| |
| |||||||
Log-Analyse und Auswertung: Mich hat's auch erwischt - AKM VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.05.2012, 16:17
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Mich hat's auch erwischt - AKM Virus Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.05.2012, 21:30
| #17 |
 | Mich hat's auch erwischt - AKM Virus bitteschön:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.05.2012 22:22:08 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Admin\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 80,99% Memory free 15,95 Gb Paging File | 14,36 Gb Available in Paging File | 90,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 67,47 Gb Free Space | 60,36% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 61,86 Gb Free Space | 6,64% Space Free | Partition Type: NTFS Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 146,48 Gb Total Space | 10,35 Gb Free Space | 7,07% Space Free | Partition Type: NTFS Drive L: | 132,98 Gb Total Space | 21,28 Gb Free Space | 16,00% Space Free | Partition Type: NTFS Drive M: | 55,90 Gb Total Space | 53,04 Gb Free Space | 94,88% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.13 22:20:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.05.05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010.05.05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009.01.09 21:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009.01.09 21:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe ========== Modules (No Company Name) ========== MOD - [2012.05.10 20:55:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll MOD - [2012.05.10 20:55:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012.05.10 20:50:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 20:49:47 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.10 20:49:43 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.10 20:49:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.10 20:49:33 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 20:49:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 20:49:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 20:49:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2006.06.09 15:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.04.25 18:22:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.01 21:07:13 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.01.28 17:57:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service) SRV - [2012.01.12 19:25:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.25 10:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.30 18:49:18 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.28 21:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.08 19:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2010.12.08 19:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 16:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.08.18 02:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT) DRV:64bit: - [2010.05.05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.05.05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.05.05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.05.05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.05.05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.05.05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2010.05.05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA A7 08 12 F6 02 CD 01 [binary data] IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive) FF - HKCU\Software\MozillaPlugins\anybots.com/Anystream: C:\Users\Admin\AppData\Roaming\Anybots\Anystream\npAnystream.dll (Anybots) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.01 14:44:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.26 13:47:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.01 14:44:00 | 000,000,000 | ---D | M] [2012.01.26 13:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.04.25 22:28:48 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\Z7L0CR22.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI O1 HOSTS File: ([2012.05.09 02:36:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C31483AC-D743-48D1-BE36-4734930422D2}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) - File not found O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell - "" = AutoRun O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell\AutoRun\command - "" = N:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: ASUS ShellProcess Execute - hkey= - key= - File not found MsConfig:64bit - StartUpReg: VX5LWxsct4OYCCz - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {19460C54-2912-9819-DD13-028CAD6588C5} - Microsoft Windows Media Player 12.0 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {420435CF-6E35-8C59-0B6A-1374D44868C3} - Microsoft Windows Media Player ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.13 22:20:50 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.05.11 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.11 16:04:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.11 16:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.11 16:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.06 00:01:17 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.02 13:14:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\chili [2012.04.25 18:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.04.25 18:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.04.25 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\CAPCOM [2012.04.22 17:08:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc ========== Files - Modified Within 30 Days ========== [2012.05.13 22:20:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.05.13 21:59:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.13 14:35:33 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.13 14:35:33 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.13 14:32:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.13 14:32:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.13 14:32:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.13 14:32:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.13 14:32:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.13 14:29:21 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.05.13 14:28:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.13 14:28:12 | 2129,190,911 | -HS- | M] () -- C:\hiberfil.sys [2012.05.13 00:08:25 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx [2012.05.13 00:08:25 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx [2012.05.13 00:08:25 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx [2012.05.10 20:47:11 | 000,283,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.03 21:11:10 | 000,062,558 | ---- | M] () -- C:\Users\Admin\Desktop\Foto.JPG [2012.04.30 23:02:00 | 000,000,080 | ---- | M] () -- C:\Users\Admin\AppData\Local\CrystalDiskMark30.ini [2012.04.30 21:57:50 | 000,018,831 | ---- | M] () -- C:\Users\Admin\Desktop\Benchmark_RAMDisk.pdf [2012.04.30 21:41:54 | 000,718,503 | ---- | M] () -- C:\Users\Admin\Desktop\Memo.m4a [2012.04.28 19:55:58 | 000,000,435 | ---- | M] () -- C:\Users\Public\Desktop\The Walking Dead.lnk [2012.04.25 18:22:17 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.04.25 18:22:17 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.04.25 18:22:17 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2012.04.15 23:23:35 | 000,012,711 | ---- | M] () -- C:\Users\Admin\Documents\algenkur.ods ========== Files Created - No Company Name ========== [2012.05.03 21:11:08 | 000,062,558 | ---- | C] () -- C:\Users\Admin\Desktop\Foto.JPG [2012.04.30 22:32:41 | 000,000,080 | ---- | C] () -- C:\Users\Admin\AppData\Local\CrystalDiskMark30.ini [2012.04.30 21:57:50 | 000,018,831 | ---- | C] () -- C:\Users\Admin\Desktop\Benchmark_RAMDisk.pdf [2012.04.30 21:41:54 | 000,718,503 | ---- | C] () -- C:\Users\Admin\Desktop\Memo.m4a [2012.04.30 21:32:19 | 006,074,924 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0009.WAV [2012.04.30 21:27:26 | 012,554,412 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0019.WAV [2012.04.30 21:18:54 | 035,419,436 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0026.WAV [2012.04.30 21:16:04 | 020,299,756 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0028.WAV [2012.04.28 19:55:58 | 000,000,435 | ---- | C] () -- C:\Users\Public\Desktop\The Walking Dead.lnk [2012.04.25 18:47:39 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.04.25 18:24:15 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx [2012.04.25 18:24:15 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx [2012.04.25 18:24:15 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx [2012.04.25 18:22:17 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2012.04.25 18:22:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.04.25 18:22:17 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2012.04.25 18:22:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.04.25 18:22:17 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2012.04.15 23:23:35 | 000,012,711 | ---- | C] () -- C:\Users\Admin\Documents\algenkur.ods [2012.02.18 12:06:44 | 000,007,604 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.02.01 14:41:59 | 000,183,121 | ---- | C] () -- C:\Windows\hpoins38.dat [2012.02.01 14:41:59 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat [2012.01.29 00:15:48 | 001,001,680 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012.01.28 23:50:04 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012.01.28 23:47:49 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.01.28 18:09:04 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2012.01.26 12:56:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.01.26 12:56:40 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.02.24 19:12:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anybots [2012.02.07 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2012.01.30 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2012.03.23 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla [2012.03.05 21:31:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LOVE [2012.03.26 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MotioninJoy [2012.02.25 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OnLive App [2012.02.01 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2012.01.26 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2012.02.04 18:21:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Phrosh [2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2012.02.01 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Trillian [2012.02.06 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\DAEMON Tools Lite [2012.05.06 12:28:56 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\LSoft Technologies [2012.02.01 23:44:40 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Opera [2012.05.05 23:52:01 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Trillian [2012.02.01 23:59:23 | 000,000,000 | ---D | M] -- C:\Users\Kirby\AppData\Roaming\Opera [2012.01.29 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\Tank\AppData\Roaming\Opera [2012.01.29 15:10:44 | 000,000,000 | ---D | M] -- C:\Users\Tank\AppData\Roaming\Thunderbird [2012.02.01 23:57:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Opera [2012.03.25 13:05:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.04 14:43:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2012.02.24 19:12:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anybots [2012.02.07 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2012.01.30 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2012.05.08 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss [2012.03.23 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla [2012.03.13 12:17:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HP [2012.01.26 12:55:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities [2012.01.26 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield [2012.01.26 13:32:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Intel Corporation [2012.03.05 21:31:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LOVE [2012.01.26 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2012.03.20 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2012.04.25 18:45:30 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2012.03.26 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MotioninJoy [2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2012.03.17 14:17:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NVIDIA [2012.02.25 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OnLive App [2012.02.01 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2012.01.26 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2012.02.04 18:21:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Phrosh [2012.05.13 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype [2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2012.02.01 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Trillian [2012.05.13 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc [2012.01.28 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > [2003.01.04 18:21:22 | 000,643,072 | ---- | M] () -- C:\JoyToKey.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
14.05.2012, 10:05
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mich hat's auch erwischt - AKM Virus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) - File not found
O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell - "" = AutoRun
O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell\AutoRun\command - "" = N:\setup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
14.05.2012, 11:48
| #19 |
| | Mich hat's auch erwischt - AKM Virus done. taskmanager ist immer noch von administrator deaktiviert. edit: taskmanager ließ sich über die gruppenrichtlinien wieder aktivieren Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Admin\AppData\Roaming\itunes_service86.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Admin\AppData\Roaming\itunes_service86.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.
File E:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.
File E:\.\Bin\ASSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.
File N:\setup.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 1070386823 bytes
->Temporary Internet Files folder emptied: 167097404 bytes
->Java cache emptied: 72851 bytes
->Opera cache emptied: 3166088 bytes
->Flash cache emptied: 32004 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kathrin
->Temp folder emptied: 536786 bytes
->Temporary Internet Files folder emptied: 181471044 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5419 bytes
User: Kirby
->Temp folder emptied: 85550 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 6839480 bytes
User: Public
User: Tank
->Temp folder emptied: 26190103 bytes
->Temporary Internet Files folder emptied: 1901202 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 11950098 bytes
->Flash cache emptied: 1019 bytes
User: Tobi
->Temp folder emptied: 85550 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 8807680 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 845202566 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 14044216569 bytes
Total Files Cleaned = 15.610,00 mb
[EMPTYFLASH]
User: Admin
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Kathrin
->Flash cache emptied: 0 bytes
User: Kirby
User: Public
User: Tank
->Flash cache emptied: 0 bytes
User: Tobi
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.3 log created on 05142012_124227
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Geändert von tankie (14.05.2012 um 11:54 Uhr) |
|
14.05.2012, 12:39
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mich hat's auch erwischt - AKM Virus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2012, 13:03
| #21 |
| | Mich hat's auch erwischt - AKM Virus erledigt! scheinen mir drucker und soundkartentreiber zu sein Code:
ATTFilter 13:59:35.0889 4352 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:59:35.0964 4352 ============================================================
13:59:35.0964 4352 Current date / time: 2012/05/14 13:59:35.0964
13:59:35.0964 4352 SystemInfo:
13:59:35.0964 4352
13:59:35.0964 4352 OS Version: 6.1.7601 ServicePack: 1.0
13:59:35.0964 4352 Product type: Workstation
13:59:35.0964 4352 ComputerName: ADMIN-PC
13:59:35.0964 4352 UserName: Admin
13:59:35.0964 4352 Windows directory: C:\Windows
13:59:35.0964 4352 System windows directory: C:\Windows
13:59:35.0964 4352 Running under WOW64
13:59:35.0964 4352 Processor architecture: Intel x64
13:59:35.0964 4352 Number of processors: 4
13:59:35.0964 4352 Page size: 0x1000
13:59:35.0964 4352 Boot type: Normal boot
13:59:35.0964 4352 ============================================================
13:59:36.0114 4352 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:59:36.0114 4352 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:59:36.0129 4352 Drive \Device\Harddisk2\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8DF2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
13:59:36.0564 4352 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:59:36.0577 4352 ============================================================
13:59:36.0577 4352 \Device\Harddisk0\DR0:
13:59:36.0577 4352 MBR partitions:
13:59:36.0577 4352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800
13:59:36.0577 4352 \Device\Harddisk1\DR1:
13:59:36.0577 4352 MBR partitions:
13:59:36.0577 4352 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
13:59:36.0577 4352 \Device\Harddisk2\DR2:
13:59:36.0577 4352 MBR partitions:
13:59:36.0577 4352 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F8021
13:59:36.0589 4352 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x124F809F, BlocksNum 0x109F34C1
13:59:36.0589 4352 \Device\Harddisk3\DR3:
13:59:36.0589 4352 MBR partitions:
13:59:36.0589 4352 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:59:36.0589 4352 ============================================================
13:59:36.0589 4352 C: <-> \Device\Harddisk1\DR1\Partition0
13:59:36.0637 4352 D: <-> \Device\Harddisk3\DR3\Partition0
13:59:36.0672 4352 H: <-> \Device\Harddisk2\DR2\Partition0
13:59:36.0707 4352 L: <-> \Device\Harddisk2\DR2\Partition1
13:59:36.0709 4352 M: <-> \Device\Harddisk0\DR0\Partition0
13:59:36.0709 4352 ============================================================
13:59:36.0709 4352 Initialize success
13:59:36.0709 4352 ============================================================
14:01:43.0680 4944 ============================================================
14:01:43.0680 4944 Scan started
14:01:43.0680 4944 Mode: Manual; SigCheck; TDLFS;
14:01:43.0680 4944 ============================================================
14:01:43.0790 4944 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:01:43.0836 4944 1394ohci - ok
14:01:43.0852 4944 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:01:43.0852 4944 ACPI - ok
14:01:43.0852 4944 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:01:43.0868 4944 AcpiPmi - ok
14:01:43.0868 4944 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:01:43.0883 4944 AdobeARMservice - ok
14:01:43.0899 4944 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:01:43.0899 4944 AdobeFlashPlayerUpdateSvc - ok
14:01:43.0914 4944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:01:43.0930 4944 adp94xx - ok
14:01:43.0946 4944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:01:43.0946 4944 adpahci - ok
14:01:43.0961 4944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:01:43.0961 4944 adpu320 - ok
14:01:43.0961 4944 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:01:43.0992 4944 AeLookupSvc - ok
14:01:44.0008 4944 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:01:44.0008 4944 AFD - ok
14:01:44.0024 4944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:01:44.0024 4944 agp440 - ok
14:01:44.0024 4944 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:01:44.0039 4944 ALG - ok
14:01:44.0039 4944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:01:44.0039 4944 aliide - ok
14:01:44.0055 4944 ALSysIO - ok
14:01:44.0055 4944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:01:44.0055 4944 amdide - ok
14:01:44.0055 4944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:01:44.0070 4944 AmdK8 - ok
14:01:44.0070 4944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:01:44.0070 4944 AmdPPM - ok
14:01:44.0086 4944 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:01:44.0086 4944 amdsata - ok
14:01:44.0102 4944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:01:44.0102 4944 amdsbs - ok
14:01:44.0102 4944 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:01:44.0117 4944 amdxata - ok
14:01:44.0117 4944 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:01:44.0133 4944 AppID - ok
14:01:44.0133 4944 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:01:44.0148 4944 AppIDSvc - ok
14:01:44.0164 4944 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:01:44.0180 4944 Appinfo - ok
14:01:44.0180 4944 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:01:44.0195 4944 AppMgmt - ok
14:01:44.0195 4944 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:01:44.0211 4944 arc - ok
14:01:44.0211 4944 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:01:44.0211 4944 arcsas - ok
14:01:44.0242 4944 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
14:01:44.0273 4944 asComSvc - ok
14:01:44.0289 4944 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
14:01:44.0304 4944 asHmComSvc - ok
14:01:44.0320 4944 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
14:01:44.0320 4944 AsIO - ok
14:01:44.0351 4944 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
14:01:44.0367 4944 asmthub3 - ok
14:01:44.0367 4944 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:01:44.0382 4944 asmtxhci - ok
14:01:44.0398 4944 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
14:01:44.0398 4944 AsSysCtrlService - ok
14:01:44.0414 4944 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
14:01:44.0414 4944 AsUpIO - ok
14:01:44.0445 4944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:44.0460 4944 AsyncMac - ok
14:01:44.0460 4944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:01:44.0476 4944 atapi - ok
14:01:44.0476 4944 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
14:01:44.0476 4944 AthBTPort - ok
14:01:44.0476 4944 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
14:01:44.0492 4944 ATHDFU - ok
14:01:44.0492 4944 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:01:44.0492 4944 AtherosSvc - ok
14:01:44.0507 4944 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:01:44.0538 4944 AudioEndpointBuilder - ok
14:01:44.0538 4944 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:01:44.0554 4944 AudioSrv - ok
14:01:44.0570 4944 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:01:44.0570 4944 AxInstSV - ok
14:01:44.0585 4944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:01:44.0601 4944 b06bdrv - ok
14:01:44.0616 4944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:01:44.0616 4944 b57nd60a - ok
14:01:44.0632 4944 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:01:44.0632 4944 BDESVC - ok
14:01:44.0632 4944 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:01:44.0648 4944 Beep - ok
14:01:44.0679 4944 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:01:44.0694 4944 BFE - ok
14:01:44.0726 4944 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:01:44.0757 4944 BITS - ok
14:01:44.0757 4944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:01:44.0757 4944 blbdrive - ok
14:01:44.0772 4944 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:01:44.0772 4944 bowser - ok
14:01:44.0772 4944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:01:44.0788 4944 BrFiltLo - ok
14:01:44.0788 4944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:01:44.0788 4944 BrFiltUp - ok
14:01:44.0804 4944 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:01:44.0819 4944 Browser - ok
14:01:44.0835 4944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:01:44.0835 4944 Brserid - ok
14:01:44.0835 4944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:44.0850 4944 BrSerWdm - ok
14:01:44.0850 4944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:44.0866 4944 BrUsbMdm - ok
14:01:44.0866 4944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:44.0866 4944 BrUsbSer - ok
14:01:44.0882 4944 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
14:01:44.0882 4944 BTATH_A2DP - ok
14:01:44.0882 4944 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
14:01:44.0882 4944 BTATH_BUS - ok
14:01:44.0897 4944 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:01:44.0897 4944 BTATH_HCRP - ok
14:01:44.0897 4944 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:01:44.0913 4944 BTATH_LWFLT - ok
14:01:44.0913 4944 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
14:01:44.0913 4944 BTATH_RCP - ok
14:01:44.0928 4944 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
14:01:44.0928 4944 BtFilter - ok
14:01:44.0944 4944 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
14:01:44.0944 4944 BthEnum - ok
14:01:44.0944 4944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:01:44.0960 4944 BTHMODEM - ok
14:01:44.0960 4944 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:01:44.0975 4944 BthPan - ok
14:01:44.0991 4944 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
14:01:44.0991 4944 BTHPORT - ok
14:01:45.0006 4944 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:01:45.0022 4944 bthserv - ok
14:01:45.0022 4944 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
14:01:45.0022 4944 BTHUSB - ok
14:01:45.0038 4944 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:01:45.0053 4944 cdfs - ok
14:01:45.0053 4944 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:01:45.0069 4944 cdrom - ok
14:01:45.0069 4944 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:01:45.0100 4944 CertPropSvc - ok
14:01:45.0100 4944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:01:45.0100 4944 circlass - ok
14:01:45.0116 4944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:01:45.0131 4944 CLFS - ok
14:01:45.0131 4944 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:01:45.0131 4944 clr_optimization_v2.0.50727_32 - ok
14:01:45.0147 4944 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:01:45.0147 4944 clr_optimization_v2.0.50727_64 - ok
14:01:45.0162 4944 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:01:45.0162 4944 clr_optimization_v4.0.30319_32 - ok
14:01:45.0162 4944 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:01:45.0178 4944 clr_optimization_v4.0.30319_64 - ok
14:01:45.0178 4944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:01:45.0178 4944 CmBatt - ok
14:01:45.0194 4944 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:01:45.0194 4944 cmdide - ok
14:01:45.0209 4944 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:01:45.0225 4944 CNG - ok
14:01:45.0225 4944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:01:45.0225 4944 Compbatt - ok
14:01:45.0225 4944 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:01:45.0240 4944 CompositeBus - ok
14:01:45.0240 4944 COMSysApp - ok
14:01:45.0240 4944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:01:45.0240 4944 crcdisk - ok
14:01:45.0256 4944 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:01:45.0256 4944 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:01:45.0256 4944 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:01:45.0256 4944 Creative Dolby Digital Live Pack Licensing Service (80f3d3a4c202cda7ca886d126f9a39d9) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
14:01:45.0256 4944 Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:01:45.0256 4944 Creative Dolby Digital Live Pack Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:01:45.0272 4944 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:01:45.0287 4944 CryptSvc - ok
14:01:45.0303 4944 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:01:45.0318 4944 CSC - ok
14:01:45.0334 4944 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:01:45.0350 4944 CscService - ok
14:01:45.0350 4944 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
14:01:45.0350 4944 CT20XUT - ok
14:01:45.0350 4944 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
14:01:45.0365 4944 CT20XUT.SYS - ok
14:01:45.0381 4944 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
14:01:45.0381 4944 ctac32k - ok
14:01:45.0396 4944 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
14:01:45.0412 4944 ctaud2k - ok
14:01:45.0428 4944 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:01:45.0428 4944 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
14:01:45.0428 4944 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
14:01:45.0459 4944 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
14:01:45.0474 4944 CTEXFIFX - ok
14:01:45.0521 4944 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
14:01:45.0537 4944 CTEXFIFX.SYS - ok
14:01:45.0568 4944 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
14:01:45.0568 4944 CTHWIUT - ok
14:01:45.0568 4944 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
14:01:45.0568 4944 CTHWIUT.SYS - ok
14:01:45.0584 4944 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
14:01:45.0584 4944 ctprxy2k - ok
14:01:45.0584 4944 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
14:01:45.0599 4944 ctsfm2k - ok
14:01:45.0615 4944 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:01:45.0630 4944 DcomLaunch - ok
14:01:45.0646 4944 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:01:45.0662 4944 defragsvc - ok
14:01:45.0677 4944 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:01:45.0693 4944 DfsC - ok
14:01:45.0708 4944 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:01:45.0724 4944 Dhcp - ok
14:01:45.0724 4944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:01:45.0755 4944 discache - ok
14:01:45.0755 4944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:01:45.0755 4944 Disk - ok
14:01:45.0771 4944 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:01:45.0771 4944 dmvsc - ok
14:01:45.0771 4944 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:01:45.0786 4944 Dnscache - ok
14:01:45.0786 4944 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:01:45.0818 4944 dot3svc - ok
14:01:45.0818 4944 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:01:45.0833 4944 Dot4 - ok
14:01:45.0833 4944 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:01:45.0833 4944 Dot4Print - ok
14:01:45.0833 4944 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:01:45.0849 4944 dot4usb - ok
14:01:45.0864 4944 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:01:45.0880 4944 DPS - ok
14:01:45.0880 4944 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:01:45.0880 4944 drmkaud - ok
14:01:45.0896 4944 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:01:45.0896 4944 dtsoftbus01 - ok
14:01:45.0927 4944 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:01:45.0942 4944 DXGKrnl - ok
14:01:45.0942 4944 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:01:45.0974 4944 EapHost - ok
14:01:46.0036 4944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:01:46.0067 4944 ebdrv - ok
14:01:46.0098 4944 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:01:46.0098 4944 EFS - ok
14:01:46.0130 4944 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:01:46.0145 4944 ehRecvr - ok
14:01:46.0145 4944 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:01:46.0145 4944 ehSched - ok
14:01:46.0176 4944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:01:46.0176 4944 elxstor - ok
14:01:46.0192 4944 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
14:01:46.0192 4944 emupia - ok
14:01:46.0192 4944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:01:46.0192 4944 ErrDev - ok
14:01:46.0208 4944 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:01:46.0239 4944 EventSystem - ok
14:01:46.0254 4944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:01:46.0270 4944 exfat - ok
14:01:46.0286 4944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:01:46.0301 4944 fastfat - ok
14:01:46.0317 4944 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:01:46.0332 4944 Fax - ok
14:01:46.0332 4944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:01:46.0348 4944 fdc - ok
14:01:46.0348 4944 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:01:46.0364 4944 fdPHost - ok
14:01:46.0364 4944 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:01:46.0379 4944 FDResPub - ok
14:01:46.0395 4944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:01:46.0395 4944 FileInfo - ok
14:01:46.0395 4944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:01:46.0410 4944 Filetrace - ok
14:01:46.0426 4944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:01:46.0426 4944 flpydisk - ok
14:01:46.0442 4944 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:01:46.0442 4944 FltMgr - ok
14:01:46.0473 4944 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:01:46.0488 4944 FontCache - ok
14:01:46.0488 4944 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:01:46.0504 4944 FontCache3.0.0.0 - ok
14:01:46.0504 4944 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:01:46.0504 4944 FsDepends - ok
14:01:46.0520 4944 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:01:46.0520 4944 Fs_Rec - ok
14:01:46.0520 4944 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
14:01:46.0535 4944 Futuremark SystemInfo Service - ok
14:01:46.0535 4944 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:01:46.0551 4944 fvevol - ok
14:01:46.0551 4944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:01:46.0551 4944 gagp30kx - ok
14:01:46.0582 4944 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:01:46.0598 4944 gpsvc - ok
14:01:46.0644 4944 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
14:01:46.0660 4944 ha20x2k - ok
14:01:46.0676 4944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:01:46.0691 4944 hcw85cir - ok
14:01:46.0691 4944 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:01:46.0707 4944 HdAudAddService - ok
14:01:46.0722 4944 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:01:46.0722 4944 HDAudBus - ok
14:01:46.0722 4944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:01:46.0738 4944 HidBatt - ok
14:01:46.0738 4944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:01:46.0754 4944 HidBth - ok
14:01:46.0754 4944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:01:46.0754 4944 HidIr - ok
14:01:46.0769 4944 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:01:46.0785 4944 hidserv - ok
14:01:46.0785 4944 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:01:46.0800 4944 HidUsb - ok
14:01:46.0800 4944 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:01:46.0816 4944 hkmsvc - ok
14:01:46.0832 4944 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:01:46.0832 4944 HomeGroupListener - ok
14:01:46.0847 4944 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:01:46.0847 4944 HomeGroupProvider - ok
14:01:46.0863 4944 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:01:47.0315 4944 hpqcxs08 - ok
14:01:47.0315 4944 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:01:47.0331 4944 hpqddsvc - ok
14:01:47.0331 4944 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:01:47.0346 4944 HpSAMD - ok
14:01:47.0362 4944 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:01:47.0393 4944 HTTP - ok
14:01:47.0393 4944 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:01:47.0393 4944 hwpolicy - ok
14:01:47.0393 4944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:01:47.0409 4944 i8042prt - ok
14:01:47.0424 4944 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
14:01:47.0424 4944 iaStor - ok
14:01:47.0424 4944 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:01:47.0440 4944 IAStorDataMgrSvc - ok
14:01:47.0440 4944 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:01:47.0456 4944 iaStorV - ok
14:01:47.0456 4944 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
14:01:47.0456 4944 ICCWDT - ok
14:01:47.0487 4944 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:01:47.0502 4944 idsvc - ok
14:01:47.0502 4944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:01:47.0502 4944 iirsp - ok
14:01:47.0534 4944 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:01:47.0549 4944 IKEEXT - ok
14:01:47.0612 4944 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
14:01:47.0643 4944 IntcAzAudAddService - ok
14:01:47.0658 4944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:01:47.0674 4944 intelide - ok
14:01:47.0674 4944 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:01:47.0690 4944 intelppm - ok
14:01:47.0690 4944 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:01:47.0705 4944 IPBusEnum - ok
14:01:47.0705 4944 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:47.0736 4944 IpFilterDriver - ok
14:01:47.0752 4944 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:01:47.0768 4944 iphlpsvc - ok
14:01:47.0768 4944 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:01:47.0783 4944 IPMIDRV - ok
14:01:47.0783 4944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:01:47.0814 4944 IPNAT - ok
14:01:47.0814 4944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:01:47.0814 4944 IRENUM - ok
14:01:47.0814 4944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:01:47.0830 4944 isapnp - ok
14:01:47.0830 4944 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:01:47.0846 4944 iScsiPrt - ok
14:01:47.0846 4944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:01:47.0861 4944 kbdclass - ok
14:01:47.0861 4944 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:01:47.0861 4944 kbdhid - ok
14:01:47.0861 4944 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:47.0877 4944 KeyIso - ok
14:01:47.0877 4944 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:01:47.0877 4944 KSecDD - ok
14:01:47.0892 4944 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:01:47.0892 4944 KSecPkg - ok
14:01:47.0892 4944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:01:47.0908 4944 ksthunk - ok
14:01:47.0924 4944 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:01:47.0955 4944 KtmRm - ok
14:01:47.0955 4944 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:01:47.0970 4944 LanmanServer - ok
14:01:47.0986 4944 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:01:48.0002 4944 LanmanWorkstation - ok
14:01:48.0017 4944 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:01:48.0033 4944 lltdio - ok
14:01:48.0048 4944 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:01:48.0064 4944 lltdsvc - ok
14:01:48.0064 4944 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:01:48.0080 4944 lmhosts - ok
14:01:48.0095 4944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:01:48.0095 4944 LSI_FC - ok
14:01:48.0111 4944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:01:48.0111 4944 LSI_SAS - ok
14:01:48.0111 4944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:01:48.0126 4944 LSI_SAS2 - ok
14:01:48.0126 4944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:01:48.0142 4944 LSI_SCSI - ok
14:01:48.0142 4944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:01:48.0158 4944 luafv - ok
14:01:48.0158 4944 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:01:48.0173 4944 MBAMProtector - ok
14:01:48.0189 4944 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:01:48.0189 4944 MBAMService - ok
14:01:48.0204 4944 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:01:48.0204 4944 Mcx2Svc - ok
14:01:48.0204 4944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:01:48.0220 4944 megasas - ok
14:01:48.0220 4944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:01:48.0236 4944 MegaSR - ok
14:01:48.0236 4944 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:01:48.0236 4944 MEIx64 - ok
14:01:48.0251 4944 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:01:48.0267 4944 MMCSS - ok
14:01:48.0267 4944 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:01:48.0282 4944 Modem - ok
14:01:48.0282 4944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:01:48.0298 4944 monitor - ok
14:01:48.0298 4944 MotioninJoyXFilter (65ed1932bcfe5003389d65f6c3ef51c8) C:\Windows\system32\DRIVERS\MijXfilt.sys
14:01:48.0314 4944 MotioninJoyXFilter - ok
14:01:48.0314 4944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:01:48.0314 4944 mouclass - ok
14:01:48.0314 4944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:01:48.0329 4944 mouhid - ok
14:01:48.0329 4944 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:01:48.0329 4944 mountmgr - ok
14:01:48.0345 4944 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:01:48.0345 4944 mpio - ok
14:01:48.0345 4944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:01:48.0376 4944 mpsdrv - ok
14:01:48.0407 4944 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:01:48.0423 4944 MpsSvc - ok
14:01:48.0438 4944 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:01:48.0438 4944 MRxDAV - ok
14:01:48.0454 4944 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:48.0454 4944 mrxsmb - ok
14:01:48.0470 4944 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:48.0470 4944 mrxsmb10 - ok
14:01:48.0470 4944 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:48.0485 4944 mrxsmb20 - ok
14:01:48.0485 4944 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:01:48.0485 4944 msahci - ok
14:01:48.0501 4944 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:01:48.0501 4944 msdsm - ok
14:01:48.0516 4944 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:01:48.0516 4944 MSDTC - ok
14:01:48.0516 4944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:01:48.0548 4944 Msfs - ok
14:01:48.0548 4944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:01:48.0563 4944 mshidkmdf - ok
14:01:48.0563 4944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:01:48.0579 4944 msisadrv - ok
14:01:48.0579 4944 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:01:48.0594 4944 MSiSCSI - ok
14:01:48.0594 4944 msiserver - ok
14:01:48.0594 4944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:01:48.0626 4944 MSKSSRV - ok
14:01:48.0626 4944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:48.0641 4944 MSPCLOCK - ok
14:01:48.0641 4944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:01:48.0657 4944 MSPQM - ok
14:01:48.0672 4944 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:01:48.0688 4944 MsRPC - ok
14:01:48.0688 4944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:01:48.0688 4944 mssmbios - ok
14:01:48.0688 4944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:01:48.0704 4944 MSTEE - ok
14:01:48.0719 4944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:01:48.0719 4944 MTConfig - ok
14:01:48.0719 4944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:01:48.0735 4944 Mup - ok
14:01:48.0735 4944 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
14:01:48.0750 4944 mv91xx - ok
14:01:48.0766 4944 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:01:48.0782 4944 napagent - ok
14:01:48.0797 4944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:01:48.0813 4944 NativeWifiP - ok
14:01:48.0844 4944 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:01:48.0860 4944 NDIS - ok
14:01:48.0860 4944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:48.0891 4944 NdisCap - ok
14:01:48.0891 4944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:48.0906 4944 NdisTapi - ok
14:01:48.0906 4944 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:48.0938 4944 Ndisuio - ok
14:01:48.0938 4944 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:48.0953 4944 NdisWan - ok
14:01:48.0969 4944 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:01:48.0984 4944 NDProxy - ok
14:01:48.0984 4944 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
14:01:48.0984 4944 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:01:48.0984 4944 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:01:48.0984 4944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:01:49.0016 4944 NetBIOS - ok
14:01:49.0031 4944 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:01:49.0047 4944 NetBT - ok
14:01:49.0047 4944 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:49.0047 4944 Netlogon - ok
14:01:49.0078 4944 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:01:49.0094 4944 Netman - ok
14:01:49.0109 4944 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:01:49.0140 4944 netprofm - ok
14:01:49.0140 4944 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:01:49.0156 4944 NetTcpPortSharing - ok
14:01:49.0156 4944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:01:49.0156 4944 nfrd960 - ok
14:01:49.0172 4944 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:01:49.0187 4944 NlaSvc - ok
14:01:49.0203 4944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:01:49.0218 4944 Npfs - ok
14:01:49.0218 4944 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:01:49.0234 4944 nsi - ok
14:01:49.0234 4944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:01:49.0265 4944 nsiproxy - ok
14:01:49.0296 4944 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:01:49.0328 4944 Ntfs - ok
14:01:49.0343 4944 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:01:49.0359 4944 Null - ok
14:01:49.0374 4944 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
14:01:49.0374 4944 NVHDA - ok
14:01:49.0671 4944 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:01:49.0796 4944 nvlddmkm - ok
14:01:49.0811 4944 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:01:49.0827 4944 nvraid - ok
14:01:49.0827 4944 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:01:49.0842 4944 nvstor - ok
14:01:49.0858 4944 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
14:01:49.0874 4944 nvsvc - ok
14:01:49.0936 4944 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:01:49.0952 4944 nvUpdatusService - ok
14:01:49.0983 4944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:01:49.0998 4944 nv_agp - ok
14:01:49.0998 4944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:01:49.0998 4944 ohci1394 - ok
14:01:50.0014 4944 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
14:01:50.0014 4944 ossrv - ok
14:01:50.0030 4944 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:01:50.0045 4944 p2pimsvc - ok
14:01:50.0061 4944 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:01:50.0061 4944 p2psvc - ok
14:01:50.0076 4944 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:01:50.0076 4944 Parport - ok
14:01:50.0092 4944 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:01:50.0092 4944 partmgr - ok
14:01:50.0092 4944 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:01:50.0108 4944 PcaSvc - ok
14:01:50.0123 4944 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:01:50.0123 4944 pci - ok
14:01:50.0123 4944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:01:50.0139 4944 pciide - ok
14:01:50.0139 4944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:01:50.0154 4944 pcmcia - ok
14:01:50.0154 4944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:01:50.0154 4944 pcw - ok
14:01:50.0170 4944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:01:50.0201 4944 PEAUTH - ok
14:01:50.0232 4944 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:01:50.0248 4944 PeerDistSvc - ok
14:01:50.0279 4944 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:01:50.0279 4944 PerfHost - ok
14:01:50.0342 4944 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:01:50.0373 4944 pla - ok
14:01:50.0388 4944 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:01:50.0404 4944 PlugPlay - ok
14:01:50.0404 4944 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
14:01:50.0404 4944 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:01:50.0404 4944 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:01:50.0404 4944 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:01:50.0420 4944 PNRPAutoReg - ok
14:01:50.0435 4944 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:01:50.0435 4944 PNRPsvc - ok
14:01:50.0451 4944 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:01:50.0466 4944 PolicyAgent - ok
14:01:50.0482 4944 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:01:50.0498 4944 Power - ok
14:01:50.0513 4944 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:01:50.0529 4944 PptpMiniport - ok
14:01:50.0544 4944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:01:50.0544 4944 Processor - ok
14:01:50.0560 4944 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:01:50.0576 4944 ProfSvc - ok
14:01:50.0576 4944 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:50.0576 4944 ProtectedStorage - ok
14:01:50.0591 4944 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:01:50.0607 4944 Psched - ok
14:01:50.0654 4944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:01:50.0669 4944 ql2300 - ok
14:01:50.0700 4944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:01:50.0700 4944 ql40xx - ok
14:01:50.0716 4944 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:01:50.0716 4944 QWAVE - ok
14:01:50.0732 4944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:01:50.0732 4944 QWAVEdrv - ok
14:01:50.0732 4944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:01:50.0747 4944 RasAcd - ok
14:01:50.0763 4944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:50.0778 4944 RasAgileVpn - ok
14:01:50.0778 4944 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:01:50.0810 4944 RasAuto - ok
14:01:50.0810 4944 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:50.0825 4944 Rasl2tp - ok
14:01:50.0841 4944 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:01:50.0856 4944 RasMan - ok
14:01:50.0872 4944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:50.0888 4944 RasPppoe - ok
14:01:50.0888 4944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:01:50.0919 4944 RasSstp - ok
14:01:50.0919 4944 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:01:50.0950 4944 rdbss - ok
14:01:50.0950 4944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:01:50.0950 4944 rdpbus - ok
14:01:50.0966 4944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:50.0981 4944 RDPCDD - ok
14:01:50.0981 4944 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:01:50.0997 4944 RDPDR - ok
14:01:50.0997 4944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:01:51.0012 4944 RDPENCDD - ok
14:01:51.0012 4944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:01:51.0044 4944 RDPREFMP - ok
14:01:51.0044 4944 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:01:51.0044 4944 RDPWD - ok
14:01:51.0059 4944 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:01:51.0059 4944 rdyboost - ok
14:01:51.0075 4944 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:01:51.0090 4944 RemoteAccess - ok
14:01:51.0090 4944 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:01:51.0122 4944 RemoteRegistry - ok
14:01:51.0122 4944 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:01:51.0137 4944 RFCOMM - ok
14:01:51.0137 4944 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:01:51.0153 4944 RpcEptMapper - ok
14:01:51.0168 4944 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:01:51.0168 4944 RpcLocator - ok
14:01:51.0184 4944 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:01:51.0215 4944 RpcSs - ok
14:01:51.0215 4944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:01:51.0231 4944 rspndr - ok
14:01:51.0246 4944 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:01:51.0262 4944 RTL8167 - ok
14:01:51.0262 4944 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:01:51.0262 4944 s3cap - ok
14:01:51.0262 4944 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:51.0278 4944 SamSs - ok
14:01:51.0278 4944 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:01:51.0293 4944 sbp2port - ok
14:01:51.0293 4944 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:01:51.0324 4944 SCardSvr - ok
14:01:51.0324 4944 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:01:51.0340 4944 scfilter - ok
14:01:51.0371 4944 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:01:51.0402 4944 Schedule - ok
14:01:51.0402 4944 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:01:51.0434 4944 SCPolicySvc - ok
14:01:51.0434 4944 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:01:51.0449 4944 SDRSVC - ok
14:01:51.0449 4944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:01:51.0465 4944 secdrv - ok
14:01:51.0480 4944 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:01:51.0496 4944 seclogon - ok
14:01:51.0496 4944 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:01:51.0512 4944 SENS - ok
14:01:51.0512 4944 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:01:51.0527 4944 SensrSvc - ok
14:01:51.0527 4944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:01:51.0527 4944 Serenum - ok
14:01:51.0543 4944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:01:51.0543 4944 Serial - ok
14:01:51.0543 4944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:01:51.0558 4944 sermouse - ok
14:01:51.0558 4944 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:01:51.0590 4944 SessionEnv - ok
14:01:51.0590 4944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:01:51.0590 4944 sffdisk - ok
14:01:51.0590 4944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:01:51.0605 4944 sffp_mmc - ok
14:01:51.0605 4944 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:01:51.0621 4944 sffp_sd - ok
14:01:51.0621 4944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:01:51.0621 4944 sfloppy - ok
14:01:51.0636 4944 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:01:51.0652 4944 SharedAccess - ok
14:01:51.0668 4944 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:01:51.0699 4944 ShellHWDetection - ok
14:01:51.0699 4944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:01:51.0699 4944 SiSRaid2 - ok
14:01:51.0699 4944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:01:51.0714 4944 SiSRaid4 - ok
14:01:51.0714 4944 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:01:51.0714 4944 SkypeUpdate - ok
14:01:51.0730 4944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:01:51.0746 4944 Smb - ok
14:01:51.0746 4944 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:01:51.0761 4944 SNMPTRAP - ok
14:01:51.0761 4944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:01:51.0761 4944 spldr - ok
14:01:51.0777 4944 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:01:51.0808 4944 Spooler - ok
14:01:51.0917 4944 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:01:51.0964 4944 sppsvc - ok
14:01:51.0995 4944 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:01:52.0011 4944 sppuinotify - ok
14:01:52.0026 4944 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:01:52.0042 4944 srv - ok
14:01:52.0042 4944 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:01:52.0073 4944 srv2 - ok
14:01:52.0089 4944 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:01:52.0089 4944 srvnet - ok
14:01:52.0104 4944 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:01:52.0120 4944 SSDPSRV - ok
14:01:52.0136 4944 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:01:52.0151 4944 SstpSvc - ok
14:01:52.0151 4944 Steam Client Service - ok
14:01:52.0167 4944 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:01:52.0167 4944 Stereo Service - ok
14:01:52.0182 4944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:01:52.0182 4944 stexstor - ok
14:01:52.0198 4944 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:01:52.0214 4944 stisvc - ok
14:01:52.0214 4944 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:01:52.0214 4944 storflt - ok
14:01:52.0229 4944 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:01:52.0229 4944 StorSvc - ok
14:01:52.0229 4944 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:01:52.0245 4944 storvsc - ok
14:01:52.0245 4944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:01:52.0245 4944 swenum - ok
14:01:52.0260 4944 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:01:52.0276 4944 swprv - ok
14:01:52.0338 4944 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:01:52.0354 4944 SysMain - ok
14:01:52.0385 4944 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:01:52.0401 4944 TabletInputService - ok
14:01:52.0401 4944 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:01:52.0432 4944 TapiSrv - ok
14:01:52.0432 4944 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:01:52.0448 4944 TBS - ok
14:01:52.0510 4944 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:01:52.0526 4944 Tcpip - ok
14:01:52.0588 4944 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:01:52.0619 4944 TCPIP6 - ok
14:01:52.0635 4944 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:01:52.0666 4944 tcpipreg - ok
14:01:52.0666 4944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:01:52.0666 4944 TDPIPE - ok
14:01:52.0666 4944 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:01:52.0682 4944 TDTCP - ok
14:01:52.0682 4944 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:01:52.0697 4944 tdx - ok
14:01:52.0697 4944 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:01:52.0713 4944 TermDD - ok
14:01:52.0728 4944 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:01:52.0760 4944 TermService - ok
14:01:52.0760 4944 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:01:52.0760 4944 Themes - ok
14:01:52.0775 4944 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:01:52.0791 4944 THREADORDER - ok
14:01:52.0791 4944 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:01:52.0822 4944 TrkWks - ok
14:01:52.0822 4944 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:01:52.0838 4944 TrustedInstaller - ok
14:01:52.0853 4944 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:52.0869 4944 tssecsrv - ok
14:01:52.0869 4944 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:01:52.0884 4944 TsUsbFlt - ok
14:01:52.0884 4944 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:01:52.0884 4944 TsUsbGD - ok
14:01:52.0900 4944 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:01:52.0916 4944 tunnel - ok
14:01:52.0916 4944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:01:52.0916 4944 uagp35 - ok
14:01:52.0931 4944 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:01:52.0947 4944 udfs - ok
14:01:52.0962 4944 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:01:52.0962 4944 UI0Detect - ok
14:01:52.0962 4944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:01:52.0978 4944 uliagpkx - ok
14:01:52.0978 4944 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:01:52.0978 4944 umbus - ok
14:01:52.0994 4944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:01:52.0994 4944 UmPass - ok
14:01:52.0994 4944 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:01:53.0009 4944 UmRdpService - ok
14:01:53.0025 4944 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:01:53.0040 4944 upnphost - ok
14:01:53.0056 4944 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:53.0056 4944 usbccgp - ok
14:01:53.0056 4944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:01:53.0072 4944 usbcir - ok
14:01:53.0072 4944 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:01:53.0072 4944 usbehci - ok
14:01:53.0087 4944 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:01:53.0103 4944 usbhub - ok
14:01:53.0103 4944 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:01:53.0103 4944 usbohci - ok
14:01:53.0103 4944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:01:53.0118 4944 usbprint - ok
14:01:53.0118 4944 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:01:53.0118 4944 usbscan - ok
14:01:53.0134 4944 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:53.0134 4944 USBSTOR - ok
14:01:53.0134 4944 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:01:53.0150 4944 usbuhci - ok
14:01:53.0150 4944 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:01:53.0165 4944 UxSms - ok
14:01:53.0165 4944 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:53.0181 4944 VaultSvc - ok
14:01:53.0181 4944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:01:53.0181 4944 vdrvroot - ok
14:01:53.0196 4944 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:01:53.0228 4944 vds - ok
14:01:53.0228 4944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:53.0228 4944 vga - ok
14:01:53.0228 4944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:01:53.0259 4944 VgaSave - ok
14:01:53.0259 4944 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:01:53.0274 4944 vhdmp - ok
14:01:53.0274 4944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:01:53.0274 4944 viaide - ok
14:01:53.0274 4944 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:01:53.0290 4944 vmbus - ok
14:01:53.0290 4944 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:01:53.0290 4944 VMBusHID - ok
14:01:53.0306 4944 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:01:53.0306 4944 volmgr - ok
14:01:53.0321 4944 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:01:53.0321 4944 volmgrx - ok
14:01:53.0337 4944 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:01:53.0337 4944 volsnap - ok
14:01:53.0352 4944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:01:53.0352 4944 vsmraid - ok
14:01:53.0399 4944 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:01:53.0430 4944 VSS - ok
14:01:53.0462 4944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:01:53.0462 4944 vwifibus - ok
14:01:53.0477 4944 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:01:53.0508 4944 W32Time - ok
14:01:53.0508 4944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:01:53.0508 4944 WacomPen - ok
14:01:53.0524 4944 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:53.0540 4944 WANARP - ok
14:01:53.0540 4944 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:53.0555 4944 Wanarpv6 - ok
14:01:53.0586 4944 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:01:53.0618 4944 WatAdminSvc - ok
14:01:53.0649 4944 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:01:53.0664 4944 wbengine - ok
14:01:53.0696 4944 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:01:53.0711 4944 WbioSrvc - ok
14:01:53.0727 4944 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:01:53.0742 4944 wcncsvc - ok
14:01:53.0742 4944 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:01:53.0742 4944 WcsPlugInService - ok
14:01:53.0758 4944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:01:53.0758 4944 Wd - ok
14:01:53.0774 4944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:01:53.0789 4944 Wdf01000 - ok
14:01:53.0789 4944 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:01:53.0805 4944 WdiServiceHost - ok
14:01:53.0805 4944 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:01:53.0820 4944 WdiSystemHost - ok
14:01:53.0820 4944 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:01:53.0836 4944 WebClient - ok
14:01:53.0852 4944 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:01:53.0867 4944 Wecsvc - ok
14:01:53.0867 4944 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:01:53.0898 4944 wercplsupport - ok
14:01:53.0898 4944 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:01:53.0914 4944 WerSvc - ok
14:01:53.0930 4944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:53.0945 4944 WfpLwf - ok
14:01:53.0945 4944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:01:53.0945 4944 WIMMount - ok
14:01:53.0961 4944 WinDefend - ok
14:01:53.0961 4944 WinHttpAutoProxySvc - ok
14:01:53.0976 4944 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:01:53.0992 4944 Winmgmt - ok
14:01:54.0039 4944 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:01:54.0086 4944 WinRM - ok
14:01:54.0101 4944 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:01:54.0117 4944 WinUsb - ok
14:01:54.0148 4944 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:01:54.0164 4944 Wlansvc - ok
14:01:54.0210 4944 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:01:54.0242 4944 wlidsvc - ok
14:01:54.0257 4944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:01:54.0273 4944 WmiAcpi - ok
14:01:54.0288 4944 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:01:54.0288 4944 wmiApSrv - ok
14:01:54.0288 4944 WMPNetworkSvc - ok
14:01:54.0288 4944 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:01:54.0304 4944 WPCSvc - ok
14:01:54.0304 4944 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:01:54.0320 4944 WPDBusEnum - ok
14:01:54.0320 4944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:01:54.0335 4944 ws2ifsl - ok
14:01:54.0351 4944 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:01:54.0351 4944 wscsvc - ok
14:01:54.0351 4944 WSearch - ok
14:01:54.0429 4944 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:01:54.0460 4944 wuauserv - ok
14:01:54.0491 4944 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:01:54.0507 4944 WudfPf - ok
14:01:54.0522 4944 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:54.0538 4944 WUDFRd - ok
14:01:54.0538 4944 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:01:54.0569 4944 wudfsvc - ok
14:01:54.0569 4944 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:01:54.0585 4944 WwanSvc - ok
14:01:54.0585 4944 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
14:01:54.0600 4944 xusb21 - ok
14:01:54.0600 4944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:01:54.0616 4944 \Device\Harddisk0\DR0 - ok
14:01:54.0616 4944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:01:54.0632 4944 \Device\Harddisk1\DR1 - ok
14:01:54.0632 4944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:01:54.0881 4944 \Device\Harddisk2\DR2 - ok
14:01:54.0897 4944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
14:01:55.0380 4944 \Device\Harddisk3\DR3 - ok
14:01:55.0380 4944 Boot (0x1200) (f3f598491f1db825652a0aa1a16ba5b7) \Device\Harddisk0\DR0\Partition0
14:01:55.0380 4944 \Device\Harddisk0\DR0\Partition0 - ok
14:01:55.0380 4944 Boot (0x1200) (59f511f0ca707a106080b204be1c1be5) \Device\Harddisk1\DR1\Partition0
14:01:55.0380 4944 \Device\Harddisk1\DR1\Partition0 - ok
14:01:55.0380 4944 Boot (0x1200) (e76b0698b2aaf707033e277d43d832f6) \Device\Harddisk2\DR2\Partition0
14:01:55.0380 4944 \Device\Harddisk2\DR2\Partition0 - ok
14:01:55.0380 4944 Boot (0x1200) (de50b70a7e3bde0e3a5f180ff388d748) \Device\Harddisk2\DR2\Partition1
14:01:55.0380 4944 \Device\Harddisk2\DR2\Partition1 - ok
14:01:55.0380 4944 Boot (0x1200) (5a24a3b538f9fec1ebc11a854a7a45a5) \Device\Harddisk3\DR3\Partition0
14:01:55.0380 4944 \Device\Harddisk3\DR3\Partition0 - ok
14:01:55.0380 4944 ============================================================
14:01:55.0380 4944 Scan finished
14:01:55.0380 4944 ============================================================
14:01:55.0396 3616 Detected object count: 5
14:01:55.0396 3616 Actual detected object count: 5
14:02:08.0469 3616 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0469 3616 Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616 Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0469 3616 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0469 3616 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0469 3616 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.05.2012, 13:12
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mich hat's auch erwischt - AKM Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2012, 15:37
| #23 |
| | Mich hat's auch erwischt - AKM Virus [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-05-14.02 - Admin 14.05.2012 14:48:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8169.6470 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Love
c:\users\Admin\AppData\Roaming\Love\mari0\options.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-14 bis 2012-05-14 ))))))))))))))))))))))))))))))
.
.
2012-05-14 12:50 . 2012-05-14 12:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-14 12:50 . 2012-05-14 12:50 -------- d-----w- c:\users\Tobi\AppData\Local\temp
2012-05-11 15:02 . 2012-05-11 15:02 -------- d-----w- c:\program files (x86)\ESET
2012-05-11 14:04 . 2012-05-11 14:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 14:04 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 13:34 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27D6F924-D1B3-4477-B2D7-DB14B2D42FC1}\mpengine.dll
2012-05-06 11:59 . 2012-05-06 11:59 -------- d-----w- c:\users\Kathrin\AppData\Local\CrashDumps
2012-05-06 10:28 . 2012-05-06 10:28 -------- d-----w- c:\users\Kathrin\AppData\Roaming\LSoft Technologies
2012-05-06 10:28 . 2012-05-06 10:28 -------- d-----w- c:\users\Kathrin\AppData\Roaming\InstallShield Installation Information
2012-05-05 22:07 . 2012-05-05 23:46 -------- d-----w- c:\users\Kathrin\AppData\Roaming\vlc
2012-05-05 22:01 . 2012-05-08 18:50 -------- d-----w- C:\_OTL
2012-05-05 21:51 . 2012-05-05 21:52 -------- d-----w- c:\users\Kathrin\AppData\Roaming\Trillian
2012-04-25 16:25 . 2012-04-25 16:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-25 16:22 . 2008-02-04 09:27 102400 ----a-w- c:\windows\SysWow64\cttele32.dll
2012-04-25 16:22 . 2009-03-26 12:48 190976 ----a-w- c:\windows\system32\APOMgr64.DLL
2012-04-25 16:22 . 2009-03-26 12:46 148480 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2012-04-25 16:22 . 2009-02-06 16:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2012-04-25 16:22 . 2009-02-06 16:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2012-04-22 15:08 . 2012-05-13 15:32 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 16:48 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-25 16:48 . 2009-08-18 09:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-25 16:22 . 2012-01-28 16:09 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-25 16:22 . 2012-01-28 16:09 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-25 16:22 . 2012-01-28 16:09 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-25 16:22 . 2012-01-28 16:09 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-01 19:07 . 2012-04-01 19:07 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 19:07 . 2012-01-26 11:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-25 08:26 . 2012-03-26 19:32 115272 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-03-01 06:46 . 2012-04-11 21:02 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 21:02 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 21:02 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 21:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 21:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 21:02 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 21:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 21:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 21:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 21:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 21:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 21:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 21:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 21:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 21:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-26 17:20 . 2012-02-26 17:20 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 17:45 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 17:45 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 17:45 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 17:45 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17151624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-4-26 2379616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-25 79360]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2012-01-28 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 93581421
*Deregistered* - 93581421
*Deregistered* - RTCore64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page =
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
AddRemove-Alan Wake_is1 - m:\alan wake\unins000.exe
AddRemove-Dear Esther_is1 - m:\dear esther\unins000.exe
AddRemove-Deponia - m:\deponia\uninstall.exe
AddRemove-Metro 2033 Update 2_is1 - m:\metro 2033\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-14 14:51:41
ComboFix-quarantined-files.txt 2012-05-14 12:51
.
Vor Suchlauf: 11 Verzeichnis(se), 76.271.321.088 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 75.759.415.296 Bytes frei
.
- - End Of File - - 707CFD667CD2ABDFFE171157794A6B5B
|
|
14.05.2012, 18:40
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mich hat's auch erwischt - AKM Virus Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2012, 18:58
| #25 |
| | Mich hat's auch erwischt - AKM VirusCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-15 19:52:35
-----------------------------
19:52:35.420 OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:35.420 Number of processors: 4 586 0x2A07
19:52:35.420 ComputerName: ADMIN-PC UserName: Admin
19:52:35.593 Initialize success
19:53:42.702 AVAST engine defs: 12051500
19:54:01.287 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:54:01.289 Disk 0 Vendor: OCZ-VERT 1.27 Size: 57241MB BusType: 3
19:54:01.290 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
19:54:01.291 Disk 1 Vendor: OCZ-VERT 2.13 Size: 114473MB BusType: 3
19:54:01.292 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
19:54:01.294 Disk 2 Vendor: Maxtor_6 BANC Size: 286168MB BusType: 3
19:54:01.295 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
19:54:01.296 Disk 3 Vendor: WDC_WD10 51.0 Size: 953869MB BusType: 3
19:54:01.298 Disk 1 MBR read successfully
19:54:01.300 Disk 1 MBR scan
19:54:01.303 Disk 1 Windows 7 default MBR code
19:54:01.305 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048
19:54:01.309 Disk 1 scanning C:\Windows\system32\drivers
19:54:03.475 Service scanning
19:54:08.415 Modules scanning
19:54:08.418 Disk 1 trace - called modules:
19:54:08.423 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:54:08.425 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8008fd5060]
19:54:08.428 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80078f8050]
19:54:08.605 AVAST engine scan C:\Windows
19:54:09.102 AVAST engine scan C:\Windows\system32
19:54:55.316 AVAST engine scan C:\Windows\system32\drivers
19:54:57.901 AVAST engine scan C:\Users\Admin
19:55:08.064 AVAST engine scan C:\ProgramData
19:55:10.517 Scan finished successfully
19:57:34.774 Disk 1 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
19:57:34.777 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
|
|
16.05.2012, 12:15
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mich hat's auch erwischt - AKM Virus Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2012, 14:21
| #27 |
| | Mich hat's auch erwischt - AKM VirusCode:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-PC [Administrator] Schutz: Aktiviert 18.05.2012 14:41:59 mbam-log-2012-05-18 (14-41-34).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 774031 Laufzeit: 33 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/18/2012 at 03:56 PM
Application Version : 5.0.1148
Core Rules Database Version : 8616
Trace Rules Database Version: 6428
Scan type : Complete Scan
Total Scan Time : 00:36:11
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 65420
Registry threats detected : 0
File items scanned : 216844
File threats detected : 191
Adware.Tracking Cookie
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OKFOQZ80.txt [ /adfarm1.adition.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R4FQ59SW.txt [ /advertising.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7KGQAKG8.txt [ /atdmt.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5DUAUNT5.txt [ /ad.zanox.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KE9NXU4G.txt [ /media6degrees.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5C9WMMWI.txt [ /adbrite.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O34Q6MYD.txt [ /doubleclick.net ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TQ91FUJ9.txt [ /at.atwola.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\M7TN4K07.txt [ /www.etracker.de ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O12YUT5A.txt [ /imrworldwide.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J5GKHL28.txt [ /serving-sys.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SR97VC57.txt [ /www.googleadservices.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8SMEXBHV.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NIM2L4AS.txt [ /ru4.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O9BAK0CB.txt [ /mediaplex.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WCKAHJIZ.txt [ /tribalfusion.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BWL24PLD.txt [ /arvatodigitalservices.112.2o7.net ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VM83KTS9.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H9OWRD1P.txt [ /mtvn.112.2o7.net ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\33Y1LMXK.txt [ /tradedoubler.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SE2D9CSV.txt [ /bs.serving-sys.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XFLLRZW7.txt [ /c.atdmt.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DQ6EGWCS.txt [ /apmebf.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6NOSU7GK.txt [ /ad.yieldmanager.com ]
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZPJNU4OA.txt [ /lucidmedia.com ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt [ Cookie:admin@doubleclick.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@c.atdmt[2].txt [ Cookie:admin@c.atdmt.com/ ]
C:\USERS\ADMIN\Cookies\OKFOQZ80.txt [ Cookie:admin@adfarm1.adition.com/ ]
C:\USERS\ADMIN\Cookies\R4FQ59SW.txt [ Cookie:admin@advertising.com/ ]
C:\USERS\ADMIN\Cookies\5DUAUNT5.txt [ Cookie:admin@ad.zanox.com/ ]
C:\USERS\ADMIN\Cookies\KE9NXU4G.txt [ Cookie:admin@media6degrees.com/ ]
C:\USERS\ADMIN\Cookies\5C9WMMWI.txt [ Cookie:admin@adbrite.com/ ]
C:\USERS\ADMIN\Cookies\O34Q6MYD.txt [ Cookie:admin@doubleclick.net/ ]
C:\USERS\ADMIN\Cookies\TQ91FUJ9.txt [ Cookie:admin@at.atwola.com/ ]
C:\USERS\ADMIN\Cookies\J5GKHL28.txt [ Cookie:admin@serving-sys.com/ ]
C:\USERS\ADMIN\Cookies\SR97VC57.txt [ Cookie:admin@www.googleadservices.com/pagead/conversion/1013361525/ ]
C:\USERS\ADMIN\Cookies\8SMEXBHV.txt [ Cookie:admin@ad1.adfarm1.adition.com/ ]
C:\USERS\ADMIN\Cookies\NIM2L4AS.txt [ Cookie:admin@ru4.com/ ]
C:\USERS\ADMIN\Cookies\O9BAK0CB.txt [ Cookie:admin@mediaplex.com/ ]
C:\USERS\ADMIN\Cookies\WCKAHJIZ.txt [ Cookie:admin@tribalfusion.com/ ]
C:\USERS\ADMIN\Cookies\BWL24PLD.txt [ Cookie:admin@arvatodigitalservices.112.2o7.net/ ]
C:\USERS\ADMIN\Cookies\VM83KTS9.txt [ Cookie:admin@ad2.adfarm1.adition.com/ ]
C:\USERS\ADMIN\Cookies\H9OWRD1P.txt [ Cookie:admin@mtvn.112.2o7.net/ ]
C:\USERS\ADMIN\Cookies\SE2D9CSV.txt [ Cookie:admin@bs.serving-sys.com/ ]
C:\USERS\ADMIN\Cookies\XFLLRZW7.txt [ Cookie:admin@c.atdmt.com/ ]
C:\USERS\ADMIN\Cookies\DQ6EGWCS.txt [ Cookie:admin@apmebf.com/ ]
C:\USERS\ADMIN\Cookies\6NOSU7GK.txt [ Cookie:admin@ad.yieldmanager.com/ ]
C:\USERS\ADMIN\Cookies\ZPJNU4OA.txt [ Cookie:admin@lucidmedia.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\2RTZD4KV.txt [ Cookie:kathrin@ad.zanox.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\C34JFEQE.txt [ Cookie:kathrin@apmebf.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\219XIDBO.txt [ Cookie:kathrin@statcounter.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\47X1IR6L.txt [ Cookie:kathrin@collective-media.net/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\EOFI1XF2.txt [ Cookie:kathrin@mediaplex.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\GNX3RDVQ.txt [ Cookie:kathrin@msnportal.112.2o7.net/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\WME9NKVY.txt [ Cookie:kathrin@ad2.adfarm1.adition.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\2GSQ96OR.txt [ Cookie:kathrin@ad.yieldmanager.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\DHNATI90.txt [ Cookie:kathrin@questionmarket.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\H1P5Q6X5.txt [ Cookie:kathrin@tradedoubler.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\PVOD0QBW.txt [ Cookie:kathrin@adbrite.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\J1HLMLY6.txt [ Cookie:kathrin@2o7.net/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\O77P4XTP.txt [ Cookie:kathrin@adfarm1.adition.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\I4IKM7GG.txt [ Cookie:kathrin@atdmt.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\YHY062IO.txt [ Cookie:kathrin@ru4.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\FVALJVMQ.txt [ Cookie:kathrin@zanox.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\N3J2L5E6.txt [ Cookie:kathrin@adserver.adreactor.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\T2U7ZO2M.txt [ Cookie:kathrin@xiti.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\QXV5KMPK.txt [ Cookie:kathrin@doubleclick.net/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\DIDK017U.txt [ Cookie:kathrin@amazon-adsystem.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\WK0YSO7D.txt [ Cookie:kathrin@ad1.adfarm1.adition.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\4S0P96ZM.txt [ Cookie:kathrin@ad.dyntracker.de/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\VM3XEB02.txt [ Cookie:kathrin@bs.serving-sys.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\1ZJGKD42.txt [ Cookie:kathrin@fastclick.net/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\Z8TIW4VN.txt [ Cookie:kathrin@tribalfusion.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\4WV0FT4B.txt [ Cookie:kathrin@c.atdmt.com/ ]
C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\RSD96RR2.txt [ Cookie:kathrin@in.getclicky.com/ ]
C:\USERS\KATHRIN\Cookies\2RTZD4KV.txt [ Cookie:kathrin@ad.zanox.com/ ]
C:\USERS\KATHRIN\Cookies\C34JFEQE.txt [ Cookie:kathrin@apmebf.com/ ]
C:\USERS\KATHRIN\Cookies\219XIDBO.txt [ Cookie:kathrin@statcounter.com/ ]
C:\USERS\KATHRIN\Cookies\47X1IR6L.txt [ Cookie:kathrin@collective-media.net/ ]
C:\USERS\KATHRIN\Cookies\EOFI1XF2.txt [ Cookie:kathrin@mediaplex.com/ ]
C:\USERS\KATHRIN\Cookies\GNX3RDVQ.txt [ Cookie:kathrin@msnportal.112.2o7.net/ ]
C:\USERS\KATHRIN\Cookies\WME9NKVY.txt [ Cookie:kathrin@ad2.adfarm1.adition.com/ ]
C:\USERS\KATHRIN\Cookies\2GSQ96OR.txt [ Cookie:kathrin@ad.yieldmanager.com/ ]
C:\USERS\KATHRIN\Cookies\DHNATI90.txt [ Cookie:kathrin@questionmarket.com/ ]
C:\USERS\KATHRIN\Cookies\H1P5Q6X5.txt [ Cookie:kathrin@tradedoubler.com/ ]
C:\USERS\KATHRIN\Cookies\PVOD0QBW.txt [ Cookie:kathrin@adbrite.com/ ]
C:\USERS\KATHRIN\Cookies\J1HLMLY6.txt [ Cookie:kathrin@2o7.net/ ]
C:\USERS\KATHRIN\Cookies\O77P4XTP.txt [ Cookie:kathrin@adfarm1.adition.com/ ]
C:\USERS\KATHRIN\Cookies\I4IKM7GG.txt [ Cookie:kathrin@atdmt.com/ ]
C:\USERS\KATHRIN\Cookies\YHY062IO.txt [ Cookie:kathrin@ru4.com/ ]
C:\USERS\KATHRIN\Cookies\FVALJVMQ.txt [ Cookie:kathrin@zanox.com/ ]
C:\USERS\KATHRIN\Cookies\N3J2L5E6.txt [ Cookie:kathrin@adserver.adreactor.com/ ]
C:\USERS\KATHRIN\Cookies\T2U7ZO2M.txt [ Cookie:kathrin@xiti.com/ ]
C:\USERS\KATHRIN\Cookies\QXV5KMPK.txt [ Cookie:kathrin@doubleclick.net/ ]
C:\USERS\KATHRIN\Cookies\DIDK017U.txt [ Cookie:kathrin@amazon-adsystem.com/ ]
C:\USERS\KATHRIN\Cookies\WK0YSO7D.txt [ Cookie:kathrin@ad1.adfarm1.adition.com/ ]
C:\USERS\KATHRIN\Cookies\4S0P96ZM.txt [ Cookie:kathrin@ad.dyntracker.de/ ]
C:\USERS\KATHRIN\Cookies\VM3XEB02.txt [ Cookie:kathrin@bs.serving-sys.com/ ]
C:\USERS\KATHRIN\Cookies\1ZJGKD42.txt [ Cookie:kathrin@fastclick.net/ ]
C:\USERS\KATHRIN\Cookies\Z8TIW4VN.txt [ Cookie:kathrin@tribalfusion.com/ ]
C:\USERS\KATHRIN\Cookies\4WV0FT4B.txt [ Cookie:kathrin@c.atdmt.com/ ]
C:\USERS\KATHRIN\Cookies\RSD96RR2.txt [ Cookie:kathrin@in.getclicky.com/ ]
C:\USERS\TANK\AppData\Roaming\Microsoft\Windows\Cookies\UF0IBY4P.txt [ Cookie:tank@atdmt.com/ ]
C:\USERS\TANK\Cookies\UF0IBY4P.txt [ Cookie:tank@atdmt.com/ ]
.doubleclick.net [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
D:\!SSD-ALT\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
D:\!SSD-ALT\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ATDMT[1].TXT [ /ATDMT ]
.doubleclick.net [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
D:\!SSD-ALT\USERS\KATHRIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHRIN@2O7[1].TXT [ /2O7 ]
D:\!SSD-ALT\USERS\KATHRIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHRIN@APMEBF[1].TXT [ /APMEBF ]
.doubleclick.net [ D:\!SSD-ALT\USERS\TANK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
files.youporn.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
ia.media-imdb.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
media.mtvnservices.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
secure-us.imrworldwide.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
track.shop2market.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@FASTCLICK[1].TXT [ /FASTCLICK ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@EAS4.EMEDIATE[2].TXT [ /EAS4.EMEDIATE ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@INTERCLICK[1].TXT [ /INTERCLICK ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@MTVN.112.2O7[1].TXT [ /MTVN.112.2O7 ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@PAYPAL.112.2O7[1].TXT [ /PAYPAL.112.2O7 ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@PARTYPOKER[1].TXT [ /PARTYPOKER ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@REVSCI[2].TXT [ /REVSCI ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@SECMEDIA[1].TXT [ /SECMEDIA ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@TRACKING.HOSTGATOR[1].TXT [ /TRACKING.HOSTGATOR ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@ZANOX[2].TXT [ /ZANOX ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
cdn1.static.youporn.phncdn.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
ia.media-imdb.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
media.mtvnservices.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
objects.tremormedia.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
secure-us.imrworldwide.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
Trojan.Agent/Gen-Koobface[Bonkers]
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/RECHNER2.EXE
D:\BASIC\VISUALB\BP.EXE
D:\BASIC\VISUALB\BPNUM.EXE
D:\BASIC\VISUALB\BPNUM1.EXE
D:\BASIC\VISUALB\RECHNER2.EXE
D:\BASIC\VISUALB\VB\BP.EXE
D:\BASIC\VISUALB\VB\BPNUM.EXE
D:\BASIC\VISUALB\VB\BPNUM1.EXE
D:\BASIC\VISUALB\VB\BPNUM2.EXE
D:\BASIC\VISUALB\VB\RECHNER2.EXE
D:\BASIC\VISUALB\VB\VISUAL BASIC\SUMMENRECHNER.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE
D:\BASIC\VISUALB\VISUAL BASIC\SUMMENRECHNER.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE
ZIP ARCHIVE( D:\EINZELNE DATEIEN\PROGS.ZIP )/BPNUM2.EXE
D:\EINZELNE DATEIEN\PROGS.ZIP
ZIP ARCHIVE( D:\SCHULE\BADV.ZIP )/VB/NOTEN/NOTENBERECHNUNG.EXE
D:\SCHULE\BADV.ZIP
Trojan.Agent/Gen-ReLoader
D:\BASIC\VISUALB\VB\ZUFALL1.EXE
Trojan.Agent/Gen-Downloader
D:\SICHERUNG\DSPPITCH.EXE
D:\SICHERUNG2007SEPTEMBER\EIGENE DATEIEN\DSPPITCH.EXE
Adware.Zwangi
D:\SPIELE\RACINGPITCH\UNINSTALL.EXE
Geändert von tankie (18.05.2012 um 15:13 Uhr) |
|
19.05.2012, 12:05
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mich hat's auch erwischt - AKM VirusZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2012, 12:51
| #29 | |
| | Mich hat's auch erwischt - AKM VirusZitat:
|
|
19.05.2012, 13:27
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mich hat's auch erwischt - AKM Virus Dann ist es ja ok - da wurden ansonsten nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Mich hat's auch erwischt - AKM Virus |
| 50 euro, akm virus, disabletaskmgr, entferne, entfernen, erstelle, erstellen, erwischt, euro, freue, gestern, langs, längst, nvidia update, nvstor.sys, otl.txt, plug-in, schwer, sperrt, vieles, virus, virus entfernen, vollbild, windows, würde, zahlen, zahlt |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
