Windows 18:29:28.0301 2864 System windows directory: C:\Windows 18:29:28.0301 2864 Processor architecture: Intel x86 18:29:28.0301 2864 Number of processors: 6 18:29:28.0301 2864 Page size: 0x1000 18:29:28.0301 2864 Boot type: Normal boot 18:29:28.0301 2864 ============================================================ 18:29:29.0412 2864 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050 18:29:29.0414 2864 ============================================================ 18:29:29.0414 2864 \Device\Harddisk0\DR0: 18:29:29.0414 2864 MBR partitions: 18:29:29.0414 2864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:29:29.0414 2864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800 18:29:29.0414 2864 ============================================================ 18:29:29.0421 2864 C: <-> \Device\Harddisk0\DR0\Partition1 18:29:29.0422 2864 ============================================================ 18:29:29.0422 2864 Initialize success 18:29:29.0422 2864 ============================================================ 18:29:40.0450 3360 ============================================================ 18:29:40.0450 3360 Scan started 18:29:40.0450 3360 Mode: Manual; SigCheck; TDLFS; 18:29:40.0450 3360 ============================================================ 18:29:41.0259 3360 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 18:29:41.0313 3360 1394ohci - ok 18:29:41.0338 3360 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 18:29:41.0351 3360 ACPI - ok 18:29:41.0406 3360 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 18:29:41.0428 3360 AcpiPmi - ok 18:29:41.0566 3360 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 18:29:41.0576 3360 AdobeARMservice - ok 18:29:41.0610 3360 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 18:29:41.0625 3360 adp94xx - ok 18:29:41.0669 3360 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 18:29:41.0683 3360 adpahci - ok 18:29:41.0693 3360 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 18:29:41.0705 3360 adpu320 - ok 18:29:41.0728 3360 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 18:29:41.0764 3360 AeLookupSvc - ok 18:29:41.0841 3360 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 18:29:41.0896 3360 AFD - ok 18:29:41.0930 3360 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 18:29:41.0958 3360 agp440 - ok 18:29:41.0990 3360 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 18:29:42.0000 3360 aic78xx - ok 18:29:42.0059 3360 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 18:29:42.0101 3360 ALG - ok 18:29:42.0126 3360 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 18:29:42.0136 3360 aliide - ok 18:29:42.0170 3360 AMD External Events Utility (ec98ca8298f67926fa50876348534b1d) C:\Windows\system32\atiesrxx.exe 18:29:42.0255 3360 AMD External Events Utility - ok 18:29:42.0311 3360 AMD FUEL Service - ok 18:29:42.0387 3360 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 18:29:42.0400 3360 amdagp - ok 18:29:42.0412 3360 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 18:29:42.0421 3360 amdide - ok 18:29:42.0434 3360 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys 18:29:42.0664 3360 amdiox86 - ok 18:29:42.0683 3360 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 18:29:42.0715 3360 AmdK8 - ok 18:29:42.0933 3360 amdkmdag (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys 18:29:43.0076 3360 amdkmdag - ok 18:29:43.0155 3360 amdkmdap (5e1c65524ff1713711ce27879d813384) C:\Windows\system32\DRIVERS\atikmpag.sys 18:29:43.0186 3360 amdkmdap - ok 18:29:43.0224 3360 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 18:29:43.0252 3360 AmdPPM - ok 18:29:43.0288 3360 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 18:29:43.0316 3360 amdsata - ok 18:29:43.0333 3360 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 18:29:43.0347 3360 amdsbs - ok 18:29:43.0365 3360 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 18:29:43.0374 3360 amdxata - ok 18:29:43.0443 3360 AODDriver4.01 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys 18:29:43.0476 3360 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - warning 18:29:43.0476 3360 AODDriver4.01 - detected UnsignedFile.Multi.Generic (1) 18:29:43.0493 3360 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 18:29:43.0508 3360 AppID - ok 18:29:43.0529 3360 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 18:29:43.0561 3360 AppIDSvc - ok 18:29:43.0579 3360 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll 18:29:43.0605 3360 Appinfo - ok 18:29:43.0626 3360 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 18:29:43.0637 3360 arc - ok 18:29:43.0663 3360 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 18:29:43.0673 3360 arcsas - ok 18:29:43.0757 3360 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 18:29:43.0766 3360 aspnet_state - ok 18:29:43.0815 3360 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys 18:29:43.0826 3360 aswFsBlk - ok 18:29:43.0861 3360 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys 18:29:43.0870 3360 aswMonFlt - ok 18:29:43.0930 3360 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys 18:29:43.0938 3360 aswRdr - ok 18:29:43.0957 3360 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys 18:29:43.0973 3360 aswSnx - ok 18:29:43.0999 3360 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys 18:29:44.0011 3360 aswSP - ok 18:29:44.0023 3360 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys 18:29:44.0033 3360 aswTdi - ok 18:29:44.0048 3360 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 18:29:44.0087 3360 AsyncMac - ok 18:29:44.0106 3360 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 18:29:44.0117 3360 atapi - ok 18:29:44.0187 3360 athur (257c58cddbcb02fd38675ed6df76037d) C:\Windows\system32\DRIVERS\athur.sys 18:29:44.0229 3360 athur - ok 18:29:44.0357 3360 AtiHDAudioService (7725aecceddf81bd8374c77157e450ea) C:\Windows\system32\drivers\AtihdW73.sys 18:29:44.0367 3360 AtiHDAudioService - ok 18:29:44.0418 3360 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys 18:29:44.0443 3360 atksgt - ok 18:29:44.0480 3360 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll 18:29:44.0521 3360 AudioEndpointBuilder - ok 18:29:44.0526 3360 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll 18:29:44.0549 3360 Audiosrv - ok 18:29:44.0631 3360 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 18:29:44.0649 3360 avast! Antivirus - ok 18:29:44.0674 3360 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll 18:29:44.0701 3360 AxInstSV - ok 18:29:44.0744 3360 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 18:29:44.0770 3360 b06bdrv - ok 18:29:44.0794 3360 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 18:29:44.0821 3360 b57nd60x - ok 18:29:44.0837 3360 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 18:29:44.0849 3360 BDESVC - ok 18:29:44.0857 3360 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 18:29:44.0898 3360 Beep - ok 18:29:44.0923 3360 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll 18:29:44.0961 3360 BFE - ok 18:29:44.0997 3360 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll 18:29:45.0044 3360 BITS - ok 18:29:45.0059 3360 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 18:29:45.0070 3360 blbdrive - ok 18:29:45.0083 3360 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 18:29:45.0095 3360 bowser - ok 18:29:45.0103 3360 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:29:45.0125 3360 BrFiltLo - ok 18:29:45.0141 3360 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:29:45.0166 3360 BrFiltUp - ok 18:29:45.0187 3360 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll 18:29:45.0247 3360 Browser - ok 18:29:45.0272 3360 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 18:29:45.0288 3360 Brserid - ok 18:29:45.0299 3360 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 18:29:45.0331 3360 BrSerWdm - ok 18:29:45.0354 3360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:29:45.0383 3360 BrUsbMdm - ok 18:29:45.0397 3360 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 18:29:45.0441 3360 BrUsbSer - ok 18:29:45.0458 3360 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 18:29:45.0488 3360 BTHMODEM - ok 18:29:45.0511 3360 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 18:29:45.0533 3360 bthserv - ok 18:29:45.0556 3360 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 18:29:45.0596 3360 cdfs - ok 18:29:45.0630 3360 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 18:29:45.0657 3360 cdrom - ok 18:29:45.0690 3360 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll 18:29:45.0726 3360 CertPropSvc - ok 18:29:45.0741 3360 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 18:29:45.0752 3360 circlass - ok 18:29:45.0773 3360 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 18:29:45.0787 3360 CLFS - ok 18:29:45.0839 3360 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:29:45.0848 3360 clr_optimization_v2.0.50727_32 - ok 18:29:45.0897 3360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:29:45.0907 3360 clr_optimization_v4.0.30319_32 - ok 18:29:45.0917 3360 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 18:29:45.0929 3360 CmBatt - ok 18:29:45.0934 3360 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 18:29:45.0945 3360 cmdide - ok 18:29:45.0983 3360 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys 18:29:46.0001 3360 CNG - ok 18:29:46.0012 3360 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 18:29:46.0023 3360 Compbatt - ok 18:29:46.0034 3360 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 18:29:46.0055 3360 CompositeBus - ok 18:29:46.0073 3360 COMSysApp - ok 18:29:46.0104 3360 CPUCooLServer - ok 18:29:46.0118 3360 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 18:29:46.0126 3360 crcdisk - ok 18:29:46.0189 3360 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll 18:29:46.0224 3360 CryptSvc - ok 18:29:46.0388 3360 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll 18:29:46.0420 3360 DcomLaunch - ok 18:29:46.0444 3360 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 18:29:46.0469 3360 defragsvc - ok 18:29:46.0513 3360 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 18:29:46.0537 3360 DfsC - ok 18:29:46.0567 3360 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll 18:29:46.0594 3360 Dhcp - ok 18:29:46.0615 3360 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 18:29:46.0635 3360 discache - ok 18:29:46.0665 3360 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 18:29:46.0675 3360 Disk - ok 18:29:46.0696 3360 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll 18:29:46.0721 3360 Dnscache - ok 18:29:46.0739 3360 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll 18:29:46.0777 3360 dot3svc - ok 18:29:46.0795 3360 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll 18:29:46.0821 3360 DPS - ok 18:29:46.0843 3360 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 18:29:46.0885 3360 drmkaud - ok 18:29:46.0939 3360 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 18:29:46.0950 3360 dtsoftbus01 - ok 18:29:46.0989 3360 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 18:29:47.0005 3360 DXGKrnl - ok 18:29:47.0015 3360 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 18:29:47.0041 3360 EapHost - ok 18:29:47.0124 3360 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 18:29:47.0187 3360 ebdrv - ok 18:29:47.0275 3360 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe 18:29:47.0335 3360 EFS - ok 18:29:47.0398 3360 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe 18:29:47.0426 3360 ehRecvr - ok 18:29:47.0452 3360 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 18:29:47.0477 3360 ehSched - ok 18:29:47.0515 3360 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 18:29:47.0531 3360 elxstor - ok 18:29:47.0540 3360 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 18:29:47.0568 3360 ErrDev - ok 18:29:47.0598 3360 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 18:29:47.0635 3360 EventSystem - ok 18:29:47.0655 3360 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 18:29:47.0677 3360 exfat - ok 18:29:47.0690 3360 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 18:29:47.0723 3360 fastfat - ok 18:29:47.0758 3360 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe 18:29:47.0788 3360 Fax - ok 18:29:47.0810 3360 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 18:29:47.0831 3360 fdc - ok 18:29:47.0848 3360 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 18:29:47.0879 3360 fdPHost - ok 18:29:47.0892 3360 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 18:29:47.0934 3360 FDResPub - ok 18:29:47.0954 3360 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 18:29:47.0963 3360 FileInfo - ok 18:29:47.0975 3360 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 18:29:48.0006 3360 Filetrace - ok 18:29:48.0032 3360 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 18:29:48.0055 3360 flpydisk - ok 18:29:48.0076 3360 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 18:29:48.0086 3360 FltMgr - ok 18:29:48.0130 3360 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll 18:29:48.0166 3360 FontCache - ok 18:29:48.0243 3360 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:29:48.0250 3360 FontCache3.0.0.0 - ok 18:29:48.0258 3360 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 18:29:48.0269 3360 FsDepends - ok 18:29:48.0301 3360 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys 18:29:48.0311 3360 Fs_Rec - ok 18:29:48.0336 3360 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 18:29:48.0353 3360 fvevol - ok 18:29:48.0377 3360 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 18:29:48.0389 3360 gagp30kx - ok 18:29:48.0459 3360 GGSAFERDriver - ok 18:29:48.0502 3360 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll 18:29:48.0541 3360 gpsvc - ok 18:29:48.0587 3360 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys 18:29:48.0596 3360 hamachi - ok 18:29:48.0723 3360 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 18:29:48.0755 3360 Hamachi2Svc - ok 18:29:48.0831 3360 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 18:29:48.0862 3360 hcw85cir - ok 18:29:48.0902 3360 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 18:29:48.0932 3360 HdAudAddService - ok 18:29:48.0950 3360 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:29:48.0971 3360 HDAudBus - ok 18:29:48.0991 3360 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 18:29:49.0018 3360 HidBatt - ok 18:29:49.0034 3360 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 18:29:49.0056 3360 HidBth - ok 18:29:49.0088 3360 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 18:29:49.0100 3360 HidIr - ok 18:29:49.0111 3360 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 18:29:49.0134 3360 hidserv - ok 18:29:49.0152 3360 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 18:29:49.0162 3360 HidUsb - ok 18:29:49.0176 3360 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll 18:29:49.0217 3360 hkmsvc - ok 18:29:49.0236 3360 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll 18:29:49.0270 3360 HomeGroupListener - ok 18:29:49.0295 3360 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll 18:29:49.0323 3360 HomeGroupProvider - ok 18:29:49.0340 3360 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 18:29:49.0352 3360 HpSAMD - ok 18:29:49.0382 3360 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 18:29:49.0429 3360 HTTP - ok 18:29:49.0442 3360 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 18:29:49.0451 3360 hwpolicy - ok 18:29:49.0461 3360 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 18:29:49.0490 3360 i8042prt - ok 18:29:49.0528 3360 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 18:29:49.0542 3360 iaStorV - ok 18:29:49.0626 3360 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:29:49.0651 3360 idsvc - ok 18:29:49.0669 3360 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 18:29:49.0680 3360 iirsp - ok 18:29:49.0712 3360 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll 18:29:49.0760 3360 IKEEXT - ok 18:29:49.0781 3360 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 18:29:49.0790 3360 intelide - ok 18:29:49.0811 3360 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 18:29:49.0835 3360 intelppm - ok 18:29:49.0850 3360 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 18:29:49.0889 3360 IPBusEnum - ok 18:29:49.0908 3360 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:29:49.0946 3360 IpFilterDriver - ok 18:29:49.0979 3360 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll 18:29:50.0033 3360 iphlpsvc - ok 18:29:50.0042 3360 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 18:29:50.0066 3360 IPMIDRV - ok 18:29:50.0198 3360 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 18:29:50.0219 3360 IPNAT - ok 18:29:50.0362 3360 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 18:29:50.0397 3360 IRENUM - ok 18:29:50.0511 3360 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 18:29:50.0523 3360 isapnp - ok 18:29:50.0531 3360 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 18:29:50.0543 3360 iScsiPrt - ok 18:29:50.0570 3360 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 18:29:50.0580 3360 kbdclass - ok 18:29:50.0601 3360 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 18:29:50.0614 3360 kbdhid - ok 18:29:50.0653 3360 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 18:29:50.0665 3360 KeyIso - ok 18:29:50.0678 3360 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys 18:29:50.0688 3360 KSecDD - ok 18:29:50.0699 3360 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys 18:29:50.0710 3360 KSecPkg - ok 18:29:50.0737 3360 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 18:29:50.0775 3360 KtmRm - ok 18:29:50.0804 3360 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll 18:29:50.0824 3360 LanmanServer - ok 18:29:50.0845 3360 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll 18:29:50.0875 3360 LanmanWorkstation - ok 18:29:50.0997 3360 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys 18:29:51.0005 3360 lirsgt - ok 18:29:51.0033 3360 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 18:29:51.0072 3360 lltdio - ok 18:29:51.0242 3360 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 18:29:51.0288 3360 lltdsvc - ok 18:29:51.0416 3360 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 18:29:51.0466 3360 lmhosts - ok 18:29:51.0494 3360 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 18:29:51.0504 3360 LSI_FC - ok 18:29:51.0519 3360 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 18:29:51.0532 3360 LSI_SAS - ok 18:29:51.0540 3360 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:29:51.0550 3360 LSI_SAS2 - ok 18:29:51.0563 3360 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:29:51.0573 3360 LSI_SCSI - ok 18:29:51.0587 3360 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 18:29:51.0623 3360 luafv - ok 18:29:51.0759 3360 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll 18:29:51.0774 3360 Mcx2Svc - ok 18:29:51.0796 3360 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 18:29:51.0806 3360 megasas - ok 18:29:51.0824 3360 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 18:29:51.0835 3360 MegaSR - ok 18:29:51.0983 3360 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 18:29:52.0006 3360 MMCSS - ok 18:29:52.0143 3360 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 18:29:52.0177 3360 Modem - ok 18:29:52.0196 3360 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 18:29:52.0223 3360 monitor - ok 18:29:52.0286 3360 MotioninJoyXFilter (9960b18d55e7bd0f265c3c1953d19592) C:\Windows\system32\DRIVERS\MijXfilt.sys 18:29:52.0298 3360 MotioninJoyXFilter - ok 18:29:52.0438 3360 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 18:29:52.0448 3360 mouclass - ok 18:29:52.0577 3360 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 18:29:52.0603 3360 mouhid - ok 18:29:52.0623 3360 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 18:29:52.0632 3360 mountmgr - ok 18:29:52.0645 3360 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 18:29:52.0657 3360 mpio - ok 18:29:52.0800 3360 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 18:29:52.0957 3360 mpsdrv - ok 18:29:52.0983 3360 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll 18:29:53.0025 3360 MpsSvc - ok 18:29:53.0043 3360 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 18:29:53.0073 3360 MRxDAV - ok 18:29:53.0114 3360 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:29:53.0138 3360 mrxsmb - ok 18:29:53.0169 3360 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:29:53.0184 3360 mrxsmb10 - ok 18:29:53.0195 3360 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:29:53.0206 3360 mrxsmb20 - ok 18:29:53.0212 3360 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 18:29:53.0223 3360 msahci - ok 18:29:53.0240 3360 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 18:29:53.0250 3360 msdsm - ok 18:29:53.0272 3360 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 18:29:53.0298 3360 MSDTC - ok 18:29:53.0315 3360 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 18:29:53.0336 3360 Msfs - ok 18:29:53.0349 3360 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 18:29:53.0379 3360 mshidkmdf - ok 18:29:53.0393 3360 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 18:29:53.0404 3360 msisadrv - ok 18:29:53.0425 3360 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 18:29:53.0470 3360 MSiSCSI - ok 18:29:53.0472 3360 msiserver - ok 18:29:53.0500 3360 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 18:29:53.0538 3360 MSKSSRV - ok 18:29:53.0551 3360 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 18:29:53.0583 3360 MSPCLOCK - ok 18:29:53.0597 3360 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 18:29:53.0617 3360 MSPQM - ok 18:29:53.0630 3360 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 18:29:53.0644 3360 MsRPC - ok 18:29:53.0660 3360 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 18:29:53.0668 3360 mssmbios - ok 18:29:53.0676 3360 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 18:29:53.0697 3360 MSTEE - ok 18:29:53.0705 3360 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 18:29:53.0715 3360 MTConfig - ok 18:29:53.0729 3360 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 18:29:53.0740 3360 Mup - ok 18:29:53.0774 3360 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll 18:29:53.0801 3360 napagent - ok 18:29:53.0833 3360 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 18:29:53.0863 3360 NativeWifiP - ok 18:29:53.0892 3360 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 18:29:53.0911 3360 NDIS - ok 18:29:53.0924 3360 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 18:29:53.0958 3360 NdisCap - ok 18:29:53.0980 3360 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 18:29:54.0013 3360 NdisTapi - ok 18:29:54.0038 3360 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 18:29:54.0062 3360 Ndisuio - ok 18:29:54.0071 3360 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 18:29:54.0107 3360 NdisWan - ok 18:29:54.0123 3360 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 18:29:54.0154 3360 NDProxy - ok 18:29:54.0170 3360 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 18:29:54.0206 3360 NetBIOS - ok 18:29:54.0227 3360 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 18:29:54.0267 3360 NetBT - ok 18:29:54.0295 3360 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 18:29:54.0308 3360 Netlogon - ok 18:29:54.0344 3360 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 18:29:54.0389 3360 Netman - ok 18:29:54.0460 3360 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:29:54.0473 3360 NetMsmqActivator - ok 18:29:54.0476 3360 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:29:54.0485 3360 NetPipeActivator - ok 18:29:54.0510 3360 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 18:29:54.0541 3360 netprofm - ok 18:29:54.0582 3360 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys 18:29:54.0610 3360 netr73 - ok 18:29:54.0613 3360 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:29:54.0622 3360 NetTcpActivator - ok 18:29:54.0624 3360 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:29:54.0632 3360 NetTcpPortSharing - ok 18:29:54.0653 3360 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 18:29:54.0663 3360 nfrd960 - ok 18:29:54.0680 3360 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll 18:29:54.0725 3360 NlaSvc - ok 18:29:54.0738 3360 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 18:29:54.0758 3360 Npfs - ok 18:29:54.0769 3360 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 18:29:54.0792 3360 nsi - ok 18:29:54.0804 3360 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 18:29:54.0836 3360 nsiproxy - ok 18:29:54.0895 3360 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 18:29:54.0923 3360 Ntfs - ok 18:29:54.0954 3360 ntiomin (8a2788ff5aa0fe75d7231417200406ff) C:\Windows\system32\drivers\ntiomin.sys 18:29:54.0974 3360 ntiomin ( UnsignedFile.Multi.Generic ) - warning 18:29:54.0974 3360 ntiomin - detected UnsignedFile.Multi.Generic (1) 18:29:54.0989 3360 ntiopnp (5850c28057ddea04390b88f8cc482504) C:\Windows\system32\drivers\ntiopnp.sys 18:29:54.0998 3360 ntiopnp - ok 18:29:55.0009 3360 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 18:29:55.0043 3360 Null - ok 18:29:55.0077 3360 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 18:29:55.0091 3360 NVENETFD - ok 18:29:55.0123 3360 NVNET (d22e432e402499ac264a113d7168b91f) C:\Windows\system32\DRIVERS\nvmf6232.sys 18:29:55.0133 3360 NVNET - ok 18:29:55.0159 3360 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 18:29:55.0169 3360 nvraid - ok 18:29:55.0180 3360 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 18:29:55.0192 3360 nvstor - ok 18:29:55.0217 3360 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 18:29:55.0229 3360 nv_agp - ok 18:29:55.0237 3360 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 18:29:55.0248 3360 ohci1394 - ok 18:29:55.0262 3360 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 18:29:55.0291 3360 p2pimsvc - ok 18:29:55.0321 3360 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 18:29:55.0336 3360 p2psvc - ok 18:29:55.0360 3360 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 18:29:55.0373 3360 Parport - ok 18:29:55.0377 3360 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 18:29:55.0387 3360 partmgr - ok 18:29:55.0389 3360 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 18:29:55.0415 3360 Parvdm - ok 18:29:55.0430 3360 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 18:29:55.0448 3360 PcaSvc - ok 18:29:55.0466 3360 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 18:29:55.0477 3360 pci - ok 18:29:55.0488 3360 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 18:29:55.0497 3360 pciide - ok 18:29:55.0514 3360 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 18:29:55.0528 3360 pcmcia - ok 18:29:55.0541 3360 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 18:29:55.0550 3360 pcw - ok 18:29:55.0582 3360 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 18:29:55.0621 3360 PEAUTH - ok 18:29:55.0676 3360 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll 18:29:55.0731 3360 pla - ok 18:29:55.0825 3360 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll 18:29:55.0842 3360 PlugPlay - ok 18:29:55.0890 3360 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe 18:29:55.0903 3360 PnkBstrA - ok 18:29:55.0922 3360 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 18:29:55.0959 3360 PNRPAutoReg - ok 18:29:55.0984 3360 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 18:29:56.0000 3360 PNRPsvc - ok 18:29:56.0043 3360 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll 18:29:56.0080 3360 PolicyAgent - ok 18:29:56.0110 3360 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll 18:29:56.0134 3360 Power - ok 18:29:56.0180 3360 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 18:29:56.0212 3360 PptpMiniport - ok 18:29:56.0230 3360 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 18:29:56.0253 3360 Processor - ok 18:29:56.0273 3360 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll 18:29:56.0316 3360 ProfSvc - ok 18:29:56.0349 3360 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 18:29:56.0362 3360 ProtectedStorage - ok 18:29:56.0383 3360 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 18:29:56.0404 3360 Psched - ok 18:29:56.0445 3360 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 18:29:56.0478 3360 ql2300 - ok 18:29:56.0532 3360 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 18:29:56.0542 3360 ql40xx - ok 18:29:56.0569 3360 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 18:29:56.0602 3360 QWAVE - ok 18:29:56.0620 3360 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 18:29:56.0632 3360 QWAVEdrv - ok 18:29:56.0638 3360 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 18:29:56.0663 3360 RasAcd - ok 18:29:56.0684 3360 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:29:56.0708 3360 RasAgileVpn - ok 18:29:56.0714 3360 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 18:29:56.0737 3360 RasAuto - ok 18:29:56.0754 3360 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:29:56.0795 3360 Rasl2tp - ok 18:29:56.0831 3360 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll 18:29:56.0872 3360 RasMan - ok 18:29:56.0890 3360 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 18:29:56.0930 3360 RasPppoe - ok 18:29:56.0952 3360 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 18:29:56.0973 3360 RasSstp - ok 18:29:56.0992 3360 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 18:29:57.0016 3360 rdbss - ok 18:29:57.0028 3360 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 18:29:57.0040 3360 rdpbus - ok 18:29:57.0046 3360 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:29:57.0082 3360 RDPCDD - ok 18:29:57.0104 3360 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 18:29:57.0140 3360 RDPENCDD - ok 18:29:57.0155 3360 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 18:29:57.0186 3360 RDPREFMP - ok 18:29:57.0217 3360 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys 18:29:57.0234 3360 RDPWD - ok 18:29:57.0256 3360 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 18:29:57.0269 3360 rdyboost - ok 18:29:57.0293 3360 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 18:29:57.0342 3360 RemoteAccess - ok 18:29:57.0371 3360 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 18:29:57.0396 3360 RemoteRegistry - ok 18:29:57.0412 3360 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 18:29:57.0454 3360 RpcEptMapper - ok 18:29:57.0472 3360 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 18:29:57.0502 3360 RpcLocator - ok 18:29:57.0525 3360 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll 18:29:57.0551 3360 RpcSs - ok 18:29:57.0562 3360 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 18:29:57.0584 3360 rspndr - ok 18:29:57.0616 3360 RTL8187B (b6b3c4259d514f10b458ca6c2e50bc2e) C:\Windows\system32\DRIVERS\wg111v3.sys 18:29:57.0639 3360 RTL8187B - ok 18:29:57.0676 3360 RTL8192su (83e64d86a4d888d973de824780567518) C:\Windows\system32\DRIVERS\RTL8192su.sys 18:29:57.0710 3360 RTL8192su - ok 18:29:57.0756 3360 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 18:29:57.0785 3360 SamSs - ok 18:29:57.0880 3360 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys 18:29:57.0891 3360 SbieDrv - ok 18:29:57.0919 3360 SbieSvc (833539963e31edd4dc0063fe9cf95701) C:\Program Files\Sandboxie\SbieSvc.exe 18:29:57.0930 3360 SbieSvc - ok 18:29:57.0953 3360 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 18:29:57.0964 3360 sbp2port - ok 18:29:57.0979 3360 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 18:29:58.0019 3360 SCardSvr - ok 18:29:58.0036 3360 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 18:29:58.0073 3360 scfilter - ok 18:29:58.0108 3360 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll 18:29:58.0147 3360 Schedule - ok 18:29:58.0167 3360 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll 18:29:58.0188 3360 SCPolicySvc - ok 18:29:58.0208 3360 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll 18:29:58.0238 3360 SDRSVC - ok 18:29:58.0261 3360 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 18:29:58.0296 3360 secdrv - ok 18:29:58.0313 3360 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 18:29:58.0347 3360 seclogon - ok 18:29:58.0371 3360 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 18:29:58.0409 3360 SENS - ok 18:29:58.0431 3360 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 18:29:58.0458 3360 SensrSvc - ok 18:29:58.0470 3360 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 18:29:58.0483 3360 Serenum - ok 18:29:58.0493 3360 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 18:29:58.0513 3360 Serial - ok 18:29:58.0524 3360 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 18:29:58.0542 3360 sermouse - ok 18:29:58.0569 3360 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll 18:29:58.0608 3360 SessionEnv - ok 18:29:58.0621 3360 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 18:29:58.0646 3360 sffdisk - ok 18:29:58.0658 3360 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 18:29:58.0688 3360 sffp_mmc - ok 18:29:58.0708 3360 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 18:29:58.0732 3360 sffp_sd - ok 18:29:58.0749 3360 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 18:29:58.0759 3360 sfloppy - ok 18:29:58.0784 3360 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 18:29:58.0811 3360 SharedAccess - ok 18:29:58.0832 3360 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll 18:29:58.0850 3360 ShellHWDetection - ok 18:29:58.0878 3360 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 18:29:58.0890 3360 sisagp - ok 18:29:58.0908 3360 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:29:58.0917 3360 SiSRaid2 - ok 18:29:58.0928 3360 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 18:29:58.0940 3360 SiSRaid4 - ok 18:29:58.0961 3360 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 18:29:58.0998 3360 Smb - ok 18:29:59.0037 3360 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 18:29:59.0049 3360 SNMPTRAP - ok 18:29:59.0061 3360 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 18:29:59.0071 3360 spldr - ok 18:29:59.0094 3360 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe 18:29:59.0110 3360 Spooler - ok 18:29:59.0181 3360 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe 18:29:59.0250 3360 sppsvc - ok 18:29:59.0316 3360 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll 18:29:59.0339 3360 sppuinotify - ok 18:29:59.0389 3360 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 18:29:59.0421 3360 srv - ok 18:29:59.0449 3360 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 18:29:59.0473 3360 srv2 - ok 18:29:59.0496 3360 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 18:29:59.0521 3360 srvnet - ok 18:29:59.0539 3360 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 18:29:59.0583 3360 SSDPSRV - ok 18:29:59.0604 3360 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 18:29:59.0640 3360 SstpSvc - ok 18:29:59.0695 3360 Steam Client Service - ok 18:29:59.0712 3360 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 18:29:59.0723 3360 stexstor - ok 18:29:59.0760 3360 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll 18:29:59.0794 3360 StiSvc - ok 18:29:59.0810 3360 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 18:29:59.0821 3360 swenum - ok 18:29:59.0853 3360 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 18:29:59.0882 3360 swprv - ok 18:29:59.0918 3360 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll 18:29:59.0967 3360 SysMain - ok 18:29:59.0982 3360 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll 18:30:00.0011 3360 TabletInputService - ok 18:30:00.0032 3360 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll 18:30:00.0060 3360 TapiSrv - ok 18:30:00.0075 3360 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 18:30:00.0109 3360 TBS - ok 18:30:00.0192 3360 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys 18:30:00.0221 3360 Tcpip - ok 18:30:00.0234 3360 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys 18:30:00.0257 3360 TCPIP6 - ok 18:30:00.0269 3360 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 18:30:00.0292 3360 tcpipreg - ok 18:30:00.0310 3360 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 18:30:00.0331 3360 TDPIPE - ok 18:30:00.0364 3360 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys 18:30:00.0391 3360 TDTCP - ok 18:30:00.0416 3360 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 18:30:00.0448 3360 tdx - ok 18:30:00.0590 3360 TeamViewer6 (1c46c27e9f1938b9589859c70450d275) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe 18:30:00.0629 3360 TeamViewer6 - ok 18:30:00.0693 3360 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 18:30:00.0703 3360 TermDD - ok 18:30:00.0726 3360 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll 18:30:00.0757 3360 TermService - ok 18:30:00.0769 3360 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 18:30:00.0795 3360 Themes - ok 18:30:00.0818 3360 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 18:30:00.0839 3360 THREADORDER - ok 18:30:00.0862 3360 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 18:30:00.0902 3360 TrkWks - ok 18:30:00.0942 3360 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe 18:30:00.0967 3360 TrustedInstaller - ok 18:30:00.0986 3360 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:30:01.0024 3360 tssecsrv - ok 18:30:01.0052 3360 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 18:30:01.0078 3360 tunnel - ok 18:30:01.0082 3360 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 18:30:01.0091 3360 uagp35 - ok 18:30:01.0109 3360 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 18:30:01.0149 3360 udfs - ok 18:30:01.0172 3360 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 18:30:01.0204 3360 UI0Detect - ok 18:30:01.0227 3360 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 18:30:01.0237 3360 uliagpkx - ok 18:30:01.0261 3360 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 18:30:01.0285 3360 umbus - ok 18:30:01.0304 3360 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 18:30:01.0314 3360 UmPass - ok 18:30:01.0335 3360 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 18:30:01.0377 3360 upnphost - ok 18:30:01.0412 3360 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 18:30:01.0424 3360 usbaudio - ok 18:30:01.0451 3360 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys 18:30:01.0467 3360 usbccgp - ok 18:30:01.0479 3360 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 18:30:01.0508 3360 usbcir - ok 18:30:01.0533 3360 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys 18:30:01.0553 3360 usbehci - ok 18:30:01.0586 3360 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 18:30:01.0625 3360 usbhub - ok 18:30:01.0647 3360 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys 18:30:01.0672 3360 usbohci - ok 18:30:01.0713 3360 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 18:30:01.0745 3360 usbprint - ok 18:30:01.0782 3360 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 18:30:01.0801 3360 usbscan - ok 18:30:01.0826 3360 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:30:01.0836 3360 USBSTOR - ok 18:30:01.0848 3360 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys 18:30:01.0879 3360 usbuhci - ok 18:30:01.0908 3360 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 18:30:01.0942 3360 UxSms - ok 18:30:01.0979 3360 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe 18:30:01.0991 3360 VaultSvc - ok 18:30:02.0012 3360 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 18:30:02.0022 3360 vdrvroot - ok 18:30:02.0046 3360 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe 18:30:02.0084 3360 vds - ok 18:30:02.0103 3360 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 18:30:02.0116 3360 vga - ok 18:30:02.0128 3360 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 18:30:02.0152 3360 VgaSave - ok 18:30:02.0167 3360 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 18:30:02.0185 3360 vhdmp - ok 18:30:02.0205 3360 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 18:30:02.0218 3360 viaagp - ok 18:30:02.0221 3360 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 18:30:02.0244 3360 ViaC7 - ok 18:30:02.0303 3360 VIAHdAudAddService (4b1c025d194bbb41b1d7e86b54d88dc1) C:\Windows\system32\drivers\viahduaa.sys 18:30:02.0329 3360 VIAHdAudAddService - ok 18:30:02.0337 3360 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 18:30:02.0346 3360 viaide - ok 18:30:02.0360 3360 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 18:30:02.0369 3360 volmgr - ok 18:30:02.0382 3360 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 18:30:02.0397 3360 volmgrx - ok 18:30:02.0416 3360 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 18:30:02.0431 3360 volsnap - ok 18:30:02.0454 3360 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 18:30:02.0469 3360 vsmraid - ok 18:30:02.0511 3360 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe 18:30:02.0558 3360 VSS - ok 18:30:02.0586 3360 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 18:30:02.0613 3360 vwifibus - ok 18:30:02.0632 3360 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 18:30:02.0658 3360 vwififlt - ok 18:30:02.0685 3360 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 18:30:02.0725 3360 W32Time - ok 18:30:02.0735 3360 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 18:30:02.0746 3360 WacomPen - ok 18:30:02.0762 3360 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 18:30:02.0783 3360 WANARP - ok 18:30:02.0786 3360 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 18:30:02.0806 3360 Wanarpv6 - ok 18:30:02.0845 3360 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe 18:30:02.0893 3360 wbengine - ok 18:30:02.0913 3360 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 18:30:02.0948 3360 WbioSrvc - ok 18:30:02.0975 3360 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll 18:30:02.0997 3360 wcncsvc - ok 18:30:03.0008 3360 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 18:30:03.0038 3360 WcsPlugInService - ok 18:30:03.0072 3360 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 18:30:03.0082 3360 Wd - ok 18:30:03.0106 3360 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 18:30:03.0123 3360 Wdf01000 - ok 18:30:03.0133 3360 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 18:30:03.0168 3360 WdiServiceHost - ok 18:30:03.0172 3360 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 18:30:03.0193 3360 WdiSystemHost - ok 18:30:03.0222 3360 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll 18:30:03.0238 3360 WebClient - ok 18:30:03.0257 3360 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 18:30:03.0288 3360 Wecsvc - ok 18:30:03.0302 3360 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 18:30:03.0340 3360 wercplsupport - ok 18:30:03.0366 3360 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 18:30:03.0391 3360 WerSvc - ok 18:30:03.0415 3360 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 18:30:03.0438 3360 WfpLwf - ok 18:30:03.0447 3360 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 18:30:03.0461 3360 WIMMount - ok 18:30:03.0516 3360 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 18:30:03.0538 3360 WinDefend - ok 18:30:03.0548 3360 WinHttpAutoProxySvc - ok 18:30:03.0591 3360 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 18:30:03.0632 3360 Winmgmt - ok 18:30:03.0685 3360 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll 18:30:03.0735 3360 WinRM - ok 18:30:03.0793 3360 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 18:30:03.0805 3360 WinUsb - ok 18:30:03.0830 3360 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 18:30:03.0873 3360 Wlansvc - ok 18:30:03.0965 3360 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:30:04.0001 3360 wlidsvc - ok 18:30:04.0056 3360 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 18:30:04.0073 3360 WmiAcpi - ok 18:30:04.0092 3360 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 18:30:04.0119 3360 wmiApSrv - ok 18:30:04.0169 3360 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe 18:30:04.0215 3360 WMPNetworkSvc - ok 18:30:04.0229 3360 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 18:30:04.0249 3360 WPCSvc - ok 18:30:04.0259 3360 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll 18:30:04.0277 3360 WPDBusEnum - ok 18:30:04.0290 3360 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 18:30:04.0324 3360 ws2ifsl - ok 18:30:04.0348 3360 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll 18:30:04.0375 3360 wscsvc - ok 18:30:04.0377 3360 WSearch - ok 18:30:04.0442 3360 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll 18:30:04.0504 3360 wuauserv - ok 18:30:04.0528 3360 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 18:30:04.0569 3360 WudfPf - ok 18:30:04.0609 3360 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:30:04.0641 3360 WUDFRd - ok 18:30:04.0657 3360 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll 18:30:04.0694 3360 wudfsvc - ok 18:30:04.0710 3360 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 18:30:04.0741 3360 WwanSvc - ok 18:30:04.0797 3360 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys 18:30:04.0809 3360 xusb21 - ok 18:30:04.0873 3360 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:30:04.0962 3360 \Device\Harddisk0\DR0 - ok 18:30:04.0965 3360 Boot (0x1200) (c15ce70988754d4539222e3d2ce63cb6) \Device\Harddisk0\DR0\Partition0 18:30:04.0966 3360 \Device\Harddisk0\DR0\Partition0 - ok 18:30:04.0989 3360 Boot (0x1200) (d62d625a66a550f16095e325e6ac3c64) \Device\Harddisk0\DR0\Partition1 18:30:04.0990 3360 \Device\Harddisk0\DR0\Partition1 - ok 18:30:04.0991 3360 ============================================================ 18:30:04.0991 3360 Scan finished 18:30:04.0991 3360 ============================================================ 18:30:05.0002 3368 Detected object count: 2 18:30:05.0002 3368 Actual detected object count: 2 18:30:12.0954 3368 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - skipped by user 18:30:12.0954 3368 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:30:12.0955 3368 ntiomin ( UnsignedFile.Multi.Generic ) - skipped by user 18:30:12.0955 3368 ntiomin ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:30:24.0032 1380 Deinitialize success |
Themen zu Starker Verdacht auf Virus/Trojaner |
anleitung, antivirus, avast, deutlich, ebenfalls, gefunde, gelöscht, hoffe, langsamer, laufe, laufen, leitung, logfiles, programme, rojaner gefunden, tagen, troja, trojaner, trojaner gefunden, verdacht, weiterhelfen, woche, wochen |