Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mich hat's auch erwischt - AKM Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.05.2012, 16:17   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.05.2012, 21:30   #17
tankie
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



bitteschön:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.05.2012 22:22:08 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 80,99% Memory free
15,95 Gb Paging File | 14,36 Gb Available in Paging File | 90,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 67,47 Gb Free Space | 60,36% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 61,86 Gb Free Space | 6,64% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 146,48 Gb Total Space | 10,35 Gb Free Space | 7,07% Space Free | Partition Type: NTFS
Drive L: | 132,98 Gb Total Space | 21,28 Gb Free Space | 16,00% Space Free | Partition Type: NTFS
Drive M: | 55,90 Gb Total Space | 53,04 Gb Free Space | 94,88% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.13 22:20:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010.05.05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.05.05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.01.09 21:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 21:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.10 20:55:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll
MOD - [2012.05.10 20:55:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.10 20:50:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 20:49:47 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.10 20:49:43 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.10 20:49:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 20:49:33 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 20:49:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 20:49:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 20:49:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2006.06.09 15:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.25 18:22:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.01 21:07:13 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.28 17:57:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2012.01.12 19:25:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010.10.27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.25 10:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.30 18:49:18 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.28 21:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.08 19:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010.12.08 19:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 16:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.08.18 02:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)
DRV:64bit: - [2010.05.05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.05.05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
 
 
IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA A7 08 12 F6 02 CD 01  [binary data]
IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\anybots.com/Anystream: C:\Users\Admin\AppData\Roaming\Anybots\Anystream\npAnystream.dll (Anybots)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.01 14:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.26 13:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.01 14:44:00 | 000,000,000 | ---D | M]
 
[2012.01.26 13:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.04.25 22:28:48 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\Z7L0CR22.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
 
O1 HOSTS File: ([2012.05.09 02:36:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C31483AC-D743-48D1-BE36-4734930422D2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) -  File not found
O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell - "" = AutoRun
O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell\AutoRun\command - "" = N:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: ASUS ShellProcess Execute - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: VX5LWxsct4OYCCz - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {19460C54-2912-9819-DD13-028CAD6588C5} - Microsoft Windows Media Player 12.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {420435CF-6E35-8C59-0B6A-1374D44868C3} - Microsoft Windows Media Player
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.13 22:20:50 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.05.11 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.11 16:04:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 16:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 16:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.06 00:01:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.02 13:14:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\chili
[2012.04.25 18:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.25 18:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.04.25 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\CAPCOM
[2012.04.22 17:08:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.13 22:20:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.05.13 21:59:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.13 14:35:33 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.13 14:35:33 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.13 14:32:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.13 14:32:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.13 14:32:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.13 14:32:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.13 14:32:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.13 14:29:21 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.05.13 14:28:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.13 14:28:12 | 2129,190,911 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.13 00:08:25 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.05.13 00:08:25 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.05.13 00:08:25 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.05.10 20:47:11 | 000,283,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.03 21:11:10 | 000,062,558 | ---- | M] () -- C:\Users\Admin\Desktop\Foto.JPG
[2012.04.30 23:02:00 | 000,000,080 | ---- | M] () -- C:\Users\Admin\AppData\Local\CrystalDiskMark30.ini
[2012.04.30 21:57:50 | 000,018,831 | ---- | M] () -- C:\Users\Admin\Desktop\Benchmark_RAMDisk.pdf
[2012.04.30 21:41:54 | 000,718,503 | ---- | M] () -- C:\Users\Admin\Desktop\Memo.m4a
[2012.04.28 19:55:58 | 000,000,435 | ---- | M] () -- C:\Users\Public\Desktop\The Walking Dead.lnk
[2012.04.25 18:22:17 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.04.25 18:22:17 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.04.25 18:22:17 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012.04.15 23:23:35 | 000,012,711 | ---- | M] () -- C:\Users\Admin\Documents\algenkur.ods
 
========== Files Created - No Company Name ==========
 
[2012.05.03 21:11:08 | 000,062,558 | ---- | C] () -- C:\Users\Admin\Desktop\Foto.JPG
[2012.04.30 22:32:41 | 000,000,080 | ---- | C] () -- C:\Users\Admin\AppData\Local\CrystalDiskMark30.ini
[2012.04.30 21:57:50 | 000,018,831 | ---- | C] () -- C:\Users\Admin\Desktop\Benchmark_RAMDisk.pdf
[2012.04.30 21:41:54 | 000,718,503 | ---- | C] () -- C:\Users\Admin\Desktop\Memo.m4a
[2012.04.30 21:32:19 | 006,074,924 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0009.WAV
[2012.04.30 21:27:26 | 012,554,412 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0019.WAV
[2012.04.30 21:18:54 | 035,419,436 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0026.WAV
[2012.04.30 21:16:04 | 020,299,756 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0028.WAV
[2012.04.28 19:55:58 | 000,000,435 | ---- | C] () -- C:\Users\Public\Desktop\The Walking Dead.lnk
[2012.04.25 18:47:39 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.04.25 18:24:15 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.04.25 18:24:15 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.04.25 18:24:15 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.04.25 18:22:17 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2012.04.25 18:22:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.04.25 18:22:17 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2012.04.25 18:22:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.04.25 18:22:17 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2012.04.15 23:23:35 | 000,012,711 | ---- | C] () -- C:\Users\Admin\Documents\algenkur.ods
[2012.02.18 12:06:44 | 000,007,604 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.01 14:41:59 | 000,183,121 | ---- | C] () -- C:\Windows\hpoins38.dat
[2012.02.01 14:41:59 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat
[2012.01.29 00:15:48 | 001,001,680 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.01.28 23:50:04 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012.01.28 23:47:49 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.01.28 18:09:04 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.01.26 12:56:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.26 12:56:40 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.02.24 19:12:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anybots
[2012.02.07 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2012.01.30 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2012.03.23 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2012.03.05 21:31:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LOVE
[2012.03.26 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MotioninJoy
[2012.02.25 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OnLive App
[2012.02.01 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2012.01.26 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2012.02.04 18:21:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Phrosh
[2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2012.02.01 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Trillian
[2012.02.06 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\DAEMON Tools Lite
[2012.05.06 12:28:56 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\LSoft Technologies
[2012.02.01 23:44:40 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Opera
[2012.05.05 23:52:01 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Trillian
[2012.02.01 23:59:23 | 000,000,000 | ---D | M] -- C:\Users\Kirby\AppData\Roaming\Opera
[2012.01.29 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\Tank\AppData\Roaming\Opera
[2012.01.29 15:10:44 | 000,000,000 | ---D | M] -- C:\Users\Tank\AppData\Roaming\Thunderbird
[2012.02.01 23:57:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Opera
[2012.03.25 13:05:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.04 14:43:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012.02.24 19:12:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anybots
[2012.02.07 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2012.01.30 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2012.05.08 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss
[2012.03.23 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2012.03.13 12:17:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HP
[2012.01.26 12:55:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2012.01.26 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2012.01.26 13:32:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Intel Corporation
[2012.03.05 21:31:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LOVE
[2012.01.26 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012.03.20 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.04.25 18:45:30 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012.03.26 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MotioninJoy
[2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012.03.17 14:17:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NVIDIA
[2012.02.25 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OnLive App
[2012.02.01 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2012.01.26 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2012.02.04 18:21:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Phrosh
[2012.05.13 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2012.02.01 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Trillian
[2012.05.13 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
[2012.01.28 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
[2003.01.04 18:21:22 | 000,643,072 | ---- | M] () -- C:\JoyToKey.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---
__________________


Alt 14.05.2012, 10:05   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) -  File not found
O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell - "" = AutoRun
O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell\AutoRun\command - "" = N:\setup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
__________________

Alt 14.05.2012, 11:48   #19
tankie
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



done. taskmanager ist immer noch von administrator deaktiviert.
edit: taskmanager ließ sich über die gruppenrichtlinien wieder aktivieren


Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Admin\AppData\Roaming\itunes_service86.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Admin\AppData\Roaming\itunes_service86.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.
File E:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.
File E:\.\Bin\ASSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.
File N:\setup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 1070386823 bytes
->Temporary Internet Files folder emptied: 167097404 bytes
->Java cache emptied: 72851 bytes
->Opera cache emptied: 3166088 bytes
->Flash cache emptied: 32004 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kathrin
->Temp folder emptied: 536786 bytes
->Temporary Internet Files folder emptied: 181471044 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5419 bytes
 
User: Kirby
->Temp folder emptied: 85550 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 6839480 bytes
 
User: Public
 
User: Tank
->Temp folder emptied: 26190103 bytes
->Temporary Internet Files folder emptied: 1901202 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 11950098 bytes
->Flash cache emptied: 1019 bytes
 
User: Tobi
->Temp folder emptied: 85550 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 8807680 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 845202566 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 14044216569 bytes
 
Total Files Cleaned = 15.610,00 mb
 
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Kathrin
->Flash cache emptied: 0 bytes
 
User: Kirby
 
User: Public
 
User: Tank
->Flash cache emptied: 0 bytes
 
User: Tobi
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05142012_124227

Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Geändert von tankie (14.05.2012 um 11:54 Uhr)

Alt 14.05.2012, 12:39   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2012, 13:03   #21
tankie
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



erledigt!
scheinen mir drucker und soundkartentreiber zu sein


Code:
ATTFilter
13:59:35.0889 4352	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
13:59:35.0964 4352	============================================================
13:59:35.0964 4352	Current date / time: 2012/05/14 13:59:35.0964
13:59:35.0964 4352	SystemInfo:
13:59:35.0964 4352	
13:59:35.0964 4352	OS Version: 6.1.7601 ServicePack: 1.0
13:59:35.0964 4352	Product type: Workstation
13:59:35.0964 4352	ComputerName: ADMIN-PC
13:59:35.0964 4352	UserName: Admin
13:59:35.0964 4352	Windows directory: C:\Windows
13:59:35.0964 4352	System windows directory: C:\Windows
13:59:35.0964 4352	Running under WOW64
13:59:35.0964 4352	Processor architecture: Intel x64
13:59:35.0964 4352	Number of processors: 4
13:59:35.0964 4352	Page size: 0x1000
13:59:35.0964 4352	Boot type: Normal boot
13:59:35.0964 4352	============================================================
13:59:36.0114 4352	Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:59:36.0114 4352	Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:59:36.0129 4352	Drive \Device\Harddisk2\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8DF2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
13:59:36.0564 4352	Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:59:36.0577 4352	============================================================
13:59:36.0577 4352	\Device\Harddisk0\DR0:
13:59:36.0577 4352	MBR partitions:
13:59:36.0577 4352	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800
13:59:36.0577 4352	\Device\Harddisk1\DR1:
13:59:36.0577 4352	MBR partitions:
13:59:36.0577 4352	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
13:59:36.0577 4352	\Device\Harddisk2\DR2:
13:59:36.0577 4352	MBR partitions:
13:59:36.0577 4352	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F8021
13:59:36.0589 4352	\Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x124F809F, BlocksNum 0x109F34C1
13:59:36.0589 4352	\Device\Harddisk3\DR3:
13:59:36.0589 4352	MBR partitions:
13:59:36.0589 4352	\Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:59:36.0589 4352	============================================================
13:59:36.0589 4352	C: <-> \Device\Harddisk1\DR1\Partition0
13:59:36.0637 4352	D: <-> \Device\Harddisk3\DR3\Partition0
13:59:36.0672 4352	H: <-> \Device\Harddisk2\DR2\Partition0
13:59:36.0707 4352	L: <-> \Device\Harddisk2\DR2\Partition1
13:59:36.0709 4352	M: <-> \Device\Harddisk0\DR0\Partition0
13:59:36.0709 4352	============================================================
13:59:36.0709 4352	Initialize success
13:59:36.0709 4352	============================================================
14:01:43.0680 4944	============================================================
14:01:43.0680 4944	Scan started
14:01:43.0680 4944	Mode: Manual; SigCheck; TDLFS; 
14:01:43.0680 4944	============================================================
14:01:43.0790 4944	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:01:43.0836 4944	1394ohci - ok
14:01:43.0852 4944	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:01:43.0852 4944	ACPI - ok
14:01:43.0852 4944	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:01:43.0868 4944	AcpiPmi - ok
14:01:43.0868 4944	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:01:43.0883 4944	AdobeARMservice - ok
14:01:43.0899 4944	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:01:43.0899 4944	AdobeFlashPlayerUpdateSvc - ok
14:01:43.0914 4944	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:01:43.0930 4944	adp94xx - ok
14:01:43.0946 4944	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:01:43.0946 4944	adpahci - ok
14:01:43.0961 4944	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:01:43.0961 4944	adpu320 - ok
14:01:43.0961 4944	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:01:43.0992 4944	AeLookupSvc - ok
14:01:44.0008 4944	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:01:44.0008 4944	AFD - ok
14:01:44.0024 4944	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:01:44.0024 4944	agp440 - ok
14:01:44.0024 4944	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:01:44.0039 4944	ALG - ok
14:01:44.0039 4944	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:01:44.0039 4944	aliide - ok
14:01:44.0055 4944	ALSysIO - ok
14:01:44.0055 4944	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:01:44.0055 4944	amdide - ok
14:01:44.0055 4944	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:01:44.0070 4944	AmdK8 - ok
14:01:44.0070 4944	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:01:44.0070 4944	AmdPPM - ok
14:01:44.0086 4944	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:01:44.0086 4944	amdsata - ok
14:01:44.0102 4944	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:01:44.0102 4944	amdsbs - ok
14:01:44.0102 4944	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:01:44.0117 4944	amdxata - ok
14:01:44.0117 4944	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:01:44.0133 4944	AppID - ok
14:01:44.0133 4944	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:01:44.0148 4944	AppIDSvc - ok
14:01:44.0164 4944	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:01:44.0180 4944	Appinfo - ok
14:01:44.0180 4944	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:01:44.0195 4944	AppMgmt - ok
14:01:44.0195 4944	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:01:44.0211 4944	arc - ok
14:01:44.0211 4944	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:01:44.0211 4944	arcsas - ok
14:01:44.0242 4944	asComSvc        (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
14:01:44.0273 4944	asComSvc - ok
14:01:44.0289 4944	asHmComSvc      (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
14:01:44.0304 4944	asHmComSvc - ok
14:01:44.0320 4944	AsIO            (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
14:01:44.0320 4944	AsIO - ok
14:01:44.0351 4944	asmthub3        (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
14:01:44.0367 4944	asmthub3 - ok
14:01:44.0367 4944	asmtxhci        (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:01:44.0382 4944	asmtxhci - ok
14:01:44.0398 4944	AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
14:01:44.0398 4944	AsSysCtrlService - ok
14:01:44.0414 4944	AsUpIO          (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
14:01:44.0414 4944	AsUpIO - ok
14:01:44.0445 4944	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:44.0460 4944	AsyncMac - ok
14:01:44.0460 4944	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:01:44.0476 4944	atapi - ok
14:01:44.0476 4944	AthBTPort       (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
14:01:44.0476 4944	AthBTPort - ok
14:01:44.0476 4944	ATHDFU          (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
14:01:44.0492 4944	ATHDFU - ok
14:01:44.0492 4944	AtherosSvc      (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:01:44.0492 4944	AtherosSvc - ok
14:01:44.0507 4944	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:01:44.0538 4944	AudioEndpointBuilder - ok
14:01:44.0538 4944	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:01:44.0554 4944	AudioSrv - ok
14:01:44.0570 4944	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:01:44.0570 4944	AxInstSV - ok
14:01:44.0585 4944	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:01:44.0601 4944	b06bdrv - ok
14:01:44.0616 4944	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:01:44.0616 4944	b57nd60a - ok
14:01:44.0632 4944	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:01:44.0632 4944	BDESVC - ok
14:01:44.0632 4944	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:01:44.0648 4944	Beep - ok
14:01:44.0679 4944	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:01:44.0694 4944	BFE - ok
14:01:44.0726 4944	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:01:44.0757 4944	BITS - ok
14:01:44.0757 4944	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:01:44.0757 4944	blbdrive - ok
14:01:44.0772 4944	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:01:44.0772 4944	bowser - ok
14:01:44.0772 4944	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:01:44.0788 4944	BrFiltLo - ok
14:01:44.0788 4944	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:01:44.0788 4944	BrFiltUp - ok
14:01:44.0804 4944	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:01:44.0819 4944	Browser - ok
14:01:44.0835 4944	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:01:44.0835 4944	Brserid - ok
14:01:44.0835 4944	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:44.0850 4944	BrSerWdm - ok
14:01:44.0850 4944	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:44.0866 4944	BrUsbMdm - ok
14:01:44.0866 4944	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:44.0866 4944	BrUsbSer - ok
14:01:44.0882 4944	BTATH_A2DP      (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
14:01:44.0882 4944	BTATH_A2DP - ok
14:01:44.0882 4944	BTATH_BUS       (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
14:01:44.0882 4944	BTATH_BUS - ok
14:01:44.0897 4944	BTATH_HCRP      (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:01:44.0897 4944	BTATH_HCRP - ok
14:01:44.0897 4944	BTATH_LWFLT     (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:01:44.0913 4944	BTATH_LWFLT - ok
14:01:44.0913 4944	BTATH_RCP       (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
14:01:44.0913 4944	BTATH_RCP - ok
14:01:44.0928 4944	BtFilter        (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
14:01:44.0928 4944	BtFilter - ok
14:01:44.0944 4944	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
14:01:44.0944 4944	BthEnum - ok
14:01:44.0944 4944	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:01:44.0960 4944	BTHMODEM - ok
14:01:44.0960 4944	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:01:44.0975 4944	BthPan - ok
14:01:44.0991 4944	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
14:01:44.0991 4944	BTHPORT - ok
14:01:45.0006 4944	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:01:45.0022 4944	bthserv - ok
14:01:45.0022 4944	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
14:01:45.0022 4944	BTHUSB - ok
14:01:45.0038 4944	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:01:45.0053 4944	cdfs - ok
14:01:45.0053 4944	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:01:45.0069 4944	cdrom - ok
14:01:45.0069 4944	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:01:45.0100 4944	CertPropSvc - ok
14:01:45.0100 4944	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:01:45.0100 4944	circlass - ok
14:01:45.0116 4944	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:01:45.0131 4944	CLFS - ok
14:01:45.0131 4944	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:01:45.0131 4944	clr_optimization_v2.0.50727_32 - ok
14:01:45.0147 4944	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:01:45.0147 4944	clr_optimization_v2.0.50727_64 - ok
14:01:45.0162 4944	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:01:45.0162 4944	clr_optimization_v4.0.30319_32 - ok
14:01:45.0162 4944	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:01:45.0178 4944	clr_optimization_v4.0.30319_64 - ok
14:01:45.0178 4944	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:01:45.0178 4944	CmBatt - ok
14:01:45.0194 4944	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:01:45.0194 4944	cmdide - ok
14:01:45.0209 4944	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:01:45.0225 4944	CNG - ok
14:01:45.0225 4944	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:01:45.0225 4944	Compbatt - ok
14:01:45.0225 4944	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:01:45.0240 4944	CompositeBus - ok
14:01:45.0240 4944	COMSysApp - ok
14:01:45.0240 4944	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:01:45.0240 4944	crcdisk - ok
14:01:45.0256 4944	Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:01:45.0256 4944	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:01:45.0256 4944	Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:01:45.0256 4944	Creative Dolby Digital Live Pack Licensing Service (80f3d3a4c202cda7ca886d126f9a39d9) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
14:01:45.0256 4944	Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:01:45.0256 4944	Creative Dolby Digital Live Pack Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:01:45.0272 4944	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:01:45.0287 4944	CryptSvc - ok
14:01:45.0303 4944	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:01:45.0318 4944	CSC - ok
14:01:45.0334 4944	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:01:45.0350 4944	CscService - ok
14:01:45.0350 4944	CT20XUT         (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
14:01:45.0350 4944	CT20XUT - ok
14:01:45.0350 4944	CT20XUT.SYS     (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
14:01:45.0365 4944	CT20XUT.SYS - ok
14:01:45.0381 4944	ctac32k         (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
14:01:45.0381 4944	ctac32k - ok
14:01:45.0396 4944	ctaud2k         (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
14:01:45.0412 4944	ctaud2k - ok
14:01:45.0428 4944	CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:01:45.0428 4944	CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
14:01:45.0428 4944	CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
14:01:45.0459 4944	CTEXFIFX        (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
14:01:45.0474 4944	CTEXFIFX - ok
14:01:45.0521 4944	CTEXFIFX.SYS    (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
14:01:45.0537 4944	CTEXFIFX.SYS - ok
14:01:45.0568 4944	CTHWIUT         (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
14:01:45.0568 4944	CTHWIUT - ok
14:01:45.0568 4944	CTHWIUT.SYS     (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
14:01:45.0568 4944	CTHWIUT.SYS - ok
14:01:45.0584 4944	ctprxy2k        (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
14:01:45.0584 4944	ctprxy2k - ok
14:01:45.0584 4944	ctsfm2k         (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
14:01:45.0599 4944	ctsfm2k - ok
14:01:45.0615 4944	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:01:45.0630 4944	DcomLaunch - ok
14:01:45.0646 4944	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:01:45.0662 4944	defragsvc - ok
14:01:45.0677 4944	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:01:45.0693 4944	DfsC - ok
14:01:45.0708 4944	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:01:45.0724 4944	Dhcp - ok
14:01:45.0724 4944	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:01:45.0755 4944	discache - ok
14:01:45.0755 4944	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:01:45.0755 4944	Disk - ok
14:01:45.0771 4944	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:01:45.0771 4944	dmvsc - ok
14:01:45.0771 4944	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:01:45.0786 4944	Dnscache - ok
14:01:45.0786 4944	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:01:45.0818 4944	dot3svc - ok
14:01:45.0818 4944	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:01:45.0833 4944	Dot4 - ok
14:01:45.0833 4944	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:01:45.0833 4944	Dot4Print - ok
14:01:45.0833 4944	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:01:45.0849 4944	dot4usb - ok
14:01:45.0864 4944	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:01:45.0880 4944	DPS - ok
14:01:45.0880 4944	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:01:45.0880 4944	drmkaud - ok
14:01:45.0896 4944	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:01:45.0896 4944	dtsoftbus01 - ok
14:01:45.0927 4944	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:01:45.0942 4944	DXGKrnl - ok
14:01:45.0942 4944	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:01:45.0974 4944	EapHost - ok
14:01:46.0036 4944	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:01:46.0067 4944	ebdrv - ok
14:01:46.0098 4944	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:01:46.0098 4944	EFS - ok
14:01:46.0130 4944	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:01:46.0145 4944	ehRecvr - ok
14:01:46.0145 4944	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:01:46.0145 4944	ehSched - ok
14:01:46.0176 4944	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:01:46.0176 4944	elxstor - ok
14:01:46.0192 4944	emupia          (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
14:01:46.0192 4944	emupia - ok
14:01:46.0192 4944	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:01:46.0192 4944	ErrDev - ok
14:01:46.0208 4944	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:01:46.0239 4944	EventSystem - ok
14:01:46.0254 4944	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:01:46.0270 4944	exfat - ok
14:01:46.0286 4944	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:01:46.0301 4944	fastfat - ok
14:01:46.0317 4944	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:01:46.0332 4944	Fax - ok
14:01:46.0332 4944	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:01:46.0348 4944	fdc - ok
14:01:46.0348 4944	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:01:46.0364 4944	fdPHost - ok
14:01:46.0364 4944	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:01:46.0379 4944	FDResPub - ok
14:01:46.0395 4944	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:01:46.0395 4944	FileInfo - ok
14:01:46.0395 4944	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:01:46.0410 4944	Filetrace - ok
14:01:46.0426 4944	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:01:46.0426 4944	flpydisk - ok
14:01:46.0442 4944	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:01:46.0442 4944	FltMgr - ok
14:01:46.0473 4944	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:01:46.0488 4944	FontCache - ok
14:01:46.0488 4944	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:01:46.0504 4944	FontCache3.0.0.0 - ok
14:01:46.0504 4944	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:01:46.0504 4944	FsDepends - ok
14:01:46.0520 4944	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:01:46.0520 4944	Fs_Rec - ok
14:01:46.0520 4944	Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
14:01:46.0535 4944	Futuremark SystemInfo Service - ok
14:01:46.0535 4944	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:01:46.0551 4944	fvevol - ok
14:01:46.0551 4944	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:01:46.0551 4944	gagp30kx - ok
14:01:46.0582 4944	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:01:46.0598 4944	gpsvc - ok
14:01:46.0644 4944	ha20x2k         (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
14:01:46.0660 4944	ha20x2k - ok
14:01:46.0676 4944	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:01:46.0691 4944	hcw85cir - ok
14:01:46.0691 4944	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:01:46.0707 4944	HdAudAddService - ok
14:01:46.0722 4944	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:01:46.0722 4944	HDAudBus - ok
14:01:46.0722 4944	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:01:46.0738 4944	HidBatt - ok
14:01:46.0738 4944	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:01:46.0754 4944	HidBth - ok
14:01:46.0754 4944	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:01:46.0754 4944	HidIr - ok
14:01:46.0769 4944	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:01:46.0785 4944	hidserv - ok
14:01:46.0785 4944	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:01:46.0800 4944	HidUsb - ok
14:01:46.0800 4944	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:01:46.0816 4944	hkmsvc - ok
14:01:46.0832 4944	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:01:46.0832 4944	HomeGroupListener - ok
14:01:46.0847 4944	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:01:46.0847 4944	HomeGroupProvider - ok
14:01:46.0863 4944	hpqcxs08        (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:01:47.0315 4944	hpqcxs08 - ok
14:01:47.0315 4944	hpqddsvc        (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:01:47.0331 4944	hpqddsvc - ok
14:01:47.0331 4944	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:01:47.0346 4944	HpSAMD - ok
14:01:47.0362 4944	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:01:47.0393 4944	HTTP - ok
14:01:47.0393 4944	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:01:47.0393 4944	hwpolicy - ok
14:01:47.0393 4944	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:01:47.0409 4944	i8042prt - ok
14:01:47.0424 4944	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
14:01:47.0424 4944	iaStor - ok
14:01:47.0424 4944	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:01:47.0440 4944	IAStorDataMgrSvc - ok
14:01:47.0440 4944	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:01:47.0456 4944	iaStorV - ok
14:01:47.0456 4944	ICCWDT          (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
14:01:47.0456 4944	ICCWDT - ok
14:01:47.0487 4944	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:01:47.0502 4944	idsvc - ok
14:01:47.0502 4944	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:01:47.0502 4944	iirsp - ok
14:01:47.0534 4944	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:01:47.0549 4944	IKEEXT - ok
14:01:47.0612 4944	IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
14:01:47.0643 4944	IntcAzAudAddService - ok
14:01:47.0658 4944	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:01:47.0674 4944	intelide - ok
14:01:47.0674 4944	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:01:47.0690 4944	intelppm - ok
14:01:47.0690 4944	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:01:47.0705 4944	IPBusEnum - ok
14:01:47.0705 4944	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:47.0736 4944	IpFilterDriver - ok
14:01:47.0752 4944	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:01:47.0768 4944	iphlpsvc - ok
14:01:47.0768 4944	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:01:47.0783 4944	IPMIDRV - ok
14:01:47.0783 4944	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:01:47.0814 4944	IPNAT - ok
14:01:47.0814 4944	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:01:47.0814 4944	IRENUM - ok
14:01:47.0814 4944	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:01:47.0830 4944	isapnp - ok
14:01:47.0830 4944	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:01:47.0846 4944	iScsiPrt - ok
14:01:47.0846 4944	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:01:47.0861 4944	kbdclass - ok
14:01:47.0861 4944	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:01:47.0861 4944	kbdhid - ok
14:01:47.0861 4944	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:47.0877 4944	KeyIso - ok
14:01:47.0877 4944	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:01:47.0877 4944	KSecDD - ok
14:01:47.0892 4944	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:01:47.0892 4944	KSecPkg - ok
14:01:47.0892 4944	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:01:47.0908 4944	ksthunk - ok
14:01:47.0924 4944	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:01:47.0955 4944	KtmRm - ok
14:01:47.0955 4944	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:01:47.0970 4944	LanmanServer - ok
14:01:47.0986 4944	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:01:48.0002 4944	LanmanWorkstation - ok
14:01:48.0017 4944	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:01:48.0033 4944	lltdio - ok
14:01:48.0048 4944	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:01:48.0064 4944	lltdsvc - ok
14:01:48.0064 4944	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:01:48.0080 4944	lmhosts - ok
14:01:48.0095 4944	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:01:48.0095 4944	LSI_FC - ok
14:01:48.0111 4944	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:01:48.0111 4944	LSI_SAS - ok
14:01:48.0111 4944	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:01:48.0126 4944	LSI_SAS2 - ok
14:01:48.0126 4944	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:01:48.0142 4944	LSI_SCSI - ok
14:01:48.0142 4944	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:01:48.0158 4944	luafv - ok
14:01:48.0158 4944	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:01:48.0173 4944	MBAMProtector - ok
14:01:48.0189 4944	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:01:48.0189 4944	MBAMService - ok
14:01:48.0204 4944	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:01:48.0204 4944	Mcx2Svc - ok
14:01:48.0204 4944	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:01:48.0220 4944	megasas - ok
14:01:48.0220 4944	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:01:48.0236 4944	MegaSR - ok
14:01:48.0236 4944	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:01:48.0236 4944	MEIx64 - ok
14:01:48.0251 4944	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:01:48.0267 4944	MMCSS - ok
14:01:48.0267 4944	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:01:48.0282 4944	Modem - ok
14:01:48.0282 4944	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:01:48.0298 4944	monitor - ok
14:01:48.0298 4944	MotioninJoyXFilter (65ed1932bcfe5003389d65f6c3ef51c8) C:\Windows\system32\DRIVERS\MijXfilt.sys
14:01:48.0314 4944	MotioninJoyXFilter - ok
14:01:48.0314 4944	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:01:48.0314 4944	mouclass - ok
14:01:48.0314 4944	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:01:48.0329 4944	mouhid - ok
14:01:48.0329 4944	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:01:48.0329 4944	mountmgr - ok
14:01:48.0345 4944	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:01:48.0345 4944	mpio - ok
14:01:48.0345 4944	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:01:48.0376 4944	mpsdrv - ok
14:01:48.0407 4944	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:01:48.0423 4944	MpsSvc - ok
14:01:48.0438 4944	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:01:48.0438 4944	MRxDAV - ok
14:01:48.0454 4944	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:48.0454 4944	mrxsmb - ok
14:01:48.0470 4944	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:48.0470 4944	mrxsmb10 - ok
14:01:48.0470 4944	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:48.0485 4944	mrxsmb20 - ok
14:01:48.0485 4944	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:01:48.0485 4944	msahci - ok
14:01:48.0501 4944	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:01:48.0501 4944	msdsm - ok
14:01:48.0516 4944	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:01:48.0516 4944	MSDTC - ok
14:01:48.0516 4944	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:01:48.0548 4944	Msfs - ok
14:01:48.0548 4944	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:01:48.0563 4944	mshidkmdf - ok
14:01:48.0563 4944	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:01:48.0579 4944	msisadrv - ok
14:01:48.0579 4944	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:01:48.0594 4944	MSiSCSI - ok
14:01:48.0594 4944	msiserver - ok
14:01:48.0594 4944	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:01:48.0626 4944	MSKSSRV - ok
14:01:48.0626 4944	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:48.0641 4944	MSPCLOCK - ok
14:01:48.0641 4944	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:01:48.0657 4944	MSPQM - ok
14:01:48.0672 4944	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:01:48.0688 4944	MsRPC - ok
14:01:48.0688 4944	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:01:48.0688 4944	mssmbios - ok
14:01:48.0688 4944	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:01:48.0704 4944	MSTEE - ok
14:01:48.0719 4944	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:01:48.0719 4944	MTConfig - ok
14:01:48.0719 4944	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:01:48.0735 4944	Mup - ok
14:01:48.0735 4944	mv91xx          (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
14:01:48.0750 4944	mv91xx - ok
14:01:48.0766 4944	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:01:48.0782 4944	napagent - ok
14:01:48.0797 4944	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:01:48.0813 4944	NativeWifiP - ok
14:01:48.0844 4944	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:01:48.0860 4944	NDIS - ok
14:01:48.0860 4944	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:48.0891 4944	NdisCap - ok
14:01:48.0891 4944	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:48.0906 4944	NdisTapi - ok
14:01:48.0906 4944	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:48.0938 4944	Ndisuio - ok
14:01:48.0938 4944	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:48.0953 4944	NdisWan - ok
14:01:48.0969 4944	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:01:48.0984 4944	NDProxy - ok
14:01:48.0984 4944	Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
14:01:48.0984 4944	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:01:48.0984 4944	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:01:48.0984 4944	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:01:49.0016 4944	NetBIOS - ok
14:01:49.0031 4944	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:01:49.0047 4944	NetBT - ok
14:01:49.0047 4944	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:49.0047 4944	Netlogon - ok
14:01:49.0078 4944	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:01:49.0094 4944	Netman - ok
14:01:49.0109 4944	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:01:49.0140 4944	netprofm - ok
14:01:49.0140 4944	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:01:49.0156 4944	NetTcpPortSharing - ok
14:01:49.0156 4944	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:01:49.0156 4944	nfrd960 - ok
14:01:49.0172 4944	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:01:49.0187 4944	NlaSvc - ok
14:01:49.0203 4944	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:01:49.0218 4944	Npfs - ok
14:01:49.0218 4944	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:01:49.0234 4944	nsi - ok
14:01:49.0234 4944	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:01:49.0265 4944	nsiproxy - ok
14:01:49.0296 4944	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:01:49.0328 4944	Ntfs - ok
14:01:49.0343 4944	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:01:49.0359 4944	Null - ok
14:01:49.0374 4944	NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
14:01:49.0374 4944	NVHDA - ok
14:01:49.0671 4944	nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:01:49.0796 4944	nvlddmkm - ok
14:01:49.0811 4944	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:01:49.0827 4944	nvraid - ok
14:01:49.0827 4944	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:01:49.0842 4944	nvstor - ok
14:01:49.0858 4944	nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
14:01:49.0874 4944	nvsvc - ok
14:01:49.0936 4944	nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:01:49.0952 4944	nvUpdatusService - ok
14:01:49.0983 4944	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:01:49.0998 4944	nv_agp - ok
14:01:49.0998 4944	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:01:49.0998 4944	ohci1394 - ok
14:01:50.0014 4944	ossrv           (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
14:01:50.0014 4944	ossrv - ok
14:01:50.0030 4944	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:01:50.0045 4944	p2pimsvc - ok
14:01:50.0061 4944	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:01:50.0061 4944	p2psvc - ok
14:01:50.0076 4944	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:01:50.0076 4944	Parport - ok
14:01:50.0092 4944	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:01:50.0092 4944	partmgr - ok
14:01:50.0092 4944	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:01:50.0108 4944	PcaSvc - ok
14:01:50.0123 4944	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:01:50.0123 4944	pci - ok
14:01:50.0123 4944	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:01:50.0139 4944	pciide - ok
14:01:50.0139 4944	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:01:50.0154 4944	pcmcia - ok
14:01:50.0154 4944	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:01:50.0154 4944	pcw - ok
14:01:50.0170 4944	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:01:50.0201 4944	PEAUTH - ok
14:01:50.0232 4944	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:01:50.0248 4944	PeerDistSvc - ok
14:01:50.0279 4944	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:01:50.0279 4944	PerfHost - ok
14:01:50.0342 4944	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:01:50.0373 4944	pla - ok
14:01:50.0388 4944	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:01:50.0404 4944	PlugPlay - ok
14:01:50.0404 4944	Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
14:01:50.0404 4944	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:01:50.0404 4944	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:01:50.0404 4944	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:01:50.0420 4944	PNRPAutoReg - ok
14:01:50.0435 4944	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:01:50.0435 4944	PNRPsvc - ok
14:01:50.0451 4944	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:01:50.0466 4944	PolicyAgent - ok
14:01:50.0482 4944	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:01:50.0498 4944	Power - ok
14:01:50.0513 4944	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:01:50.0529 4944	PptpMiniport - ok
14:01:50.0544 4944	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:01:50.0544 4944	Processor - ok
14:01:50.0560 4944	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:01:50.0576 4944	ProfSvc - ok
14:01:50.0576 4944	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:50.0576 4944	ProtectedStorage - ok
14:01:50.0591 4944	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:01:50.0607 4944	Psched - ok
14:01:50.0654 4944	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:01:50.0669 4944	ql2300 - ok
14:01:50.0700 4944	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:01:50.0700 4944	ql40xx - ok
14:01:50.0716 4944	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:01:50.0716 4944	QWAVE - ok
14:01:50.0732 4944	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:01:50.0732 4944	QWAVEdrv - ok
14:01:50.0732 4944	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:01:50.0747 4944	RasAcd - ok
14:01:50.0763 4944	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:50.0778 4944	RasAgileVpn - ok
14:01:50.0778 4944	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:01:50.0810 4944	RasAuto - ok
14:01:50.0810 4944	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:50.0825 4944	Rasl2tp - ok
14:01:50.0841 4944	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:01:50.0856 4944	RasMan - ok
14:01:50.0872 4944	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:50.0888 4944	RasPppoe - ok
14:01:50.0888 4944	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:01:50.0919 4944	RasSstp - ok
14:01:50.0919 4944	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:01:50.0950 4944	rdbss - ok
14:01:50.0950 4944	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:01:50.0950 4944	rdpbus - ok
14:01:50.0966 4944	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:50.0981 4944	RDPCDD - ok
14:01:50.0981 4944	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:01:50.0997 4944	RDPDR - ok
14:01:50.0997 4944	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:01:51.0012 4944	RDPENCDD - ok
14:01:51.0012 4944	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:01:51.0044 4944	RDPREFMP - ok
14:01:51.0044 4944	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:01:51.0044 4944	RDPWD - ok
14:01:51.0059 4944	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:01:51.0059 4944	rdyboost - ok
14:01:51.0075 4944	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:01:51.0090 4944	RemoteAccess - ok
14:01:51.0090 4944	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:01:51.0122 4944	RemoteRegistry - ok
14:01:51.0122 4944	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:01:51.0137 4944	RFCOMM - ok
14:01:51.0137 4944	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:01:51.0153 4944	RpcEptMapper - ok
14:01:51.0168 4944	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:01:51.0168 4944	RpcLocator - ok
14:01:51.0184 4944	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:01:51.0215 4944	RpcSs - ok
14:01:51.0215 4944	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:01:51.0231 4944	rspndr - ok
14:01:51.0246 4944	RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:01:51.0262 4944	RTL8167 - ok
14:01:51.0262 4944	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:01:51.0262 4944	s3cap - ok
14:01:51.0262 4944	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:51.0278 4944	SamSs - ok
14:01:51.0278 4944	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:01:51.0293 4944	sbp2port - ok
14:01:51.0293 4944	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:01:51.0324 4944	SCardSvr - ok
14:01:51.0324 4944	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:01:51.0340 4944	scfilter - ok
14:01:51.0371 4944	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:01:51.0402 4944	Schedule - ok
14:01:51.0402 4944	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:01:51.0434 4944	SCPolicySvc - ok
14:01:51.0434 4944	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:01:51.0449 4944	SDRSVC - ok
14:01:51.0449 4944	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:01:51.0465 4944	secdrv - ok
14:01:51.0480 4944	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:01:51.0496 4944	seclogon - ok
14:01:51.0496 4944	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:01:51.0512 4944	SENS - ok
14:01:51.0512 4944	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:01:51.0527 4944	SensrSvc - ok
14:01:51.0527 4944	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:01:51.0527 4944	Serenum - ok
14:01:51.0543 4944	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:01:51.0543 4944	Serial - ok
14:01:51.0543 4944	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:01:51.0558 4944	sermouse - ok
14:01:51.0558 4944	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:01:51.0590 4944	SessionEnv - ok
14:01:51.0590 4944	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:01:51.0590 4944	sffdisk - ok
14:01:51.0590 4944	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:01:51.0605 4944	sffp_mmc - ok
14:01:51.0605 4944	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:01:51.0621 4944	sffp_sd - ok
14:01:51.0621 4944	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:01:51.0621 4944	sfloppy - ok
14:01:51.0636 4944	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:01:51.0652 4944	SharedAccess - ok
14:01:51.0668 4944	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:01:51.0699 4944	ShellHWDetection - ok
14:01:51.0699 4944	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:01:51.0699 4944	SiSRaid2 - ok
14:01:51.0699 4944	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:01:51.0714 4944	SiSRaid4 - ok
14:01:51.0714 4944	SkypeUpdate     (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:01:51.0714 4944	SkypeUpdate - ok
14:01:51.0730 4944	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:01:51.0746 4944	Smb - ok
14:01:51.0746 4944	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:01:51.0761 4944	SNMPTRAP - ok
14:01:51.0761 4944	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:01:51.0761 4944	spldr - ok
14:01:51.0777 4944	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:01:51.0808 4944	Spooler - ok
14:01:51.0917 4944	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:01:51.0964 4944	sppsvc - ok
14:01:51.0995 4944	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:01:52.0011 4944	sppuinotify - ok
14:01:52.0026 4944	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:01:52.0042 4944	srv - ok
14:01:52.0042 4944	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:01:52.0073 4944	srv2 - ok
14:01:52.0089 4944	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:01:52.0089 4944	srvnet - ok
14:01:52.0104 4944	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:01:52.0120 4944	SSDPSRV - ok
14:01:52.0136 4944	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:01:52.0151 4944	SstpSvc - ok
14:01:52.0151 4944	Steam Client Service - ok
14:01:52.0167 4944	Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:01:52.0167 4944	Stereo Service - ok
14:01:52.0182 4944	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:01:52.0182 4944	stexstor - ok
14:01:52.0198 4944	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:01:52.0214 4944	stisvc - ok
14:01:52.0214 4944	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:01:52.0214 4944	storflt - ok
14:01:52.0229 4944	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:01:52.0229 4944	StorSvc - ok
14:01:52.0229 4944	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:01:52.0245 4944	storvsc - ok
14:01:52.0245 4944	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:01:52.0245 4944	swenum - ok
14:01:52.0260 4944	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:01:52.0276 4944	swprv - ok
14:01:52.0338 4944	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:01:52.0354 4944	SysMain - ok
14:01:52.0385 4944	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:01:52.0401 4944	TabletInputService - ok
14:01:52.0401 4944	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:01:52.0432 4944	TapiSrv - ok
14:01:52.0432 4944	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:01:52.0448 4944	TBS - ok
14:01:52.0510 4944	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:01:52.0526 4944	Tcpip - ok
14:01:52.0588 4944	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:01:52.0619 4944	TCPIP6 - ok
14:01:52.0635 4944	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:01:52.0666 4944	tcpipreg - ok
14:01:52.0666 4944	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:01:52.0666 4944	TDPIPE - ok
14:01:52.0666 4944	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:01:52.0682 4944	TDTCP - ok
14:01:52.0682 4944	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:01:52.0697 4944	tdx - ok
14:01:52.0697 4944	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:01:52.0713 4944	TermDD - ok
14:01:52.0728 4944	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:01:52.0760 4944	TermService - ok
14:01:52.0760 4944	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:01:52.0760 4944	Themes - ok
14:01:52.0775 4944	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:01:52.0791 4944	THREADORDER - ok
14:01:52.0791 4944	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:01:52.0822 4944	TrkWks - ok
14:01:52.0822 4944	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:01:52.0838 4944	TrustedInstaller - ok
14:01:52.0853 4944	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:52.0869 4944	tssecsrv - ok
14:01:52.0869 4944	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:01:52.0884 4944	TsUsbFlt - ok
14:01:52.0884 4944	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:01:52.0884 4944	TsUsbGD - ok
14:01:52.0900 4944	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:01:52.0916 4944	tunnel - ok
14:01:52.0916 4944	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:01:52.0916 4944	uagp35 - ok
14:01:52.0931 4944	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:01:52.0947 4944	udfs - ok
14:01:52.0962 4944	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:01:52.0962 4944	UI0Detect - ok
14:01:52.0962 4944	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:01:52.0978 4944	uliagpkx - ok
14:01:52.0978 4944	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:01:52.0978 4944	umbus - ok
14:01:52.0994 4944	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:01:52.0994 4944	UmPass - ok
14:01:52.0994 4944	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:01:53.0009 4944	UmRdpService - ok
14:01:53.0025 4944	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:01:53.0040 4944	upnphost - ok
14:01:53.0056 4944	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:53.0056 4944	usbccgp - ok
14:01:53.0056 4944	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:01:53.0072 4944	usbcir - ok
14:01:53.0072 4944	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:01:53.0072 4944	usbehci - ok
14:01:53.0087 4944	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:01:53.0103 4944	usbhub - ok
14:01:53.0103 4944	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:01:53.0103 4944	usbohci - ok
14:01:53.0103 4944	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:01:53.0118 4944	usbprint - ok
14:01:53.0118 4944	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:01:53.0118 4944	usbscan - ok
14:01:53.0134 4944	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:53.0134 4944	USBSTOR - ok
14:01:53.0134 4944	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:01:53.0150 4944	usbuhci - ok
14:01:53.0150 4944	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:01:53.0165 4944	UxSms - ok
14:01:53.0165 4944	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:53.0181 4944	VaultSvc - ok
14:01:53.0181 4944	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:01:53.0181 4944	vdrvroot - ok
14:01:53.0196 4944	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:01:53.0228 4944	vds - ok
14:01:53.0228 4944	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:53.0228 4944	vga - ok
14:01:53.0228 4944	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:01:53.0259 4944	VgaSave - ok
14:01:53.0259 4944	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:01:53.0274 4944	vhdmp - ok
14:01:53.0274 4944	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:01:53.0274 4944	viaide - ok
14:01:53.0274 4944	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:01:53.0290 4944	vmbus - ok
14:01:53.0290 4944	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:01:53.0290 4944	VMBusHID - ok
14:01:53.0306 4944	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:01:53.0306 4944	volmgr - ok
14:01:53.0321 4944	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:01:53.0321 4944	volmgrx - ok
14:01:53.0337 4944	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:01:53.0337 4944	volsnap - ok
14:01:53.0352 4944	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:01:53.0352 4944	vsmraid - ok
14:01:53.0399 4944	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:01:53.0430 4944	VSS - ok
14:01:53.0462 4944	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:01:53.0462 4944	vwifibus - ok
14:01:53.0477 4944	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:01:53.0508 4944	W32Time - ok
14:01:53.0508 4944	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:01:53.0508 4944	WacomPen - ok
14:01:53.0524 4944	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:53.0540 4944	WANARP - ok
14:01:53.0540 4944	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:53.0555 4944	Wanarpv6 - ok
14:01:53.0586 4944	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:01:53.0618 4944	WatAdminSvc - ok
14:01:53.0649 4944	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:01:53.0664 4944	wbengine - ok
14:01:53.0696 4944	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:01:53.0711 4944	WbioSrvc - ok
14:01:53.0727 4944	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:01:53.0742 4944	wcncsvc - ok
14:01:53.0742 4944	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:01:53.0742 4944	WcsPlugInService - ok
14:01:53.0758 4944	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:01:53.0758 4944	Wd - ok
14:01:53.0774 4944	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:01:53.0789 4944	Wdf01000 - ok
14:01:53.0789 4944	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:01:53.0805 4944	WdiServiceHost - ok
14:01:53.0805 4944	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:01:53.0820 4944	WdiSystemHost - ok
14:01:53.0820 4944	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:01:53.0836 4944	WebClient - ok
14:01:53.0852 4944	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:01:53.0867 4944	Wecsvc - ok
14:01:53.0867 4944	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:01:53.0898 4944	wercplsupport - ok
14:01:53.0898 4944	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:01:53.0914 4944	WerSvc - ok
14:01:53.0930 4944	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:53.0945 4944	WfpLwf - ok
14:01:53.0945 4944	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:01:53.0945 4944	WIMMount - ok
14:01:53.0961 4944	WinDefend - ok
14:01:53.0961 4944	WinHttpAutoProxySvc - ok
14:01:53.0976 4944	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:01:53.0992 4944	Winmgmt - ok
14:01:54.0039 4944	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:01:54.0086 4944	WinRM - ok
14:01:54.0101 4944	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:01:54.0117 4944	WinUsb - ok
14:01:54.0148 4944	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:01:54.0164 4944	Wlansvc - ok
14:01:54.0210 4944	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:01:54.0242 4944	wlidsvc - ok
14:01:54.0257 4944	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:01:54.0273 4944	WmiAcpi - ok
14:01:54.0288 4944	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:01:54.0288 4944	wmiApSrv - ok
14:01:54.0288 4944	WMPNetworkSvc - ok
14:01:54.0288 4944	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:01:54.0304 4944	WPCSvc - ok
14:01:54.0304 4944	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:01:54.0320 4944	WPDBusEnum - ok
14:01:54.0320 4944	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:01:54.0335 4944	ws2ifsl - ok
14:01:54.0351 4944	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:01:54.0351 4944	wscsvc - ok
14:01:54.0351 4944	WSearch - ok
14:01:54.0429 4944	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:01:54.0460 4944	wuauserv - ok
14:01:54.0491 4944	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:01:54.0507 4944	WudfPf - ok
14:01:54.0522 4944	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:54.0538 4944	WUDFRd - ok
14:01:54.0538 4944	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:01:54.0569 4944	wudfsvc - ok
14:01:54.0569 4944	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:01:54.0585 4944	WwanSvc - ok
14:01:54.0585 4944	xusb21          (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
14:01:54.0600 4944	xusb21 - ok
14:01:54.0600 4944	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:01:54.0616 4944	\Device\Harddisk0\DR0 - ok
14:01:54.0616 4944	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:01:54.0632 4944	\Device\Harddisk1\DR1 - ok
14:01:54.0632 4944	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:01:54.0881 4944	\Device\Harddisk2\DR2 - ok
14:01:54.0897 4944	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
14:01:55.0380 4944	\Device\Harddisk3\DR3 - ok
14:01:55.0380 4944	Boot (0x1200)   (f3f598491f1db825652a0aa1a16ba5b7) \Device\Harddisk0\DR0\Partition0
14:01:55.0380 4944	\Device\Harddisk0\DR0\Partition0 - ok
14:01:55.0380 4944	Boot (0x1200)   (59f511f0ca707a106080b204be1c1be5) \Device\Harddisk1\DR1\Partition0
14:01:55.0380 4944	\Device\Harddisk1\DR1\Partition0 - ok
14:01:55.0380 4944	Boot (0x1200)   (e76b0698b2aaf707033e277d43d832f6) \Device\Harddisk2\DR2\Partition0
14:01:55.0380 4944	\Device\Harddisk2\DR2\Partition0 - ok
14:01:55.0380 4944	Boot (0x1200)   (de50b70a7e3bde0e3a5f180ff388d748) \Device\Harddisk2\DR2\Partition1
14:01:55.0380 4944	\Device\Harddisk2\DR2\Partition1 - ok
14:01:55.0380 4944	Boot (0x1200)   (5a24a3b538f9fec1ebc11a854a7a45a5) \Device\Harddisk3\DR3\Partition0
14:01:55.0380 4944	\Device\Harddisk3\DR3\Partition0 - ok
14:01:55.0380 4944	============================================================
14:01:55.0380 4944	Scan finished
14:01:55.0380 4944	============================================================
14:01:55.0396 3616	Detected object count: 5
14:01:55.0396 3616	Actual detected object count: 5
14:02:08.0469 3616	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:02:08.0469 3616	Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616	Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:02:08.0469 3616	CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616	CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:02:08.0469 3616	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:02:08.0469 3616	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:08.0469 3616	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 14.05.2012, 13:12   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2012, 15:37   #23
tankie
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-14.02 - Admin 14.05.2012  14:48:47.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8169.6470 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Love
c:\users\Admin\AppData\Roaming\Love\mari0\options.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-14 bis 2012-05-14  ))))))))))))))))))))))))))))))
.
.
2012-05-14 12:50 . 2012-05-14 12:50	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-05-14 12:50 . 2012-05-14 12:50	--------	d-----w-	c:\users\Tobi\AppData\Local\temp
2012-05-11 15:02 . 2012-05-11 15:02	--------	d-----w-	c:\program files (x86)\ESET
2012-05-11 14:04 . 2012-05-11 14:04	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 14:04 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-11 13:34 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{27D6F924-D1B3-4477-B2D7-DB14B2D42FC1}\mpengine.dll
2012-05-06 11:59 . 2012-05-06 11:59	--------	d-----w-	c:\users\Kathrin\AppData\Local\CrashDumps
2012-05-06 10:28 . 2012-05-06 10:28	--------	d-----w-	c:\users\Kathrin\AppData\Roaming\LSoft Technologies
2012-05-06 10:28 . 2012-05-06 10:28	--------	d-----w-	c:\users\Kathrin\AppData\Roaming\InstallShield Installation Information
2012-05-05 22:07 . 2012-05-05 23:46	--------	d-----w-	c:\users\Kathrin\AppData\Roaming\vlc
2012-05-05 22:01 . 2012-05-08 18:50	--------	d-----w-	C:\_OTL
2012-05-05 21:51 . 2012-05-05 21:52	--------	d-----w-	c:\users\Kathrin\AppData\Roaming\Trillian
2012-04-25 16:25 . 2012-04-25 16:25	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-04-25 16:22 . 2008-02-04 09:27	102400	----a-w-	c:\windows\SysWow64\cttele32.dll
2012-04-25 16:22 . 2009-03-26 12:48	190976	----a-w-	c:\windows\system32\APOMgr64.DLL
2012-04-25 16:22 . 2009-03-26 12:46	148480	----a-w-	c:\windows\SysWow64\APOMngr.DLL
2012-04-25 16:22 . 2009-02-06 16:53	89088	----a-w-	c:\windows\system32\CmdRtr64.DLL
2012-04-25 16:22 . 2009-02-06 16:52	73728	----a-w-	c:\windows\SysWow64\CmdRtr.DLL
2012-04-22 15:08 . 2012-05-13 15:32	--------	d-----w-	c:\users\Admin\AppData\Roaming\vlc
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 16:48 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-25 16:48 . 2009-08-18 09:24	19352	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-25 16:22 . 2012-01-28 16:09	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2012-04-25 16:22 . 2012-01-28 16:09	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-04-25 16:22 . 2012-01-28 16:09	123480	----a-w-	c:\windows\system32\OpenAL32.dll
2012-04-25 16:22 . 2012-01-28 16:09	109144	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-04-01 19:07 . 2012-04-01 19:07	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 19:07 . 2012-01-26 11:14	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-25 08:26 . 2012-03-26 19:32	115272	----a-w-	c:\windows\system32\drivers\MijXfilt.sys
2012-03-01 06:46 . 2012-04-11 21:02	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 21:02	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 21:02	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 21:02	5120	----a-w-	c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 21:02	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 21:02	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 21:02	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 21:03	2311168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 21:03	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 21:03	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 21:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 21:03	1799168	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 21:03	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 21:03	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 21:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-02-26 17:20 . 2012-02-26 17:20	98304	----a-w-	c:\windows\SysWow64\CmdLineExt.dll
2012-02-23 08:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 17:45	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 17:45	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 17:45	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 17:45	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17151624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-4-26 2379616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-25 79360]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2012-01-28 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 93581421
*Deregistered* - 93581421
*Deregistered* - RTCore64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = 
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
AddRemove-Alan Wake_is1 - m:\alan wake\unins000.exe
AddRemove-Dear Esther_is1 - m:\dear esther\unins000.exe
AddRemove-Deponia - m:\deponia\uninstall.exe
AddRemove-Metro 2033 Update 2_is1 - m:\metro 2033\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-14  14:51:41
ComboFix-quarantined-files.txt  2012-05-14 12:51
.
Vor Suchlauf: 11 Verzeichnis(se), 76.271.321.088 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 75.759.415.296 Bytes frei
.
- - End Of File - - 707CFD667CD2ABDFFE171157794A6B5B
         
--- --- ---

Alt 14.05.2012, 18:40   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.05.2012, 18:58   #25
tankie
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-15 19:52:35
-----------------------------
19:52:35.420    OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:35.420    Number of processors: 4 586 0x2A07
19:52:35.420    ComputerName: ADMIN-PC  UserName: Admin
19:52:35.593    Initialize success
19:53:42.702    AVAST engine defs: 12051500
19:54:01.287    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:54:01.289    Disk 0 Vendor: OCZ-VERT 1.27 Size: 57241MB BusType: 3
19:54:01.290    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
19:54:01.291    Disk 1 Vendor: OCZ-VERT 2.13 Size: 114473MB BusType: 3
19:54:01.292    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
19:54:01.294    Disk 2 Vendor: Maxtor_6 BANC Size: 286168MB BusType: 3
19:54:01.295    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
19:54:01.296    Disk 3 Vendor: WDC_WD10 51.0 Size: 953869MB BusType: 3
19:54:01.298    Disk 1 MBR read successfully
19:54:01.300    Disk 1 MBR scan
19:54:01.303    Disk 1 Windows 7 default MBR code
19:54:01.305    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       114471 MB offset 2048
19:54:01.309    Disk 1 scanning C:\Windows\system32\drivers
19:54:03.475    Service scanning
19:54:08.415    Modules scanning
19:54:08.418    Disk 1 trace - called modules:
19:54:08.423    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
19:54:08.425    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8008fd5060]
19:54:08.428    3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80078f8050]
19:54:08.605    AVAST engine scan C:\Windows
19:54:09.102    AVAST engine scan C:\Windows\system32
19:54:55.316    AVAST engine scan C:\Windows\system32\drivers
19:54:57.901    AVAST engine scan C:\Users\Admin
19:55:08.064    AVAST engine scan C:\ProgramData
19:55:10.517    Scan finished successfully
19:57:34.774    Disk 1 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
19:57:34.777    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
         

Alt 16.05.2012, 12:15   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.05.2012, 14:21   #27
tankie
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [Administrator]

Schutz: Aktiviert

18.05.2012 14:41:59
mbam-log-2012-05-18 (14-41-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 774031
Laufzeit: 33 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/18/2012 at 03:56 PM

Application Version : 5.0.1148

Core Rules Database Version : 8616
Trace Rules Database Version: 6428

Scan type       : Complete Scan
Total Scan Time : 00:36:11

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 585
Memory threats detected   : 0
Registry items scanned    : 65420
Registry threats detected : 0
File items scanned        : 216844
File threats detected     : 191

Adware.Tracking Cookie
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OKFOQZ80.txt [ /adfarm1.adition.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R4FQ59SW.txt [ /advertising.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7KGQAKG8.txt [ /atdmt.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5DUAUNT5.txt [ /ad.zanox.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KE9NXU4G.txt [ /media6degrees.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5C9WMMWI.txt [ /adbrite.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O34Q6MYD.txt [ /doubleclick.net ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TQ91FUJ9.txt [ /at.atwola.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\M7TN4K07.txt [ /www.etracker.de ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O12YUT5A.txt [ /imrworldwide.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J5GKHL28.txt [ /serving-sys.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SR97VC57.txt [ /www.googleadservices.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8SMEXBHV.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NIM2L4AS.txt [ /ru4.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O9BAK0CB.txt [ /mediaplex.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WCKAHJIZ.txt [ /tribalfusion.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BWL24PLD.txt [ /arvatodigitalservices.112.2o7.net ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VM83KTS9.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H9OWRD1P.txt [ /mtvn.112.2o7.net ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\33Y1LMXK.txt [ /tradedoubler.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SE2D9CSV.txt [ /bs.serving-sys.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XFLLRZW7.txt [ /c.atdmt.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DQ6EGWCS.txt [ /apmebf.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6NOSU7GK.txt [ /ad.yieldmanager.com ]
	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZPJNU4OA.txt [ /lucidmedia.com ]
	C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt [ Cookie:admin@doubleclick.net/ ]
	C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@c.atdmt[2].txt [ Cookie:admin@c.atdmt.com/ ]
	C:\USERS\ADMIN\Cookies\OKFOQZ80.txt [ Cookie:admin@adfarm1.adition.com/ ]
	C:\USERS\ADMIN\Cookies\R4FQ59SW.txt [ Cookie:admin@advertising.com/ ]
	C:\USERS\ADMIN\Cookies\5DUAUNT5.txt [ Cookie:admin@ad.zanox.com/ ]
	C:\USERS\ADMIN\Cookies\KE9NXU4G.txt [ Cookie:admin@media6degrees.com/ ]
	C:\USERS\ADMIN\Cookies\5C9WMMWI.txt [ Cookie:admin@adbrite.com/ ]
	C:\USERS\ADMIN\Cookies\O34Q6MYD.txt [ Cookie:admin@doubleclick.net/ ]
	C:\USERS\ADMIN\Cookies\TQ91FUJ9.txt [ Cookie:admin@at.atwola.com/ ]
	C:\USERS\ADMIN\Cookies\J5GKHL28.txt [ Cookie:admin@serving-sys.com/ ]
	C:\USERS\ADMIN\Cookies\SR97VC57.txt [ Cookie:admin@www.googleadservices.com/pagead/conversion/1013361525/ ]
	C:\USERS\ADMIN\Cookies\8SMEXBHV.txt [ Cookie:admin@ad1.adfarm1.adition.com/ ]
	C:\USERS\ADMIN\Cookies\NIM2L4AS.txt [ Cookie:admin@ru4.com/ ]
	C:\USERS\ADMIN\Cookies\O9BAK0CB.txt [ Cookie:admin@mediaplex.com/ ]
	C:\USERS\ADMIN\Cookies\WCKAHJIZ.txt [ Cookie:admin@tribalfusion.com/ ]
	C:\USERS\ADMIN\Cookies\BWL24PLD.txt [ Cookie:admin@arvatodigitalservices.112.2o7.net/ ]
	C:\USERS\ADMIN\Cookies\VM83KTS9.txt [ Cookie:admin@ad2.adfarm1.adition.com/ ]
	C:\USERS\ADMIN\Cookies\H9OWRD1P.txt [ Cookie:admin@mtvn.112.2o7.net/ ]
	C:\USERS\ADMIN\Cookies\SE2D9CSV.txt [ Cookie:admin@bs.serving-sys.com/ ]
	C:\USERS\ADMIN\Cookies\XFLLRZW7.txt [ Cookie:admin@c.atdmt.com/ ]
	C:\USERS\ADMIN\Cookies\DQ6EGWCS.txt [ Cookie:admin@apmebf.com/ ]
	C:\USERS\ADMIN\Cookies\6NOSU7GK.txt [ Cookie:admin@ad.yieldmanager.com/ ]
	C:\USERS\ADMIN\Cookies\ZPJNU4OA.txt [ Cookie:admin@lucidmedia.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\2RTZD4KV.txt [ Cookie:kathrin@ad.zanox.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\C34JFEQE.txt [ Cookie:kathrin@apmebf.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\219XIDBO.txt [ Cookie:kathrin@statcounter.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\47X1IR6L.txt [ Cookie:kathrin@collective-media.net/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\EOFI1XF2.txt [ Cookie:kathrin@mediaplex.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\GNX3RDVQ.txt [ Cookie:kathrin@msnportal.112.2o7.net/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\WME9NKVY.txt [ Cookie:kathrin@ad2.adfarm1.adition.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\2GSQ96OR.txt [ Cookie:kathrin@ad.yieldmanager.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\DHNATI90.txt [ Cookie:kathrin@questionmarket.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\H1P5Q6X5.txt [ Cookie:kathrin@tradedoubler.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\PVOD0QBW.txt [ Cookie:kathrin@adbrite.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\J1HLMLY6.txt [ Cookie:kathrin@2o7.net/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\O77P4XTP.txt [ Cookie:kathrin@adfarm1.adition.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\I4IKM7GG.txt [ Cookie:kathrin@atdmt.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\YHY062IO.txt [ Cookie:kathrin@ru4.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\FVALJVMQ.txt [ Cookie:kathrin@zanox.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\N3J2L5E6.txt [ Cookie:kathrin@adserver.adreactor.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\T2U7ZO2M.txt [ Cookie:kathrin@xiti.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\QXV5KMPK.txt [ Cookie:kathrin@doubleclick.net/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\DIDK017U.txt [ Cookie:kathrin@amazon-adsystem.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\WK0YSO7D.txt [ Cookie:kathrin@ad1.adfarm1.adition.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\4S0P96ZM.txt [ Cookie:kathrin@ad.dyntracker.de/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\VM3XEB02.txt [ Cookie:kathrin@bs.serving-sys.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\1ZJGKD42.txt [ Cookie:kathrin@fastclick.net/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\Z8TIW4VN.txt [ Cookie:kathrin@tribalfusion.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\4WV0FT4B.txt [ Cookie:kathrin@c.atdmt.com/ ]
	C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\RSD96RR2.txt [ Cookie:kathrin@in.getclicky.com/ ]
	C:\USERS\KATHRIN\Cookies\2RTZD4KV.txt [ Cookie:kathrin@ad.zanox.com/ ]
	C:\USERS\KATHRIN\Cookies\C34JFEQE.txt [ Cookie:kathrin@apmebf.com/ ]
	C:\USERS\KATHRIN\Cookies\219XIDBO.txt [ Cookie:kathrin@statcounter.com/ ]
	C:\USERS\KATHRIN\Cookies\47X1IR6L.txt [ Cookie:kathrin@collective-media.net/ ]
	C:\USERS\KATHRIN\Cookies\EOFI1XF2.txt [ Cookie:kathrin@mediaplex.com/ ]
	C:\USERS\KATHRIN\Cookies\GNX3RDVQ.txt [ Cookie:kathrin@msnportal.112.2o7.net/ ]
	C:\USERS\KATHRIN\Cookies\WME9NKVY.txt [ Cookie:kathrin@ad2.adfarm1.adition.com/ ]
	C:\USERS\KATHRIN\Cookies\2GSQ96OR.txt [ Cookie:kathrin@ad.yieldmanager.com/ ]
	C:\USERS\KATHRIN\Cookies\DHNATI90.txt [ Cookie:kathrin@questionmarket.com/ ]
	C:\USERS\KATHRIN\Cookies\H1P5Q6X5.txt [ Cookie:kathrin@tradedoubler.com/ ]
	C:\USERS\KATHRIN\Cookies\PVOD0QBW.txt [ Cookie:kathrin@adbrite.com/ ]
	C:\USERS\KATHRIN\Cookies\J1HLMLY6.txt [ Cookie:kathrin@2o7.net/ ]
	C:\USERS\KATHRIN\Cookies\O77P4XTP.txt [ Cookie:kathrin@adfarm1.adition.com/ ]
	C:\USERS\KATHRIN\Cookies\I4IKM7GG.txt [ Cookie:kathrin@atdmt.com/ ]
	C:\USERS\KATHRIN\Cookies\YHY062IO.txt [ Cookie:kathrin@ru4.com/ ]
	C:\USERS\KATHRIN\Cookies\FVALJVMQ.txt [ Cookie:kathrin@zanox.com/ ]
	C:\USERS\KATHRIN\Cookies\N3J2L5E6.txt [ Cookie:kathrin@adserver.adreactor.com/ ]
	C:\USERS\KATHRIN\Cookies\T2U7ZO2M.txt [ Cookie:kathrin@xiti.com/ ]
	C:\USERS\KATHRIN\Cookies\QXV5KMPK.txt [ Cookie:kathrin@doubleclick.net/ ]
	C:\USERS\KATHRIN\Cookies\DIDK017U.txt [ Cookie:kathrin@amazon-adsystem.com/ ]
	C:\USERS\KATHRIN\Cookies\WK0YSO7D.txt [ Cookie:kathrin@ad1.adfarm1.adition.com/ ]
	C:\USERS\KATHRIN\Cookies\4S0P96ZM.txt [ Cookie:kathrin@ad.dyntracker.de/ ]
	C:\USERS\KATHRIN\Cookies\VM3XEB02.txt [ Cookie:kathrin@bs.serving-sys.com/ ]
	C:\USERS\KATHRIN\Cookies\1ZJGKD42.txt [ Cookie:kathrin@fastclick.net/ ]
	C:\USERS\KATHRIN\Cookies\Z8TIW4VN.txt [ Cookie:kathrin@tribalfusion.com/ ]
	C:\USERS\KATHRIN\Cookies\4WV0FT4B.txt [ Cookie:kathrin@c.atdmt.com/ ]
	C:\USERS\KATHRIN\Cookies\RSD96RR2.txt [ Cookie:kathrin@in.getclicky.com/ ]
	C:\USERS\TANK\AppData\Roaming\Microsoft\Windows\Cookies\UF0IBY4P.txt [ Cookie:tank@atdmt.com/ ]
	C:\USERS\TANK\Cookies\UF0IBY4P.txt [ Cookie:tank@atdmt.com/ ]
	.doubleclick.net [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.specificclick.net [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	D:\!SSD-ALT\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
	D:\!SSD-ALT\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ATDMT[1].TXT [ /ATDMT ]
	.doubleclick.net [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adfarm1.adition.com [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	D:\!SSD-ALT\USERS\KATHRIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHRIN@2O7[1].TXT [ /2O7 ]
	D:\!SSD-ALT\USERS\KATHRIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHRIN@APMEBF[1].TXT [ /APMEBF ]
	.doubleclick.net [ D:\!SSD-ALT\USERS\TANK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	files.youporn.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
	ia.media-imdb.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
	media.mtvnservices.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
	secure-us.imrworldwide.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
	track.shop2market.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@FASTCLICK[1].TXT [ /FASTCLICK ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@EAS4.EMEDIATE[2].TXT [ /EAS4.EMEDIATE ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@INTERCLICK[1].TXT [ /INTERCLICK ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@MTVN.112.2O7[1].TXT [ /MTVN.112.2O7 ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@PAYPAL.112.2O7[1].TXT [ /PAYPAL.112.2O7 ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@PARTYPOKER[1].TXT [ /PARTYPOKER ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@REVSCI[2].TXT [ /REVSCI ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@SECMEDIA[1].TXT [ /SECMEDIA ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@TRACKING.HOSTGATOR[1].TXT [ /TRACKING.HOSTGATOR ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@ZANOX[2].TXT [ /ZANOX ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
	D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
	cdn1.static.youporn.phncdn.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
	ia.media-imdb.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
	media.mtvnservices.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
	objects.tremormedia.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
	secure-us.imrworldwide.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]

Trojan.Agent/Gen-Koobface[Bonkers]
	ZIP ARCHIVE( D:\BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
	D:\BASIC\VB.ZIP
	ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BP.EXE
	ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM.EXE
	ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM1.EXE
	ZIP ARCHIVE( D:\BASIC\VB.ZIP )/RECHNER2.EXE
	D:\BASIC\VISUALB\BP.EXE
	D:\BASIC\VISUALB\BPNUM.EXE
	D:\BASIC\VISUALB\BPNUM1.EXE
	D:\BASIC\VISUALB\RECHNER2.EXE
	D:\BASIC\VISUALB\VB\BP.EXE
	D:\BASIC\VISUALB\VB\BPNUM.EXE
	D:\BASIC\VISUALB\VB\BPNUM1.EXE
	D:\BASIC\VISUALB\VB\BPNUM2.EXE
	D:\BASIC\VISUALB\VB\RECHNER2.EXE
	D:\BASIC\VISUALB\VB\VISUAL BASIC\SUMMENRECHNER.EXE
	ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
	D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP
	ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BP.EXE
	ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE
	ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE
	ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE
	D:\BASIC\VISUALB\VISUAL BASIC\SUMMENRECHNER.EXE
	ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
	D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP
	ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BP.EXE
	ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE
	ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE
	ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE
	ZIP ARCHIVE( D:\EINZELNE DATEIEN\PROGS.ZIP )/BPNUM2.EXE
	D:\EINZELNE DATEIEN\PROGS.ZIP
	ZIP ARCHIVE( D:\SCHULE\BADV.ZIP )/VB/NOTEN/NOTENBERECHNUNG.EXE
	D:\SCHULE\BADV.ZIP

Trojan.Agent/Gen-ReLoader
	D:\BASIC\VISUALB\VB\ZUFALL1.EXE

Trojan.Agent/Gen-Downloader
	D:\SICHERUNG\DSPPITCH.EXE
	D:\SICHERUNG2007SEPTEMBER\EIGENE DATEIEN\DSPPITCH.EXE

Adware.Zwangi
	D:\SPIELE\RACINGPITCH\UNINSTALL.EXE
         

Geändert von tankie (18.05.2012 um 15:13 Uhr)

Alt 19.05.2012, 12:05   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Zitat:
Trojan.Agent/Gen-Koobface[Bonkers]
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/RECHNER2.EXE
D:\BASIC\VISUALB\BP.EXE
D:\BASIC\VISUALB\BPNUM.EXE
D:\BASIC\VISUALB\BPNUM1.EXE
D:\BASIC\VISUALB\RECHNER2.EXE
D:\BASIC\VISUALB\VB\BP.EXE
D:\BASIC\VISUALB\VB\BPNUM.EXE
D:\BASIC\VISUALB\VB\BPNUM1.EXE
D:\BASIC\VISUALB\VB\BPNUM2.EXE
D:\BASIC\VISUALB\VB\RECHNER2.EXE
D:\BASIC\VISUALB\VB\VISUAL BASIC\SUMMENRECHNER.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE
D:\BASIC\VISUALB\VISUAL BASIC\SUMMENRECHNER.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE
ZIP ARCHIVE( D:\EINZELNE DATEIEN\PROGS.ZIP )/BPNUM2.EXE
D:\EINZELNE DATEIEN\PROGS.ZIP
ZIP ARCHIVE( D:\SCHULE\BADV.ZIP )/VB/NOTEN/NOTENBERECHNUNG.EXE
D:\SCHULE\BADV.ZIP

Trojan.Agent/Gen-ReLoader
D:\BASIC\VISUALB\VB\ZUFALL1.EXE

Trojan.Agent/Gen-Downloader
D:\SICHERUNG\DSPPITCH.EXE
D:\SICHERUNG2007SEPTEMBER\EIGENE DATEIEN\DSPPITCH.EXE

Adware.Zwangi
D:\SPIELE\RACINGPITCH\UNINSTALL.EXE
Diese Dateien sind dir allesamt bekannt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.05.2012, 12:51   #29
tankie
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Zitat:
Zitat von cosinus Beitrag anzeigen
Diese Dateien sind dir allesamt bekannt?
ja, davon geht keine gefahr aus

Alt 19.05.2012, 13:27   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mich hat's auch erwischt - AKM Virus - Standard

Mich hat's auch erwischt - AKM Virus



Dann ist es ja ok - da wurden ansonsten nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Mich hat's auch erwischt - AKM Virus
50 euro, akm virus, disabletaskmgr, entferne, entfernen, erstelle, erstellen, erwischt, euro, freue, gestern, langs, längst, nvidia update, nvstor.sys, otl.txt, plug-in, schwer, sperrt, vieles, virus, virus entfernen, vollbild, windows, würde, zahlen, zahlt




Ähnliche Themen: Mich hat's auch erwischt - AKM Virus


  1. 50 euro virus - auch mich hats erwischt
    Log-Analyse und Auswertung - 02.08.2015 (24)
  2. Auch mich hat es erwischt.
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (26)
  3. System Care Anti Virus...auch mich hat es erwischt
    Log-Analyse und Auswertung - 27.05.2013 (12)
  4. Repair Virus hat mich auch erwischt. HILFE
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (18)
  5. Auch mich hat der AKM Virus erwischt!
    Log-Analyse und Auswertung - 17.05.2012 (2)
  6. Auch mich hat der AKM Virus erwischt!
    Mülltonne - 17.05.2012 (1)
  7. AKM Virus hat auch mich erwischt
    Log-Analyse und Auswertung - 15.05.2012 (16)
  8. Windows Security Center Virus , mich hat es heute auch erwischt
    Log-Analyse und Auswertung - 14.03.2012 (1)
  9. Auch mich hat der Gema Virus erwischt... Bitte Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (33)
  10. 50 Euro Virus hat auch mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 28.02.2012 (27)
  11. [2x] 50 euro virus - auch mich hats erwischt
    Mülltonne - 18.02.2012 (1)
  12. Auch mich hat der Virus erwischt-bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  13. 50€ Virus hat auch mich erwischt.
    Log-Analyse und Auswertung - 18.01.2012 (8)
  14. BKA Virus hat mich dann heut auch erwischt...
    Plagegeister aller Art und deren Bekämpfung - 30.11.2011 (1)
  15. Bundespolizei-Virus: mich hat es auch erwischt!
    Log-Analyse und Auswertung - 23.11.2011 (12)
  16. BKA hat mich nun auch erwischt
    Log-Analyse und Auswertung - 17.08.2011 (7)
  17. Auch mich hat es erwischt !
    Log-Analyse und Auswertung - 07.11.2004 (3)

Zum Thema Mich hat's auch erwischt - AKM Virus - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Mich hat's auch erwischt - AKM Virus...
Archiv
Du betrachtest: Mich hat's auch erwischt - AKM Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.