| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2012, 19:34
| #16 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernenZitat:
Zitat:
Ich finde es ist ziemlich sinnfrei soviele Partitionen zu erstellen, es gibt ja nun seit langem die Möglichkeit Verzeichnisse zu erstellen fast wie man lustig ist Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.09.2012, 18:09
| #17 |
 | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hi,
__________________der aktuelle adwCleaner liefert folgenden Output: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/04/2012 um 19:05:36 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Maus - MAUS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Maus\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (de)
Profilname : default
Datei : C:\Users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6378 octets] - [16/08/2012 19:21:57]
AdwCleaner[S1].txt - [4570 octets] - [18/08/2012 18:23:06]
AdwCleaner[R2].txt - [1056 octets] - [04/09/2012 19:05:36]
########## EOF - C:\AdwCleaner[R2].txt - [1116 octets] ##########
Waterdragon |
|
04.09.2012, 19:43
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________
__________________ |
|
05.09.2012, 18:37
| #19 |
| | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hi! Und hier der Output nach dem Löschvorgang: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/05/2012 um 19:31:19 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Maus - MAUS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Maus\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v14.0.1 (de)
Profilname : default
Datei : C:\Users\Maus\AppData\Roaming\Mozilla\Firefox\Profiles\siytadi4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6378 octets] - [16/08/2012 19:21:57]
AdwCleaner[S1].txt - [4570 octets] - [18/08/2012 18:23:06]
AdwCleaner[R2].txt - [1185 octets] - [04/09/2012 19:05:36]
AdwCleaner[R3].txt - [1245 octets] - [04/09/2012 19:07:57]
AdwCleaner[S2].txt - [1540 octets] - [05/09/2012 19:31:19]
########## EOF - C:\AdwCleaner[S2].txt - [1600 octets] ##########
Waterdragon |
|
06.09.2012, 12:39
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2012, 17:48
| #21 |
| | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hi cosinus, es geht alles normal, im Startmenü fehlt nichts, keine leeren Ordner. Grüße, Waterdragon |
|
06.09.2012, 20:37
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.09.2012, 18:08
| #23 |
| | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hi! Und hier das Log des OTL-Scans: Code:
ATTFilter OTL logfile created on: 08.09.2012 18:56:09 - Run 4 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Maus\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,69% Memory free 8,17 Gb Paging File | 6,80 Gb Available in Paging File | 83,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 12,52 Gb Free Space | 25,64% Space Free | Partition Type: NTFS Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,81% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 15,33 Gb Free Space | 31,39% Space Free | Partition Type: NTFS Drive F: | 48,83 Gb Total Space | 24,74 Gb Free Space | 50,66% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 39,52 Gb Free Space | 80,93% Space Free | Partition Type: NTFS Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS Drive I: | 78,13 Gb Total Space | 51,70 Gb Free Space | 66,18% Space Free | Partition Type: NTFS Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS Drive K: | 78,13 Gb Total Space | 49,26 Gb Free Space | 63,05% Space Free | Partition Type: NTFS Drive L: | 39,07 Gb Total Space | 16,21 Gb Free Space | 41,49% Space Free | Partition Type: NTFS Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (NMSAccess) -- I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 49 7C B7 4F 8C CD 01 [binary data] IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Maus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions [2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions [2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.08.16 21:34:10 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ] O32 - AutoRun File - [2012.08.16 21:33:03 | 000,001,582 | ---- | M] () - F:\Auto.md5 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.25 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\NeoSmart_Technologies [2012.08.25 17:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies [2012.08.22 16:37:32 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Unity [2012.08.21 16:43:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe [2012.08.16 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\GHISLER [2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\totalcmd [2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander [2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\GHISLER [2012.08.16 19:15:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.14 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Western Digital [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401 [2012.08.14 19:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics [2012.08.14 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2012.08.14 19:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DP Hash [2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DP Hash [2012.08.12 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited [2012.08.12 12:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.08.11 16:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET ========== Files - Modified Within 30 Days ========== [2012.09.08 19:00:36 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.08 19:00:36 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.08 19:00:36 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.08 19:00:36 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.08 19:00:36 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.08 18:53:59 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 18:53:59 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 18:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.04 19:04:56 | 000,511,265 | ---- | M] () -- C:\Users\Maus\Desktop\adwcleaner.exe [2012.08.21 16:43:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe ========== Files Created - No Company Name ========== [2012.09.04 19:04:55 | 000,511,265 | ---- | C] () -- C:\Users\Maus\Desktop\adwcleaner.exe [2012.08.24 18:49:39 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@ [2012.08.24 18:45:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@ [2012.08.17 17:11:36 | 000,001,792 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ [2012.08.12 12:02:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012.08.12 12:02:53 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys [2012.08.12 12:02:53 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable [2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@ [2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@ [2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe [2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited [2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF [2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER [2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org [2012.09.07 12:42:46 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.02 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Adobe [2012.05.29 06:32:13 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\ATI [2012.05.28 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Avira [2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited [2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF [2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER [2012.05.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Identities [2012.05.28 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Macromedia [2012.08.08 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Media Center Programs [2012.08.14 20:23:42 | 000,000,000 | --SD | M] -- C:\Users\Maus\AppData\Roaming\Microsoft [2012.05.28 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Mozilla [2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org [2012.07.02 21:52:22 | 000,000,000 | RH-D | M] -- C:\Users\Maus\AppData\Roaming\SecuROM [2012.07.01 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.19 06:34:16 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys [2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2008.01.19 07:09:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll [2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll [2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll [2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll [2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > Waterdragon |
|
10.09.2012, 15:21
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernenCode:
ATTFilter OTL by OldTimer - Version 3.2.58.1
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.09.2012, 19:35
| #25 |
| | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Arrr ... hatte ich übersehen. Also hier nochmal das Log nach dem Scan mit der aktuellen Version: Code:
ATTFilter OTL logfile created on: 10.09.2012 20:23:37 - Run 5 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Maus\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,30% Memory free 8,17 Gb Paging File | 6,80 Gb Available in Paging File | 83,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 13,43 Gb Free Space | 27,50% Space Free | Partition Type: NTFS Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,81% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 15,33 Gb Free Space | 31,39% Space Free | Partition Type: NTFS Drive F: | 48,83 Gb Total Space | 24,71 Gb Free Space | 50,60% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 39,52 Gb Free Space | 80,93% Space Free | Partition Type: NTFS Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS Drive I: | 78,13 Gb Total Space | 51,56 Gb Free Space | 65,99% Space Free | Partition Type: NTFS Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS Drive K: | 78,13 Gb Total Space | 55,27 Gb Free Space | 70,74% Space Free | Partition Type: NTFS Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (NMSAccess) -- I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 49 7C B7 4F 8C CD 01 [binary data] IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Maus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions [2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions [2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.08.16 21:34:10 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ] O32 - AutoRun File - [2012.08.16 21:33:03 | 000,001,582 | ---- | M] () - F:\Auto.md5 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.10 20:21:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe [2012.09.10 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2012.08.25 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\NeoSmart_Technologies [2012.08.25 17:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies [2012.08.22 16:37:32 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Unity [2012.08.16 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\GHISLER [2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\totalcmd [2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander [2012.08.16 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\GHISLER [2012.08.16 19:15:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.14 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Local\Western Digital [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404 [2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401 [2012.08.14 19:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics [2012.08.14 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2012.08.14 19:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DP Hash [2012.08.13 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DP Hash [2012.08.12 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited [2012.08.12 12:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited ========== Files - Modified Within 30 Days ========== [2012.09.10 20:27:15 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.10 20:27:15 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.10 20:27:15 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.10 20:27:15 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.10 20:27:15 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.10 20:22:00 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe [2012.09.10 20:20:04 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 20:20:04 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 20:20:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.04 19:04:56 | 000,511,265 | ---- | M] () -- C:\Users\Maus\Desktop\adwcleaner.exe ========== Files Created - No Company Name ========== [2012.09.04 19:04:55 | 000,511,265 | ---- | C] () -- C:\Users\Maus\Desktop\adwcleaner.exe [2012.08.24 18:49:39 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@ [2012.08.24 18:45:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@ [2012.08.17 17:11:36 | 000,001,792 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ [2012.08.12 12:02:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012.08.12 12:02:53 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys [2012.08.12 12:02:53 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable [2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@ [2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@ [2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe [2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited [2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF [2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER [2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org [2012.09.10 17:43:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.02 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Adobe [2012.05.29 06:32:13 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\ATI [2012.05.28 19:19:10 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Avira [2012.08.12 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Canneverbe Limited [2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF [2012.08.16 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\GHISLER [2012.05.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Identities [2012.05.28 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Macromedia [2012.08.08 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Media Center Programs [2012.08.14 20:23:42 | 000,000,000 | --SD | M] -- C:\Users\Maus\AppData\Roaming\Microsoft [2012.05.28 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Mozilla [2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org [2012.07.02 21:52:22 | 000,000,000 | RH-D | M] -- C:\Users\Maus\AppData\Roaming\SecuROM [2012.07.01 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.19 06:34:16 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys [2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2008.01.19 07:09:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll [2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll [2012.05.28 20:05:20 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll [2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2012.05.28 20:05:20 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll [2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\0aec2e2b13cd59ce9f4d307c92b135db\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > Waterdragon |
|
10.09.2012, 21:08
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:34:10 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ]
O32 - AutoRun File - [2012.08.16 21:33:03 | 000,001,582 | ---- | M] () - F:\Auto.md5 -- [ NTFS ]
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2012.08.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
:Files
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}
C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache
G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2012, 19:02
| #27 |
| | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hi! Hier das Log, welches sich nach dem Reboot geöffnet hat: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
File not found.
F:\Auto.md5 moved successfully.
Folder move failed. C:\Windows\SysNative\2C0A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0C0A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0C04 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0816 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0804 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0424 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041F scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041E scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041D scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041B scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0419 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0416 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0415 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0414 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0413 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0412 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0411 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0410 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040E scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040D scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040C scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040B scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0409 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0408 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0406 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0405 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0404 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0401 scheduled to be moved on reboot.
========== FILES ==========
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U folder moved successfully.
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\L folder moved successfully.
C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4} folder moved successfully.
C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U folder moved successfully.
C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\L folder moved successfully.
C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4} folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File\Folder G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000 not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Maus\Desktop\cmd.bat deleted successfully.
C:\Users\Maus\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Maus
->Temp folder emptied: 748102 bytes
->Temporary Internet Files folder emptied: 85484160 bytes
->FireFox cache emptied: 713748275 bytes
->Flash cache emptied: 99202 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24610300 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 111620528 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 750 bytes
RecycleBin emptied: 12183983 bytes
Total Files Cleaned = 905,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.3 log created on 09112012_194748
Files\Folders moved on Reboot...
Folder move failed. C:\Windows\SysNative\2C0A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0C0A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0C04 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0816 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0804 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0424 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041F scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041E scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041D scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\041B scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0419 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0416 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0415 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0414 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0413 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0412 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0411 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0410 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040E scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040D scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040C scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040B scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\040A scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0409 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0408 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0406 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0405 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0404 scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\0401 scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\adoapn_AppNexusDemoActionTag_1[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\gossipcenter[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\if[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FGXQCJ\st[11] not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\banner[5].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\banner[6].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\djs28[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\gossipcenter[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\iframe3[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\like[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\NoScript[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\NoScript[2].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\pd[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\pd[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\pd[4].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\pixel[1].gif moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\plusone[2].js not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\statstracker[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\st[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\st[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\st[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\st[4] not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\vFBea8GMEQM[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\video[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\view[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNMSNLOQ\view[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\banner[5].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\ca[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\d[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\gossipcenter_com[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\knw79[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVT58CG9\load[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWWU1XW0\chevrolet-corvette-zr1-chases-200-mph-in-europe-epic-drives-episode-3[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5X7SUTQ\zsa52[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H83NKII6\pd[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARIXYACZ\xxz97[1].htm moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Waterdragon |
|
11.09.2012, 23:09
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.09.2012, 18:43
| #29 |
| | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hi! Hier das Log vom TDSS-Killer: Code:
ATTFilter 19:38:49.0462 3812 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:38:49.0618 3812 ============================================================
19:38:49.0618 3812 Current date / time: 2012/09/14 19:38:49.0618
19:38:49.0618 3812 SystemInfo:
19:38:49.0618 3812
19:38:49.0618 3812 OS Version: 6.0.6002 ServicePack: 2.0
19:38:49.0618 3812 Product type: Workstation
19:38:49.0618 3812 ComputerName: MAUS-PC
19:38:49.0618 3812 UserName: Maus
19:38:49.0618 3812 Windows directory: C:\Windows
19:38:49.0618 3812 System windows directory: C:\Windows
19:38:49.0618 3812 Running under WOW64
19:38:49.0618 3812 Processor architecture: Intel x64
19:38:49.0618 3812 Number of processors: 4
19:38:49.0618 3812 Page size: 0x1000
19:38:49.0618 3812 Boot type: Normal boot
19:38:49.0618 3812 ============================================================
19:38:50.0492 3812 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:50.0507 3812 ============================================================
19:38:50.0507 3812 \Device\Harddisk0\DR0:
19:38:50.0507 3812 MBR partitions:
19:38:50.0507 3812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5BEC78
19:38:50.0507 3812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5BECF6, BlocksNum 0x61AB7E8
19:38:50.0507 3812 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x676A51D, BlocksNum 0x61AB7E8
19:38:50.0523 3812 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xC915D44, BlocksNum 0x61AB7E8
19:38:50.0523 3812 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x12AC156B, BlocksNum 0x61AB7E8
19:38:50.0523 3812 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x18C6CD92, BlocksNum 0x9C41AD8
19:38:50.0538 3812 \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0x228AE8A9, BlocksNum 0x9C41AD8
19:38:50.0554 3812 \Device\Harddisk0\DR0\Partition8: MBR, Type 0x7, StartLBA 0x2C4F03C0, BlocksNum 0x9C41AD8
19:38:50.0554 3812 \Device\Harddisk0\DR0\Partition9: MBR, Type 0x7, StartLBA 0x36131ED7, BlocksNum 0x9C41AD8
19:38:50.0585 3812 \Device\Harddisk0\DR0\Partition10: MBR, Type 0x7, StartLBA 0x44B966DA, BlocksNum 0x30D7B35
19:38:50.0585 3812 \Device\Harddisk0\DR0\Partition11: MBR, Type 0x7, StartLBA 0x47C6E24E, BlocksNum 0x1388AFC
19:38:50.0616 3812 ============================================================
19:38:50.0632 3812 C: <-> \Device\Harddisk0\DR0\Partition3
19:38:50.0663 3812 D: <-> \Device\Harddisk0\DR0\Partition1
19:38:50.0663 3812 E: <-> \Device\Harddisk0\DR0\Partition2
19:38:50.0694 3812 F: <-> \Device\Harddisk0\DR0\Partition4
19:38:50.0710 3812 G: <-> \Device\Harddisk0\DR0\Partition5
19:38:50.0726 3812 H: <-> \Device\Harddisk0\DR0\Partition6
19:38:50.0757 3812 I: <-> \Device\Harddisk0\DR0\Partition7
19:38:50.0804 3812 J: <-> \Device\Harddisk0\DR0\Partition8
19:38:50.0835 3812 K: <-> \Device\Harddisk0\DR0\Partition9
19:38:50.0850 3812 M: <-> \Device\Harddisk0\DR0\Partition10
19:38:50.0866 3812 N: <-> \Device\Harddisk0\DR0\Partition11
19:38:50.0866 3812 ============================================================
19:38:50.0866 3812 Initialize success
19:38:50.0866 3812 ============================================================
19:39:41.0675 2836 ============================================================
19:39:41.0675 2836 Scan started
19:39:41.0675 2836 Mode: Manual; SigCheck; TDLFS;
19:39:41.0675 2836 ============================================================
19:39:42.0206 2836 ================ Scan system memory ========================
19:39:42.0206 2836 System memory - ok
19:39:42.0206 2836 ================ Scan services =============================
19:39:42.0315 2836 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:39:42.0393 2836 ACPI - ok
19:39:42.0455 2836 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:42.0455 2836 AdobeARMservice - ok
19:39:42.0486 2836 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:39:42.0518 2836 adp94xx - ok
19:39:42.0533 2836 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:39:42.0564 2836 adpahci - ok
19:39:42.0580 2836 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:39:42.0596 2836 adpu160m - ok
19:39:42.0611 2836 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:39:42.0611 2836 adpu320 - ok
19:39:42.0642 2836 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:39:42.0720 2836 AeLookupSvc - ok
19:39:42.0752 2836 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
19:39:42.0783 2836 AFD - ok
19:39:42.0798 2836 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:39:42.0798 2836 agp440 - ok
19:39:42.0814 2836 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:39:42.0830 2836 aic78xx - ok
19:39:42.0845 2836 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
19:39:42.0939 2836 ALG - ok
19:39:42.0954 2836 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
19:39:42.0970 2836 aliide - ok
19:39:42.0986 2836 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:43.0048 2836 AMD External Events Utility - ok
19:39:43.0095 2836 AMD FUEL Service - ok
19:39:43.0110 2836 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
19:39:43.0110 2836 amdide - ok
19:39:43.0126 2836 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:39:43.0142 2836 amdiox64 - ok
19:39:43.0142 2836 [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:39:43.0266 2836 AmdK8 - ok
19:39:43.0438 2836 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:43.0781 2836 amdkmdag - ok
19:39:43.0797 2836 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:43.0828 2836 amdkmdap - ok
19:39:43.0859 2836 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:39:43.0875 2836 AntiVirSchedulerService - ok
19:39:43.0890 2836 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:39:43.0890 2836 AntiVirService - ok
19:39:43.0922 2836 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:39:43.0937 2836 AntiVirWebService - ok
19:39:43.0984 2836 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:39:43.0984 2836 AODDriver4.1 - ok
19:39:44.0000 2836 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
19:39:44.0031 2836 Appinfo - ok
19:39:44.0046 2836 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys
19:39:44.0046 2836 arc - ok
19:39:44.0078 2836 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:39:44.0093 2836 arcsas - ok
19:39:44.0109 2836 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:44.0140 2836 AsyncMac - ok
19:39:44.0171 2836 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
19:39:44.0187 2836 atapi - ok
19:39:44.0202 2836 [ 917692CDF8E1CE00D9752FA40615338B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
19:39:44.0218 2836 AtiHDAudioService - ok
19:39:44.0249 2836 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:44.0280 2836 AudioEndpointBuilder - ok
19:39:44.0296 2836 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:39:44.0327 2836 AudioSrv - ok
19:39:44.0343 2836 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:39:44.0343 2836 avgntflt - ok
19:39:44.0358 2836 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:39:44.0374 2836 avipbb - ok
19:39:44.0374 2836 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:39:44.0390 2836 avkmgr - ok
19:39:44.0390 2836 blbdrive - ok
19:39:44.0405 2836 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:39:44.0421 2836 bowser - ok
19:39:44.0436 2836 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:39:44.0452 2836 BrFiltLo - ok
19:39:44.0468 2836 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:39:44.0499 2836 BrFiltUp - ok
19:39:44.0514 2836 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
19:39:44.0546 2836 Browser - ok
19:39:44.0561 2836 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
19:39:44.0608 2836 Brserid - ok
19:39:44.0624 2836 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:39:44.0655 2836 BrSerWdm - ok
19:39:44.0670 2836 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:39:44.0733 2836 BrUsbMdm - ok
19:39:44.0748 2836 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:39:44.0811 2836 BrUsbSer - ok
19:39:44.0826 2836 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:39:44.0858 2836 BTHMODEM - ok
19:39:44.0873 2836 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:39:44.0936 2836 cdfs - ok
19:39:44.0951 2836 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:39:44.0967 2836 cdrom - ok
19:39:44.0998 2836 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
19:39:45.0029 2836 CertPropSvc - ok
19:39:45.0029 2836 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys
19:39:45.0076 2836 circlass - ok
19:39:45.0092 2836 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
19:39:45.0107 2836 CLFS - ok
19:39:45.0170 2836 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:45.0170 2836 clr_optimization_v2.0.50727_32 - ok
19:39:45.0201 2836 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:45.0201 2836 clr_optimization_v2.0.50727_64 - ok
19:39:45.0216 2836 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:39:45.0216 2836 cmdide - ok
19:39:45.0232 2836 [ 0E77A445640BF310817F60941C50560C ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:39:45.0232 2836 Compbatt - ok
19:39:45.0248 2836 COMSysApp - ok
19:39:45.0248 2836 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:39:45.0248 2836 crcdisk - ok
19:39:45.0279 2836 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:39:45.0310 2836 CryptSvc - ok
19:39:45.0326 2836 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:39:45.0388 2836 DcomLaunch - ok
19:39:45.0419 2836 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:39:45.0450 2836 DfsC - ok
19:39:45.0513 2836 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
19:39:45.0653 2836 DFSR - ok
19:39:45.0669 2836 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:39:45.0700 2836 Dhcp - ok
19:39:45.0700 2836 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
19:39:45.0716 2836 disk - ok
19:39:45.0731 2836 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:39:45.0762 2836 Dnscache - ok
19:39:45.0778 2836 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
19:39:45.0794 2836 dot3svc - ok
19:39:45.0825 2836 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
19:39:45.0872 2836 DPS - ok
19:39:45.0887 2836 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:39:45.0918 2836 drmkaud - ok
19:39:45.0950 2836 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:39:45.0981 2836 DXGKrnl - ok
19:39:46.0012 2836 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:39:46.0043 2836 E1G60 - ok
19:39:46.0090 2836 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
19:39:46.0121 2836 EapHost - ok
19:39:46.0152 2836 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
19:39:46.0152 2836 Ecache - ok
19:39:46.0184 2836 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:39:46.0230 2836 ehRecvr - ok
19:39:46.0246 2836 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
19:39:46.0262 2836 ehSched - ok
19:39:46.0277 2836 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
19:39:46.0308 2836 ehstart - ok
19:39:46.0324 2836 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:39:46.0340 2836 elxstor - ok
19:39:46.0355 2836 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:39:46.0386 2836 EMDMgmt - ok
19:39:46.0402 2836 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
19:39:46.0449 2836 EventSystem - ok
19:39:46.0464 2836 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
19:39:46.0480 2836 exfat - ok
19:39:46.0496 2836 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:39:46.0511 2836 fastfat - ok
19:39:46.0527 2836 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:39:46.0558 2836 fdc - ok
19:39:46.0589 2836 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
19:39:46.0605 2836 fdPHost - ok
19:39:46.0636 2836 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
19:39:46.0667 2836 FDResPub - ok
19:39:46.0698 2836 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:39:46.0714 2836 FileInfo - ok
19:39:46.0730 2836 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:39:46.0745 2836 Filetrace - ok
19:39:46.0792 2836 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:46.0808 2836 flpydisk - ok
19:39:46.0823 2836 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:39:46.0839 2836 FltMgr - ok
19:39:46.0870 2836 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
19:39:46.0932 2836 FontCache - ok
19:39:46.0964 2836 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:46.0964 2836 FontCache3.0.0.0 - ok
19:39:47.0010 2836 [ 03EC8C6EEB24E245DAD858C9FC6A1B68 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\bin32\nSvcAppFlt.exe
19:39:47.0042 2836 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
19:39:47.0042 2836 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
19:39:47.0073 2836 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:39:47.0088 2836 Fs_Rec - ok
19:39:47.0104 2836 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:39:47.0120 2836 gagp30kx - ok
19:39:47.0135 2836 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
19:39:47.0182 2836 gpsvc - ok
19:39:47.0213 2836 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:47.0260 2836 HdAudAddService - ok
19:39:47.0291 2836 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:39:47.0338 2836 HDAudBus - ok
19:39:47.0338 2836 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:39:47.0385 2836 HidBth - ok
19:39:47.0400 2836 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:39:47.0432 2836 HidIr - ok
19:39:47.0447 2836 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
19:39:47.0463 2836 hidserv - ok
19:39:47.0478 2836 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:39:47.0494 2836 HidUsb - ok
19:39:47.0525 2836 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
19:39:47.0541 2836 hkmsvc - ok
19:39:47.0556 2836 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:39:47.0572 2836 HpCISSs - ok
19:39:47.0603 2836 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:39:47.0634 2836 HTTP - ok
19:39:47.0650 2836 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:39:47.0650 2836 i2omp - ok
19:39:47.0681 2836 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:39:47.0712 2836 i8042prt - ok
19:39:47.0728 2836 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:39:47.0728 2836 iaStorV - ok
19:39:47.0759 2836 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:47.0790 2836 idsvc - ok
19:39:47.0837 2836 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:39:47.0837 2836 iirsp - ok
19:39:47.0868 2836 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
19:39:47.0915 2836 IKEEXT - ok
19:39:47.0993 2836 [ FFC65872F4B0A1075B2AB16C676A4AEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:39:48.0024 2836 IntcAzAudAddService - ok
19:39:48.0056 2836 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys
19:39:48.0071 2836 intelide - ok
19:39:48.0071 2836 [ CD802075728E514548841DCC3F8B0220 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:39:48.0118 2836 intelppm - ok
19:39:48.0149 2836 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:39:48.0165 2836 IPBusEnum - ok
19:39:48.0180 2836 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:48.0196 2836 IpFilterDriver - ok
19:39:48.0212 2836 IpInIp - ok
19:39:48.0212 2836 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:39:48.0258 2836 IPMIDRV - ok
19:39:48.0274 2836 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:39:48.0305 2836 IPNAT - ok
19:39:48.0305 2836 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:39:48.0336 2836 IRENUM - ok
19:39:48.0336 2836 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:39:48.0352 2836 isapnp - ok
19:39:48.0368 2836 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:39:48.0383 2836 iScsiPrt - ok
19:39:48.0399 2836 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:39:48.0399 2836 iteatapi - ok
19:39:48.0414 2836 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:39:48.0414 2836 iteraid - ok
19:39:48.0430 2836 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:48.0446 2836 kbdclass - ok
19:39:48.0446 2836 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:48.0477 2836 kbdhid - ok
19:39:48.0492 2836 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
19:39:48.0508 2836 KeyIso - ok
19:39:48.0539 2836 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:39:48.0555 2836 KSecDD - ok
19:39:48.0602 2836 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:39:48.0633 2836 ksthunk - ok
19:39:48.0648 2836 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
19:39:48.0695 2836 KtmRm - ok
19:39:48.0711 2836 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:39:48.0726 2836 LanmanServer - ok
19:39:48.0742 2836 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:48.0758 2836 LanmanWorkstation - ok
19:39:48.0773 2836 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:39:48.0804 2836 lltdio - ok
19:39:48.0836 2836 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:39:48.0867 2836 lltdsvc - ok
19:39:48.0882 2836 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:39:48.0898 2836 lmhosts - ok
19:39:48.0929 2836 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:39:48.0929 2836 LSI_FC - ok
19:39:48.0945 2836 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:39:48.0945 2836 LSI_SAS - ok
19:39:48.0960 2836 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:39:48.0960 2836 LSI_SCSI - ok
19:39:48.0976 2836 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
19:39:49.0023 2836 luafv - ok
19:39:49.0054 2836 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:39:49.0070 2836 MBAMProtector - ok
19:39:49.0101 2836 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:39:49.0116 2836 MBAMService - ok
19:39:49.0163 2836 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
19:39:49.0179 2836 McComponentHostService - ok
19:39:49.0194 2836 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:39:49.0210 2836 Mcx2Svc - ok
19:39:49.0226 2836 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys
19:39:49.0226 2836 megasas - ok
19:39:49.0257 2836 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
19:39:49.0288 2836 MMCSS - ok
19:39:49.0304 2836 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
19:39:49.0335 2836 Modem - ok
19:39:49.0366 2836 [ 505BDF0B6529338189D6FD3959EE3A89 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:39:49.0413 2836 monitor - ok
19:39:49.0428 2836 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:39:49.0444 2836 mouclass - ok
19:39:49.0444 2836 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:39:49.0491 2836 mouhid - ok
19:39:49.0506 2836 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:39:49.0522 2836 MountMgr - ok
19:39:49.0538 2836 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:39:49.0553 2836 MozillaMaintenance - ok
19:39:49.0569 2836 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys
19:39:49.0569 2836 mpio - ok
19:39:49.0600 2836 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:39:49.0616 2836 mpsdrv - ok
19:39:49.0631 2836 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:39:49.0631 2836 Mraid35x - ok
19:39:49.0647 2836 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:39:49.0662 2836 MRxDAV - ok
19:39:49.0678 2836 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:49.0694 2836 mrxsmb - ok
19:39:49.0725 2836 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:49.0725 2836 mrxsmb10 - ok
19:39:49.0740 2836 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:49.0756 2836 mrxsmb20 - ok
19:39:49.0772 2836 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys
19:39:49.0772 2836 msahci - ok
19:39:49.0787 2836 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:39:49.0787 2836 msdsm - ok
19:39:49.0803 2836 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
19:39:49.0834 2836 MSDTC - ok
19:39:49.0850 2836 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:39:49.0881 2836 Msfs - ok
19:39:49.0896 2836 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:39:49.0912 2836 msisadrv - ok
19:39:49.0928 2836 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:39:49.0959 2836 MSiSCSI - ok
19:39:49.0959 2836 msiserver - ok
19:39:49.0974 2836 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:39:49.0990 2836 MSKSSRV - ok
19:39:50.0006 2836 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:50.0037 2836 MSPCLOCK - ok
19:39:50.0052 2836 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:39:50.0084 2836 MSPQM - ok
19:39:50.0099 2836 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:39:50.0115 2836 MsRPC - ok
19:39:50.0130 2836 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:39:50.0130 2836 mssmbios - ok
19:39:50.0162 2836 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:39:50.0177 2836 MSTEE - ok
19:39:50.0208 2836 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:39:50.0224 2836 MTsensor - ok
19:39:50.0224 2836 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
19:39:50.0240 2836 Mup - ok
19:39:50.0255 2836 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
19:39:50.0302 2836 napagent - ok
19:39:50.0318 2836 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:39:50.0333 2836 NativeWifiP - ok
19:39:50.0349 2836 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:39:50.0380 2836 NDIS - ok
19:39:50.0411 2836 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:50.0442 2836 NdisTapi - ok
19:39:50.0458 2836 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:50.0489 2836 Ndisuio - ok
19:39:50.0489 2836 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:50.0520 2836 NdisWan - ok
19:39:50.0552 2836 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:39:50.0583 2836 NDProxy - ok
19:39:50.0598 2836 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:39:50.0614 2836 NetBIOS - ok
19:39:50.0630 2836 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:39:50.0645 2836 netbt - ok
19:39:50.0661 2836 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
19:39:50.0676 2836 Netlogon - ok
19:39:50.0692 2836 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
19:39:50.0739 2836 Netman - ok
19:39:50.0770 2836 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
19:39:50.0801 2836 netprofm - ok
19:39:50.0832 2836 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:50.0848 2836 NetTcpPortSharing - ok
19:39:50.0864 2836 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:39:50.0879 2836 nfrd960 - ok
19:39:50.0895 2836 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
19:39:50.0926 2836 NlaSvc - ok
19:39:50.0973 2836 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
19:39:50.0988 2836 NMSAccess - ok
19:39:51.0004 2836 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:39:51.0035 2836 Npfs - ok
19:39:51.0051 2836 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
19:39:51.0082 2836 nsi - ok
19:39:51.0098 2836 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:39:51.0129 2836 nsiproxy - ok
19:39:51.0160 2836 [ C5117E7FF9F373AD470CE5379617F464 ] nSvcIp C:\Program Files\bin32\nSvcIp.exe
19:39:51.0160 2836 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
19:39:51.0160 2836 nSvcIp - detected UnsignedFile.Multi.Generic (1)
19:39:51.0191 2836 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:39:51.0254 2836 Ntfs - ok
19:39:51.0269 2836 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
19:39:51.0300 2836 Null - ok
19:39:51.0316 2836 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:39:51.0332 2836 nusb3hub - ok
19:39:51.0363 2836 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:39:51.0394 2836 nusb3xhc - ok
19:39:51.0425 2836 [ CF2A023F422CE6E43302B139E4B87B05 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:39:51.0425 2836 NVENETFD - ok
19:39:51.0441 2836 [ 87A7E98A682B0B20820BE781C7758B94 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:39:51.0456 2836 NVHDA - ok
19:39:51.0472 2836 [ CF2A023F422CE6E43302B139E4B87B05 ] NVNET C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:39:51.0503 2836 NVNET - ok
19:39:51.0534 2836 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:39:51.0550 2836 nvraid - ok
19:39:51.0566 2836 [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
19:39:51.0566 2836 nvsmu - ok
19:39:51.0581 2836 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:39:51.0581 2836 nvstor - ok
19:39:51.0597 2836 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:39:51.0597 2836 nv_agp - ok
19:39:51.0597 2836 NwlnkFlt - ok
19:39:51.0612 2836 NwlnkFwd - ok
19:39:51.0628 2836 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:39:51.0659 2836 ohci1394 - ok
19:39:51.0690 2836 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:39:51.0753 2836 p2pimsvc - ok
19:39:51.0768 2836 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
19:39:51.0784 2836 p2psvc - ok
19:39:51.0800 2836 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
19:39:51.0846 2836 Parport - ok
19:39:51.0878 2836 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:39:51.0878 2836 partmgr - ok
19:39:51.0893 2836 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
19:39:51.0924 2836 PcaSvc - ok
19:39:51.0940 2836 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
19:39:51.0956 2836 pci - ok
19:39:51.0956 2836 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
19:39:51.0971 2836 pciide - ok
19:39:51.0987 2836 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:39:51.0987 2836 pcmcia - ok
19:39:52.0002 2836 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:39:52.0065 2836 PEAUTH - ok
19:39:52.0127 2836 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:39:52.0158 2836 PerfHost - ok
19:39:52.0205 2836 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
19:39:52.0268 2836 pla - ok
19:39:52.0299 2836 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:39:52.0314 2836 PlugPlay - ok
19:39:52.0346 2836 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:39:52.0377 2836 PNRPAutoReg - ok
19:39:52.0377 2836 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:39:52.0392 2836 PNRPsvc - ok
19:39:52.0424 2836 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:39:52.0470 2836 PolicyAgent - ok
19:39:52.0502 2836 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:39:52.0533 2836 PptpMiniport - ok
19:39:52.0548 2836 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:39:52.0564 2836 Processor - ok
19:39:52.0595 2836 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
19:39:52.0611 2836 ProfSvc - ok
19:39:52.0626 2836 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:52.0642 2836 ProtectedStorage - ok
19:39:52.0658 2836 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:39:52.0673 2836 PSched - ok
19:39:52.0704 2836 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:39:52.0736 2836 ql2300 - ok
19:39:52.0767 2836 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:39:52.0767 2836 ql40xx - ok
19:39:52.0798 2836 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
19:39:52.0814 2836 QWAVE - ok
19:39:52.0829 2836 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:39:52.0845 2836 QWAVEdrv - ok
19:39:52.0860 2836 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:39:52.0892 2836 RasAcd - ok
19:39:52.0923 2836 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
19:39:52.0954 2836 RasAuto - ok
19:39:52.0970 2836 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:53.0001 2836 Rasl2tp - ok
19:39:53.0016 2836 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
19:39:53.0032 2836 RasMan - ok
19:39:53.0032 2836 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:53.0063 2836 RasPppoe - ok
19:39:53.0063 2836 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:39:53.0079 2836 RasSstp - ok
19:39:53.0094 2836 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:39:53.0110 2836 rdbss - ok
19:39:53.0126 2836 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:53.0157 2836 RDPCDD - ok
19:39:53.0172 2836 [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:39:53.0235 2836 rdpdr - ok
19:39:53.0235 2836 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:39:53.0266 2836 RDPENCDD - ok
19:39:53.0282 2836 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:39:53.0313 2836 RDPWD - ok
19:39:53.0328 2836 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:39:53.0360 2836 RemoteAccess - ok
19:39:53.0375 2836 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:39:53.0391 2836 RemoteRegistry - ok
19:39:53.0406 2836 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
19:39:53.0438 2836 RpcLocator - ok
19:39:53.0453 2836 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
19:39:53.0484 2836 RpcSs - ok
19:39:53.0516 2836 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:39:53.0531 2836 rspndr - ok
19:39:53.0547 2836 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
19:39:53.0562 2836 SamSs - ok
19:39:53.0562 2836 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:39:53.0578 2836 sbp2port - ok
19:39:53.0594 2836 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:39:53.0625 2836 SCardSvr - ok
19:39:53.0640 2836 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
19:39:53.0703 2836 Schedule - ok
19:39:53.0718 2836 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:39:53.0750 2836 SCPolicySvc - ok
19:39:53.0765 2836 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:39:53.0796 2836 SDRSVC - ok
19:39:53.0796 2836 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:39:53.0843 2836 secdrv - ok
19:39:53.0874 2836 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
19:39:53.0906 2836 seclogon - ok
19:39:53.0921 2836 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
19:39:53.0952 2836 SENS - ok
19:39:53.0968 2836 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:39:53.0999 2836 Serenum - ok
19:39:54.0030 2836 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:39:54.0062 2836 Serial - ok
19:39:54.0062 2836 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:39:54.0093 2836 sermouse - ok
19:39:54.0108 2836 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
19:39:54.0140 2836 SessionEnv - ok
19:39:54.0155 2836 [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:39:54.0202 2836 sffdisk - ok
19:39:54.0202 2836 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:39:54.0233 2836 sffp_mmc - ok
19:39:54.0249 2836 [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:39:54.0280 2836 sffp_sd - ok
19:39:54.0296 2836 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:39:54.0327 2836 sfloppy - ok
19:39:54.0358 2836 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:54.0374 2836 ShellHWDetection - ok
19:39:54.0374 2836 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:39:54.0389 2836 SiSRaid2 - ok
19:39:54.0389 2836 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:39:54.0405 2836 SiSRaid4 - ok
19:39:54.0452 2836 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
19:39:54.0530 2836 slsvc - ok
19:39:54.0545 2836 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:39:54.0561 2836 SLUINotify - ok
19:39:54.0576 2836 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:39:54.0592 2836 Smb - ok
19:39:54.0623 2836 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:39:54.0639 2836 SNMPTRAP - ok
19:39:54.0654 2836 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
19:39:54.0654 2836 spldr - ok
19:39:54.0686 2836 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
19:39:54.0701 2836 Spooler - ok
19:39:54.0732 2836 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:39:54.0764 2836 srv - ok
19:39:54.0779 2836 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:39:54.0810 2836 srv2 - ok
19:39:54.0826 2836 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:39:54.0842 2836 srvnet - ok
19:39:54.0873 2836 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:39:54.0920 2836 SSDPSRV - ok
19:39:54.0935 2836 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:39:54.0951 2836 SstpSvc - ok
19:39:54.0998 2836 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
19:39:54.0998 2836 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:39:54.0998 2836 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:39:55.0013 2836 Steam Client Service - ok
19:39:55.0029 2836 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
19:39:55.0060 2836 stisvc - ok
19:39:55.0076 2836 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:39:55.0076 2836 swenum - ok
19:39:55.0091 2836 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
19:39:55.0138 2836 swprv - ok
19:39:55.0154 2836 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:39:55.0154 2836 Symc8xx - ok
19:39:55.0154 2836 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:39:55.0169 2836 Sym_hi - ok
19:39:55.0169 2836 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:39:55.0185 2836 Sym_u3 - ok
19:39:55.0200 2836 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
19:39:55.0247 2836 SysMain - ok
19:39:55.0263 2836 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:39:55.0278 2836 TabletInputService - ok
19:39:55.0294 2836 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:39:55.0325 2836 TapiSrv - ok
19:39:55.0341 2836 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
19:39:55.0372 2836 TBS - ok
19:39:55.0434 2836 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:39:55.0466 2836 Tcpip - ok
19:39:55.0528 2836 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:39:55.0575 2836 Tcpip6 - ok
19:39:55.0606 2836 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:39:55.0622 2836 tcpipreg - ok
19:39:55.0653 2836 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:39:55.0684 2836 TDPIPE - ok
19:39:55.0731 2836 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:39:55.0762 2836 TDTCP - ok
19:39:55.0778 2836 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:39:55.0793 2836 tdx - ok
19:39:55.0809 2836 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:39:55.0824 2836 TermDD - ok
19:39:55.0840 2836 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
19:39:55.0871 2836 TermService - ok
19:39:55.0887 2836 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
19:39:55.0902 2836 Themes - ok
19:39:55.0918 2836 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
19:39:55.0934 2836 THREADORDER - ok
19:39:55.0965 2836 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
19:39:55.0996 2836 TrkWks - ok
19:39:56.0027 2836 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:39:56.0043 2836 TrustedInstaller - ok
19:39:56.0043 2836 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:56.0074 2836 tssecsrv - ok
19:39:56.0090 2836 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:39:56.0105 2836 tunmp - ok
19:39:56.0121 2836 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:39:56.0136 2836 tunnel - ok
19:39:56.0152 2836 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:39:56.0152 2836 uagp35 - ok
19:39:56.0168 2836 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:39:56.0199 2836 udfs - ok
19:39:56.0214 2836 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:39:56.0246 2836 UI0Detect - ok
19:39:56.0246 2836 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:39:56.0261 2836 uliagpkx - ok
19:39:56.0277 2836 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:39:56.0292 2836 uliahci - ok
19:39:56.0292 2836 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:39:56.0308 2836 UlSata - ok
19:39:56.0324 2836 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:39:56.0324 2836 ulsata2 - ok
19:39:56.0355 2836 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:39:56.0386 2836 umbus - ok
19:39:56.0386 2836 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
19:39:56.0433 2836 upnphost - ok
19:39:56.0480 2836 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:56.0511 2836 usbccgp - ok
19:39:56.0526 2836 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:39:56.0573 2836 usbcir - ok
19:39:56.0589 2836 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:39:56.0604 2836 usbehci - ok
19:39:56.0620 2836 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:39:56.0636 2836 usbhub - ok
19:39:56.0651 2836 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:39:56.0667 2836 usbohci - ok
19:39:56.0682 2836 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:39:56.0714 2836 usbprint - ok
19:39:56.0714 2836 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:56.0745 2836 USBSTOR - ok
19:39:56.0745 2836 [ 7BF55D2538740B25936E93553E5D190D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:56.0792 2836 usbuhci - ok
19:39:56.0823 2836 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
19:39:56.0854 2836 UxSms - ok
19:39:56.0885 2836 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
19:39:56.0901 2836 vds - ok
19:39:56.0916 2836 [ 2998DC48905E9B4821AD8FD75B3E070C ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:56.0963 2836 vga - ok
19:39:56.0994 2836 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:39:57.0026 2836 VgaSave - ok
19:39:57.0041 2836 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
19:39:57.0041 2836 viaide - ok
19:39:57.0057 2836 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:39:57.0072 2836 volmgr - ok
19:39:57.0088 2836 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:39:57.0119 2836 volmgrx - ok
19:39:57.0150 2836 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:39:57.0166 2836 volsnap - ok
19:39:57.0166 2836 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:39:57.0182 2836 vsmraid - ok
19:39:57.0197 2836 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
19:39:57.0260 2836 VSS - ok
19:39:57.0306 2836 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
19:39:57.0353 2836 W32Time - ok
19:39:57.0353 2836 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:39:57.0400 2836 WacomPen - ok
19:39:57.0431 2836 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:39:57.0447 2836 Wanarp - ok
19:39:57.0447 2836 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:39:57.0462 2836 Wanarpv6 - ok
19:39:57.0478 2836 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:39:57.0509 2836 wcncsvc - ok
19:39:57.0540 2836 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:39:57.0556 2836 WcsPlugInService - ok
19:39:57.0572 2836 [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd C:\Windows\system32\drivers\wd.sys
19:39:57.0587 2836 Wd - ok
19:39:57.0603 2836 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:39:57.0618 2836 Wdf01000 - ok
19:39:57.0650 2836 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:39:57.0681 2836 WdiServiceHost - ok
19:39:57.0681 2836 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:39:57.0712 2836 WdiSystemHost - ok
19:39:57.0728 2836 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
19:39:57.0743 2836 WebClient - ok
19:39:57.0743 2836 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:39:57.0774 2836 Wecsvc - ok
19:39:57.0774 2836 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:39:57.0806 2836 wercplsupport - ok
19:39:57.0821 2836 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
19:39:57.0837 2836 WerSvc - ok
19:39:57.0852 2836 WinHttpAutoProxySvc - ok
19:39:57.0868 2836 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:39:57.0899 2836 Winmgmt - ok
19:39:57.0915 2836 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
19:39:57.0977 2836 WinRM - ok
19:39:58.0008 2836 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:39:58.0040 2836 Wlansvc - ok
19:39:58.0055 2836 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:39:58.0071 2836 WmiAcpi - ok
19:39:58.0086 2836 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:39:58.0118 2836 wmiApSrv - ok
19:39:58.0133 2836 WMPNetworkSvc - ok
19:39:58.0149 2836 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:39:58.0180 2836 WPCSvc - ok
19:39:58.0196 2836 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:39:58.0227 2836 WPDBusEnum - ok
19:39:58.0242 2836 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:39:58.0274 2836 ws2ifsl - ok
19:39:58.0274 2836 WSearch - ok
19:39:58.0320 2836 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:58.0352 2836 WUDFRd - ok
19:39:58.0367 2836 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:39:58.0398 2836 wudfsvc - ok
19:39:58.0398 2836 ================ Scan global ===============================
19:39:58.0430 2836 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:39:58.0445 2836 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:39:58.0461 2836 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:39:58.0476 2836 [ BC81150939BD52DBC7A08C245F1FB229 ] C:\Windows\system32\services.exe
19:39:58.0492 2836 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
19:39:58.0492 2836 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
19:39:58.0492 2836 ================ Scan MBR ==================================
19:39:58.0492 2836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:39:58.0757 2836 \Device\Harddisk0\DR0 - ok
19:39:58.0757 2836 ================ Scan VBR ==================================
19:39:58.0757 2836 [ AF6E1B78A52D7BA39B03D6839392A6AC ] \Device\Harddisk0\DR0\Partition1
19:39:58.0757 2836 \Device\Harddisk0\DR0\Partition1 - ok
19:39:58.0757 2836 [ 9192F4C5E5167E0E4F5D58027EEF9CC6 ] \Device\Harddisk0\DR0\Partition2
19:39:58.0757 2836 \Device\Harddisk0\DR0\Partition2 - ok
19:39:58.0773 2836 [ 51C6248CC81C7F876BAADB6A7D60D8E2 ] \Device\Harddisk0\DR0\Partition3
19:39:58.0773 2836 \Device\Harddisk0\DR0\Partition3 - ok
19:39:58.0788 2836 [ 498AA62793B74B1F1A17E47DCF0E559C ] \Device\Harddisk0\DR0\Partition4
19:39:58.0788 2836 \Device\Harddisk0\DR0\Partition4 - ok
19:39:58.0804 2836 [ E11473E0B50B173780451F496E581DD6 ] \Device\Harddisk0\DR0\Partition5
19:39:58.0804 2836 \Device\Harddisk0\DR0\Partition5 - ok
19:39:58.0820 2836 [ FA17E132BE096306B4A5C1A3189FEAD7 ] \Device\Harddisk0\DR0\Partition6
19:39:58.0820 2836 \Device\Harddisk0\DR0\Partition6 - ok
19:39:58.0835 2836 [ 4127A635E2FC156B1977278DBA3F0E05 ] \Device\Harddisk0\DR0\Partition7
19:39:58.0835 2836 \Device\Harddisk0\DR0\Partition7 - ok
19:39:58.0851 2836 [ 786605C9B7834E6863169016846DAD5F ] \Device\Harddisk0\DR0\Partition8
19:39:58.0851 2836 \Device\Harddisk0\DR0\Partition8 - ok
19:39:58.0866 2836 [ 68C1B7EECECD056403307EF614CAF735 ] \Device\Harddisk0\DR0\Partition9
19:39:58.0866 2836 \Device\Harddisk0\DR0\Partition9 - ok
19:39:58.0866 2836 [ 60A105906FC38A9CDD8E99388A79BF70 ] \Device\Harddisk0\DR0\Partition10
19:39:58.0882 2836 \Device\Harddisk0\DR0\Partition10 - ok
19:39:58.0882 2836 [ 0318AA29F92E3374646BBEE7D566DA44 ] \Device\Harddisk0\DR0\Partition11
19:39:58.0882 2836 \Device\Harddisk0\DR0\Partition11 - ok
19:39:58.0882 2836 ============================================================
19:39:58.0882 2836 Scan finished
19:39:58.0882 2836 ============================================================
19:39:58.0898 2568 Detected object count: 4
19:39:58.0898 2568 Actual detected object count: 4
19:40:23.0452 2568 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:23.0452 2568 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:23.0452 2568 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:23.0452 2568 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:23.0452 2568 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:23.0452 2568 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:23.0452 2568 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
19:40:23.0452 2568 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
19:40:34.0778 1448 ============================================================
19:40:34.0778 1448 Scan started
19:40:34.0778 1448 Mode: Manual; SigCheck; TDLFS;
19:40:34.0778 1448 ============================================================
19:40:35.0277 1448 ================ Scan system memory ========================
19:40:35.0277 1448 System memory - ok
19:40:35.0277 1448 ================ Scan services =============================
19:40:35.0370 1448 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:40:35.0386 1448 ACPI - ok
19:40:35.0448 1448 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:40:35.0448 1448 AdobeARMservice - ok
19:40:35.0480 1448 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:40:35.0495 1448 adp94xx - ok
19:40:35.0511 1448 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:40:35.0526 1448 adpahci - ok
19:40:35.0542 1448 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:40:35.0542 1448 adpu160m - ok
19:40:35.0558 1448 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:40:35.0558 1448 adpu320 - ok
19:40:35.0589 1448 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:40:35.0604 1448 AeLookupSvc - ok
19:40:35.0620 1448 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
19:40:35.0636 1448 AFD - ok
19:40:35.0667 1448 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:40:35.0682 1448 agp440 - ok
19:40:35.0698 1448 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:40:35.0698 1448 aic78xx - ok
19:40:35.0714 1448 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
19:40:35.0745 1448 ALG - ok
19:40:35.0776 1448 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
19:40:35.0776 1448 aliide - ok
19:40:35.0792 1448 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:40:35.0807 1448 AMD External Events Utility - ok
19:40:35.0854 1448 AMD FUEL Service - ok
19:40:35.0854 1448 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
19:40:35.0870 1448 amdide - ok
19:40:35.0870 1448 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:40:35.0885 1448 amdiox64 - ok
19:40:35.0885 1448 [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:40:35.0932 1448 AmdK8 - ok
19:40:36.0088 1448 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:40:36.0322 1448 amdkmdag - ok
19:40:36.0338 1448 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:40:36.0353 1448 amdkmdap - ok
19:40:36.0384 1448 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:40:36.0384 1448 AntiVirSchedulerService - ok
19:40:36.0400 1448 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:40:36.0400 1448 AntiVirService - ok
19:40:36.0416 1448 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:40:36.0431 1448 AntiVirWebService - ok
19:40:36.0447 1448 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:40:36.0447 1448 AODDriver4.1 - ok
19:40:36.0462 1448 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
19:40:36.0478 1448 Appinfo - ok
19:40:36.0478 1448 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys
19:40:36.0494 1448 arc - ok
19:40:36.0509 1448 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:40:36.0509 1448 arcsas - ok
19:40:36.0525 1448 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:36.0556 1448 AsyncMac - ok
19:40:36.0587 1448 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
19:40:36.0603 1448 atapi - ok
19:40:36.0618 1448 [ 917692CDF8E1CE00D9752FA40615338B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
19:40:36.0618 1448 AtiHDAudioService - ok
19:40:36.0650 1448 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:40:36.0665 1448 AudioEndpointBuilder - ok
19:40:36.0696 1448 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:40:36.0728 1448 AudioSrv - ok
19:40:36.0728 1448 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:40:36.0728 1448 avgntflt - ok
19:40:36.0759 1448 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:40:36.0759 1448 avipbb - ok
19:40:36.0774 1448 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:40:36.0774 1448 avkmgr - ok
19:40:36.0774 1448 blbdrive - ok
19:40:36.0790 1448 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:40:36.0806 1448 bowser - ok
19:40:36.0806 1448 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:40:36.0837 1448 BrFiltLo - ok
19:40:36.0837 1448 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:40:36.0852 1448 BrFiltUp - ok
19:40:36.0868 1448 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
19:40:36.0884 1448 Browser - ok
19:40:36.0915 1448 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
19:40:36.0946 1448 Brserid - ok
19:40:36.0962 1448 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:40:37.0008 1448 BrSerWdm - ok
19:40:37.0008 1448 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:40:37.0055 1448 BrUsbMdm - ok
19:40:37.0055 1448 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:40:37.0086 1448 BrUsbSer - ok
19:40:37.0102 1448 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:40:37.0133 1448 BTHMODEM - ok
19:40:37.0149 1448 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:40:37.0180 1448 cdfs - ok
19:40:37.0196 1448 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:40:37.0211 1448 cdrom - ok
19:40:37.0227 1448 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
19:40:37.0242 1448 CertPropSvc - ok
19:40:37.0242 1448 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys
19:40:37.0289 1448 circlass - ok
19:40:37.0305 1448 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
19:40:37.0320 1448 CLFS - ok
19:40:37.0367 1448 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:37.0383 1448 clr_optimization_v2.0.50727_32 - ok
19:40:37.0398 1448 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:40:37.0414 1448 clr_optimization_v2.0.50727_64 - ok
19:40:37.0414 1448 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:40:37.0414 1448 cmdide - ok
19:40:37.0430 1448 [ 0E77A445640BF310817F60941C50560C ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:40:37.0445 1448 Compbatt - ok
19:40:37.0445 1448 COMSysApp - ok
19:40:37.0445 1448 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:40:37.0445 1448 crcdisk - ok
19:40:37.0461 1448 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:40:37.0476 1448 CryptSvc - ok
19:40:37.0508 1448 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:40:37.0523 1448 DcomLaunch - ok
19:40:37.0554 1448 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:40:37.0554 1448 DfsC - ok
19:40:37.0617 1448 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
19:40:37.0679 1448 DFSR - ok
19:40:37.0695 1448 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:40:37.0710 1448 Dhcp - ok
19:40:37.0726 1448 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
19:40:37.0742 1448 disk - ok
19:40:37.0757 1448 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:40:37.0773 1448 Dnscache - ok
19:40:37.0773 1448 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
19:40:37.0804 1448 dot3svc - ok
19:40:37.0820 1448 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
19:40:37.0835 1448 DPS - ok
19:40:37.0851 1448 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:40:37.0866 1448 drmkaud - ok
19:40:37.0898 1448 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:40:37.0913 1448 DXGKrnl - ok
19:40:37.0944 1448 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:40:37.0976 1448 E1G60 - ok
19:40:37.0991 1448 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
19:40:38.0022 1448 EapHost - ok
19:40:38.0022 1448 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
19:40:38.0038 1448 Ecache - ok
19:40:38.0069 1448 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:40:38.0085 1448 ehRecvr - ok
19:40:38.0116 1448 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
19:40:38.0116 1448 ehSched - ok
19:40:38.0132 1448 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
19:40:38.0132 1448 ehstart - ok
19:40:38.0163 1448 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:40:38.0163 1448 elxstor - ok
19:40:38.0194 1448 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:40:38.0210 1448 EMDMgmt - ok
19:40:38.0225 1448 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
19:40:38.0256 1448 EventSystem - ok
19:40:38.0288 1448 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
19:40:38.0288 1448 exfat - ok
19:40:38.0303 1448 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:40:38.0319 1448 fastfat - ok
19:40:38.0334 1448 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:40:38.0366 1448 fdc - ok
19:40:38.0397 1448 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
19:40:38.0428 1448 fdPHost - ok
19:40:38.0444 1448 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
19:40:38.0475 1448 FDResPub - ok
19:40:38.0490 1448 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:40:38.0490 1448 FileInfo - ok
19:40:38.0506 1448 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:40:38.0537 1448 Filetrace - ok
19:40:38.0537 1448 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:38.0568 1448 flpydisk - ok
19:40:38.0584 1448 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:40:38.0600 1448 FltMgr - ok
19:40:38.0631 1448 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
19:40:38.0646 1448 FontCache - ok
19:40:38.0678 1448 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:40:38.0693 1448 FontCache3.0.0.0 - ok
19:40:38.0709 1448 [ 03EC8C6EEB24E245DAD858C9FC6A1B68 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\bin32\nSvcAppFlt.exe
19:40:38.0724 1448 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
19:40:38.0724 1448 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
19:40:38.0740 1448 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:40:38.0756 1448 Fs_Rec - ok
19:40:38.0787 1448 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:40:38.0802 1448 gagp30kx - ok
19:40:38.0834 1448 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
19:40:38.0865 1448 gpsvc - ok
19:40:38.0896 1448 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:40:38.0927 1448 HdAudAddService - ok
19:40:38.0958 1448 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:40:38.0990 1448 HDAudBus - ok
19:40:39.0005 1448 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:40:39.0036 1448 HidBth - ok
19:40:39.0052 1448 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:40:39.0083 1448 HidIr - ok
19:40:39.0099 1448 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
19:40:39.0114 1448 hidserv - ok
19:40:39.0114 1448 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:40:39.0146 1448 HidUsb - ok
19:40:39.0146 1448 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
19:40:39.0177 1448 hkmsvc - ok
19:40:39.0192 1448 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:40:39.0192 1448 HpCISSs - ok
19:40:39.0224 1448 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:40:39.0239 1448 HTTP - ok
19:40:39.0239 1448 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:40:39.0255 1448 i2omp - ok
19:40:39.0270 1448 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:40:39.0286 1448 i8042prt - ok
19:40:39.0302 1448 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:40:39.0302 1448 iaStorV - ok
19:40:39.0333 1448 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:40:39.0364 1448 idsvc - ok
19:40:39.0411 1448 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:40:39.0411 1448 iirsp - ok
19:40:39.0442 1448 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
19:40:39.0458 1448 IKEEXT - ok
19:40:39.0520 1448 [ FFC65872F4B0A1075B2AB16C676A4AEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:40:39.0551 1448 IntcAzAudAddService - ok
19:40:39.0567 1448 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys
19:40:39.0582 1448 intelide - ok
19:40:39.0598 1448 [ CD802075728E514548841DCC3F8B0220 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:40:39.0629 1448 intelppm - ok
19:40:39.0660 1448 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:40:39.0676 1448 IPBusEnum - ok
19:40:39.0692 1448 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:39.0707 1448 IpFilterDriver - ok
19:40:39.0707 1448 IpInIp - ok
19:40:39.0707 1448 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:40:39.0754 1448 IPMIDRV - ok
19:40:39.0770 1448 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:40:39.0801 1448 IPNAT - ok
19:40:39.0801 1448 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:40:39.0832 1448 IRENUM - ok
19:40:39.0832 1448 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:40:39.0848 1448 isapnp - ok
19:40:39.0848 1448 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:40:39.0863 1448 iScsiPrt - ok
19:40:39.0879 1448 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:40:39.0879 1448 iteatapi - ok
19:40:39.0894 1448 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:40:39.0894 1448 iteraid - ok
19:40:39.0910 1448 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:39.0926 1448 kbdclass - ok
19:40:39.0941 1448 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:39.0957 1448 kbdhid - ok
19:40:39.0957 1448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
19:40:39.0972 1448 KeyIso - ok
19:40:39.0988 1448 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:40:40.0019 1448 KSecDD - ok
19:40:40.0050 1448 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:40:40.0082 1448 ksthunk - ok
19:40:40.0097 1448 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
19:40:40.0113 1448 KtmRm - ok
19:40:40.0144 1448 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:40:40.0144 1448 LanmanServer - ok
19:40:40.0160 1448 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:40:40.0175 1448 LanmanWorkstation - ok
19:40:40.0191 1448 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:40:40.0222 1448 lltdio - ok
19:40:40.0238 1448 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:40:40.0269 1448 lltdsvc - ok
19:40:40.0269 1448 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:40:40.0300 1448 lmhosts - ok
19:40:40.0316 1448 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:40:40.0331 1448 LSI_FC - ok
19:40:40.0331 1448 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:40:40.0347 1448 LSI_SAS - ok
19:40:40.0347 1448 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:40:40.0362 1448 LSI_SCSI - ok
19:40:40.0378 1448 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
19:40:40.0394 1448 luafv - ok
19:40:40.0409 1448 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:40:40.0425 1448 MBAMProtector - ok
19:40:40.0456 1448 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:40:40.0487 1448 MBAMService - ok
19:40:40.0518 1448 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
19:40:40.0534 1448 McComponentHostService - ok
19:40:40.0550 1448 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:40:40.0565 1448 Mcx2Svc - ok
19:40:40.0565 1448 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys
19:40:40.0581 1448 megasas - ok
19:40:40.0596 1448 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
19:40:40.0628 1448 MMCSS - ok
19:40:40.0628 1448 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
19:40:40.0659 1448 Modem - ok
19:40:40.0674 1448 [ 505BDF0B6529338189D6FD3959EE3A89 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:40:40.0721 1448 monitor - ok
19:40:40.0737 1448 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:40:40.0752 1448 mouclass - ok
19:40:40.0752 1448 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:40:40.0784 1448 mouhid - ok
19:40:40.0784 1448 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:40:40.0799 1448 MountMgr - ok
19:40:40.0815 1448 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:40:40.0815 1448 MozillaMaintenance - ok
19:40:40.0830 1448 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys
19:40:40.0846 1448 mpio - ok
19:40:40.0862 1448 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:40:40.0877 1448 mpsdrv - ok
19:40:40.0893 1448 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:40:40.0893 1448 Mraid35x - ok
19:40:40.0908 1448 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:40:40.0908 1448 MRxDAV - ok
19:40:40.0924 1448 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:40.0940 1448 mrxsmb - ok
19:40:40.0940 1448 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:40.0955 1448 mrxsmb10 - ok
19:40:40.0955 1448 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:40.0971 1448 mrxsmb20 - ok
19:40:40.0971 1448 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys
19:40:40.0986 1448 msahci - ok
19:40:40.0986 1448 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:40:41.0002 1448 msdsm - ok
19:40:41.0002 1448 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
19:40:41.0033 1448 MSDTC - ok
19:40:41.0049 1448 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:40:41.0064 1448 Msfs - ok
19:40:41.0080 1448 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:40:41.0096 1448 msisadrv - ok
19:40:41.0111 1448 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:40:41.0127 1448 MSiSCSI - ok
19:40:41.0127 1448 msiserver - ok
19:40:41.0142 1448 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:40:41.0174 1448 MSKSSRV - ok
19:40:41.0174 1448 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:41.0205 1448 MSPCLOCK - ok
19:40:41.0205 1448 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:40:41.0236 1448 MSPQM - ok
19:40:41.0252 1448 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:40:41.0267 1448 MsRPC - ok
19:40:41.0283 1448 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:40:41.0283 1448 mssmbios - ok
19:40:41.0298 1448 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:40:41.0330 1448 MSTEE - ok
19:40:41.0345 1448 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:40:41.0345 1448 MTsensor - ok
19:40:41.0361 1448 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
19:40:41.0361 1448 Mup - ok
19:40:41.0392 1448 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
19:40:41.0423 1448 napagent - ok
19:40:41.0439 1448 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:40:41.0454 1448 NativeWifiP - ok
19:40:41.0454 1448 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:40:41.0486 1448 NDIS - ok
19:40:41.0486 1448 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:41.0517 1448 NdisTapi - ok
19:40:41.0532 1448 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:41.0548 1448 Ndisuio - ok
19:40:41.0564 1448 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:41.0579 1448 NdisWan - ok
19:40:41.0595 1448 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:40:41.0610 1448 NDProxy - ok
19:40:41.0610 1448 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:40:41.0642 1448 NetBIOS - ok
19:40:41.0642 1448 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:40:41.0673 1448 netbt - ok
19:40:41.0673 1448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
19:40:41.0673 1448 Netlogon - ok
19:40:41.0704 1448 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
19:40:41.0735 1448 Netman - ok
19:40:41.0751 1448 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
19:40:41.0782 1448 netprofm - ok
19:40:41.0798 1448 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:40:41.0798 1448 NetTcpPortSharing - ok
19:40:41.0829 1448 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:40:41.0844 1448 nfrd960 - ok
19:40:41.0860 1448 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
19:40:41.0891 1448 NlaSvc - ok
19:40:41.0954 1448 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess I:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
19:40:41.0969 1448 NMSAccess - ok
19:40:41.0985 1448 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:40:42.0000 1448 Npfs - ok
19:40:42.0016 1448 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
19:40:42.0047 1448 nsi - ok
19:40:42.0063 1448 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:40:42.0078 1448 nsiproxy - ok
19:40:42.0110 1448 [ C5117E7FF9F373AD470CE5379617F464 ] nSvcIp C:\Program Files\bin32\nSvcIp.exe
19:40:42.0110 1448 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
19:40:42.0110 1448 nSvcIp - detected UnsignedFile.Multi.Generic (1)
19:40:42.0141 1448 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:40:42.0188 1448 Ntfs - ok
19:40:42.0219 1448 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
19:40:42.0234 1448 Null - ok
19:40:42.0250 1448 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:40:42.0266 1448 nusb3hub - ok
19:40:42.0297 1448 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:40:42.0297 1448 nusb3xhc - ok
19:40:42.0328 1448 [ CF2A023F422CE6E43302B139E4B87B05 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:40:42.0344 1448 NVENETFD - ok
19:40:42.0344 1448 [ 87A7E98A682B0B20820BE781C7758B94 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:40:42.0359 1448 NVHDA - ok
19:40:42.0375 1448 [ CF2A023F422CE6E43302B139E4B87B05 ] NVNET C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:40:42.0390 1448 NVNET - ok
19:40:42.0422 1448 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:40:42.0437 1448 nvraid - ok
19:40:42.0453 1448 [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
19:40:42.0453 1448 nvsmu - ok
19:40:42.0468 1448 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:40:42.0468 1448 nvstor - ok
19:40:42.0484 1448 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:40:42.0484 1448 nv_agp - ok
19:40:42.0500 1448 NwlnkFlt - ok
19:40:42.0500 1448 NwlnkFwd - ok
19:40:42.0515 1448 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:40:42.0531 1448 ohci1394 - ok
19:40:42.0578 1448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:40:42.0593 1448 p2pimsvc - ok
19:40:42.0640 1448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
19:40:42.0656 1448 p2psvc - ok
19:40:42.0671 1448 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
19:40:42.0702 1448 Parport - ok
19:40:42.0718 1448 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:40:42.0734 1448 partmgr - ok
19:40:42.0749 1448 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
19:40:42.0749 1448 PcaSvc - ok
19:40:42.0765 1448 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
19:40:42.0780 1448 pci - ok
19:40:42.0780 1448 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
19:40:42.0796 1448 pciide - ok
19:40:42.0812 1448 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:40:42.0812 1448 pcmcia - ok
19:40:42.0827 1448 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:40:42.0874 1448 PEAUTH - ok
19:40:42.0936 1448 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:40:42.0968 1448 PerfHost - ok
19:40:42.0983 1448 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
19:40:43.0030 1448 pla - ok
19:40:43.0061 1448 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:40:43.0077 1448 PlugPlay - ok
19:40:43.0108 1448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:40:43.0124 1448 PNRPAutoReg - ok
19:40:43.0139 1448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:40:43.0155 1448 PNRPsvc - ok
19:40:43.0186 1448 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:40:43.0217 1448 PolicyAgent - ok
19:40:43.0248 1448 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:40:43.0264 1448 PptpMiniport - ok
19:40:43.0280 1448 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:40:43.0311 1448 Processor - ok
19:40:43.0326 1448 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
19:40:43.0342 1448 ProfSvc - ok
19:40:43.0342 1448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:43.0358 1448 ProtectedStorage - ok
19:40:43.0373 1448 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:40:43.0389 1448 PSched - ok
19:40:43.0420 1448 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:40:43.0436 1448 ql2300 - ok
19:40:43.0467 1448 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:40:43.0467 1448 ql40xx - ok
19:40:43.0482 1448 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
19:40:43.0498 1448 QWAVE - ok
19:40:43.0514 1448 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:40:43.0514 1448 QWAVEdrv - ok
19:40:43.0529 1448 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:40:43.0560 1448 RasAcd - ok
19:40:43.0576 1448 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
19:40:43.0607 1448 RasAuto - ok
19:40:43.0623 1448 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:43.0638 1448 Rasl2tp - ok
19:40:43.0654 1448 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
19:40:43.0670 1448 RasMan - ok
19:40:43.0670 1448 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:43.0701 1448 RasPppoe - ok
19:40:43.0701 1448 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:40:43.0701 1448 RasSstp - ok
19:40:43.0716 1448 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:40:43.0732 1448 rdbss - ok
19:40:43.0763 1448 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:43.0779 1448 RDPCDD - ok
19:40:43.0794 1448 [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:40:43.0841 1448 rdpdr - ok
19:40:43.0841 1448 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:40:43.0857 1448 RDPENCDD - ok
19:40:43.0872 1448 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:40:43.0888 1448 RDPWD - ok
19:40:43.0888 1448 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:40:43.0919 1448 RemoteAccess - ok
19:40:43.0935 1448 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:40:43.0950 1448 RemoteRegistry - ok
19:40:43.0966 1448 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
19:40:43.0982 1448 RpcLocator - ok
19:40:43.0997 1448 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
19:40:44.0028 1448 RpcSs - ok
19:40:44.0060 1448 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:40:44.0075 1448 rspndr - ok
19:40:44.0091 1448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
19:40:44.0091 1448 SamSs - ok
19:40:44.0106 1448 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:40:44.0106 1448 sbp2port - ok
19:40:44.0122 1448 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:40:44.0138 1448 SCardSvr - ok
19:40:44.0169 1448 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
19:40:44.0184 1448 Schedule - ok
19:40:44.0200 1448 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:40:44.0231 1448 SCPolicySvc - ok
19:40:44.0231 1448 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:40:44.0247 1448 SDRSVC - ok
19:40:44.0247 1448 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:40:44.0294 1448 secdrv - ok
19:40:44.0309 1448 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
19:40:44.0325 1448 seclogon - ok
19:40:44.0340 1448 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
19:40:44.0356 1448 SENS - ok
19:40:44.0372 1448 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:40:44.0403 1448 Serenum - ok
19:40:44.0418 1448 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:40:44.0434 1448 Serial - ok
19:40:44.0450 1448 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:40:44.0481 1448 sermouse - ok
19:40:44.0496 1448 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
19:40:44.0528 1448 SessionEnv - ok
19:40:44.0528 1448 [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:40:44.0574 1448 sffdisk - ok
19:40:44.0574 1448 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:40:44.0621 1448 sffp_mmc - ok
19:40:44.0621 1448 [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:40:44.0652 1448 sffp_sd - ok
19:40:44.0668 1448 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:40:44.0699 1448 sfloppy - ok
19:40:44.0715 1448 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:44.0730 1448 ShellHWDetection - ok
19:40:44.0746 1448 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:40:44.0746 1448 SiSRaid2 - ok
19:40:44.0762 1448 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:40:44.0762 1448 SiSRaid4 - ok
19:40:44.0824 1448 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
19:40:44.0886 1448 slsvc - ok
19:40:44.0902 1448 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:40:44.0918 1448 SLUINotify - ok
19:40:44.0933 1448 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:40:44.0949 1448 Smb - ok
19:40:44.0964 1448 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:40:44.0980 1448 SNMPTRAP - ok
19:40:44.0996 1448 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
19:40:44.0996 1448 spldr - ok
19:40:45.0027 1448 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
19:40:45.0027 1448 Spooler - ok
19:40:45.0058 1448 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:40:45.0058 1448 srv - ok
19:40:45.0074 1448 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:40:45.0089 1448 srv2 - ok
19:40:45.0089 1448 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:40:45.0105 1448 srvnet - ok
19:40:45.0120 1448 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:40:45.0152 1448 SSDPSRV - ok
19:40:45.0167 1448 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:40:45.0167 1448 SstpSvc - ok
19:40:45.0198 1448 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
19:40:45.0198 1448 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:40:45.0198 1448 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:40:45.0214 1448 Steam Client Service - ok
19:40:45.0230 1448 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
19:40:45.0245 1448 stisvc - ok
19:40:45.0261 1448 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:40:45.0261 1448 swenum - ok
19:40:45.0276 1448 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
19:40:45.0308 1448 swprv - ok
19:40:45.0323 1448 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:40:45.0323 1448 Symc8xx - ok
19:40:45.0339 1448 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:40:45.0339 1448 Sym_hi - ok
19:40:45.0354 1448 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:40:45.0354 1448 Sym_u3 - ok
19:40:45.0370 1448 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
19:40:45.0401 1448 SysMain - ok
19:40:45.0448 1448 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:40:45.0448 1448 TabletInputService - ok
19:40:45.0479 1448 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:40:45.0495 1448 TapiSrv - ok
19:40:45.0510 1448 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
19:40:45.0542 1448 TBS - ok
19:40:45.0573 1448 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:40:45.0604 1448 Tcpip - ok
19:40:45.0635 1448 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:40:45.0698 1448 Tcpip6 - ok
19:40:45.0729 1448 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:40:45.0729 1448 tcpipreg - ok
19:40:45.0744 1448 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:40:45.0776 1448 TDPIPE - ok
19:40:45.0776 1448 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:40:45.0807 1448 TDTCP - ok
19:40:45.0807 1448 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:40:45.0822 1448 tdx - ok
19:40:45.0822 1448 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:40:45.0838 1448 TermDD - ok
19:40:45.0854 1448 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
19:40:45.0885 1448 TermService - ok
19:40:45.0900 1448 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
19:40:45.0916 1448 Themes - ok
19:40:45.0916 1448 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
19:40:45.0947 1448 THREADORDER - ok
19:40:45.0963 1448 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
19:40:45.0994 1448 TrkWks - ok
19:40:46.0010 1448 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:40:46.0025 1448 TrustedInstaller - ok
19:40:46.0041 1448 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:46.0056 1448 tssecsrv - ok
19:40:46.0072 1448 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:40:46.0088 1448 tunmp - ok
19:40:46.0088 1448 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:40:46.0088 1448 tunnel - ok
19:40:46.0103 1448 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:40:46.0119 1448 uagp35 - ok
19:40:46.0134 1448 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:40:46.0150 1448 udfs - ok
19:40:46.0166 1448 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:40:46.0181 1448 UI0Detect - ok
19:40:46.0197 1448 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:40:46.0212 1448 uliagpkx - ok
19:40:46.0228 1448 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:40:46.0228 1448 uliahci - ok
19:40:46.0244 1448 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:40:46.0259 1448 UlSata - ok
19:40:46.0275 1448 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:40:46.0275 1448 ulsata2 - ok
19:40:46.0306 1448 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:40:46.0322 1448 umbus - ok
19:40:46.0337 1448 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
19:40:46.0368 1448 upnphost - ok
19:40:46.0384 1448 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:40:46.0415 1448 usbccgp - ok
19:40:46.0415 1448 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:40:46.0446 1448 usbcir - ok
19:40:46.0462 1448 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:40:46.0478 1448 usbehci - ok
19:40:46.0493 1448 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:40:46.0509 1448 usbhub - ok
19:40:46.0524 1448 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:40:46.0540 1448 usbohci - ok
19:40:46.0556 1448 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:40:46.0587 1448 usbprint - ok
19:40:46.0587 1448 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:46.0602 1448 USBSTOR - ok
19:40:46.0618 1448 [ 7BF55D2538740B25936E93553E5D190D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:40:46.0649 1448 usbuhci - ok
19:40:46.0665 1448 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
19:40:46.0680 1448 UxSms - ok
19:40:46.0696 1448 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
19:40:46.0712 1448 vds - ok
19:40:46.0727 1448 [ 2998DC48905E9B4821AD8FD75B3E070C ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:46.0758 1448 vga - ok
19:40:46.0774 1448 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:40:46.0790 1448 VgaSave - ok
19:40:46.0805 1448 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
19:40:46.0805 1448 viaide - ok
19:40:46.0821 1448 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:40:46.0836 1448 volmgr - ok
19:40:46.0852 1448 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:40:46.0868 1448 volmgrx - ok
19:40:46.0883 1448 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:40:46.0899 1448 volsnap - ok
19:40:46.0914 1448 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:40:46.0930 1448 vsmraid - ok
19:40:46.0961 1448 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
19:40:46.0992 1448 VSS - ok
19:40:47.0008 1448 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
19:40:47.0039 1448 W32Time - ok
19:40:47.0055 1448 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:40:47.0086 1448 WacomPen - ok
19:40:47.0102 1448 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:40:47.0117 1448 Wanarp - ok
19:40:47.0117 1448 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:40:47.0133 1448 Wanarpv6 - ok
19:40:47.0148 1448 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:40:47.0164 1448 wcncsvc - ok
19:40:47.0195 1448 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:40:47.0211 1448 WcsPlugInService - ok
19:40:47.0226 1448 [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd C:\Windows\system32\drivers\wd.sys
19:40:47.0226 1448 Wd - ok
19:40:47.0242 1448 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:40:47.0273 1448 Wdf01000 - ok
19:40:47.0289 1448 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:40:47.0320 1448 WdiServiceHost - ok
19:40:47.0320 1448 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:40:47.0336 1448 WdiSystemHost - ok
19:40:47.0367 1448 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
19:40:47.0367 1448 WebClient - ok
19:40:47.0382 1448 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:40:47.0398 1448 Wecsvc - ok
19:40:47.0414 1448 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:40:47.0429 1448 wercplsupport - ok
19:40:47.0445 1448 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
19:40:47.0460 1448 WerSvc - ok
19:40:47.0460 1448 WinHttpAutoProxySvc - ok
19:40:47.0492 1448 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:40:47.0507 1448 Winmgmt - ok
19:40:47.0538 1448 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
19:40:47.0570 1448 WinRM - ok
19:40:47.0616 1448 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:40:47.0632 1448 Wlansvc - ok
19:40:47.0663 1448 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:40:47.0679 1448 WmiAcpi - ok
19:40:47.0694 1448 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:40:47.0710 1448 wmiApSrv - ok
19:40:47.0726 1448 WMPNetworkSvc - ok
19:40:47.0741 1448 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:40:47.0757 1448 WPCSvc - ok
19:40:47.0772 1448 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:40:47.0788 1448 WPDBusEnum - ok
19:40:47.0804 1448 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:40:47.0819 1448 ws2ifsl - ok
19:40:47.0819 1448 WSearch - ok
19:40:47.0835 1448 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:40:47.0866 1448 WUDFRd - ok
19:40:47.0882 1448 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:40:47.0913 1448 wudfsvc - ok
19:40:47.0913 1448 ================ Scan global ===============================
19:40:47.0928 1448 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:40:47.0960 1448 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:40:47.0960 1448 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:40:47.0991 1448 [ BC81150939BD52DBC7A08C245F1FB229 ] C:\Windows\system32\services.exe
19:40:47.0991 1448 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
19:40:47.0991 1448 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
19:40:47.0991 1448 ================ Scan MBR ==================================
19:40:48.0006 1448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:40:48.0256 1448 \Device\Harddisk0\DR0 - ok
19:40:48.0256 1448 ================ Scan VBR ==================================
19:40:48.0256 1448 [ AF6E1B78A52D7BA39B03D6839392A6AC ] \Device\Harddisk0\DR0\Partition1
19:40:48.0256 1448 \Device\Harddisk0\DR0\Partition1 - ok
19:40:48.0256 1448 [ 9192F4C5E5167E0E4F5D58027EEF9CC6 ] \Device\Harddisk0\DR0\Partition2
19:40:48.0256 1448 \Device\Harddisk0\DR0\Partition2 - ok
19:40:48.0272 1448 [ 51C6248CC81C7F876BAADB6A7D60D8E2 ] \Device\Harddisk0\DR0\Partition3
19:40:48.0272 1448 \Device\Harddisk0\DR0\Partition3 - ok
19:40:48.0287 1448 [ 498AA62793B74B1F1A17E47DCF0E559C ] \Device\Harddisk0\DR0\Partition4
19:40:48.0287 1448 \Device\Harddisk0\DR0\Partition4 - ok
19:40:48.0303 1448 [ E11473E0B50B173780451F496E581DD6 ] \Device\Harddisk0\DR0\Partition5
19:40:48.0303 1448 \Device\Harddisk0\DR0\Partition5 - ok
19:40:48.0318 1448 [ FA17E132BE096306B4A5C1A3189FEAD7 ] \Device\Harddisk0\DR0\Partition6
19:40:48.0318 1448 \Device\Harddisk0\DR0\Partition6 - ok
19:40:48.0334 1448 [ 4127A635E2FC156B1977278DBA3F0E05 ] \Device\Harddisk0\DR0\Partition7
19:40:48.0334 1448 \Device\Harddisk0\DR0\Partition7 - ok
19:40:48.0350 1448 [ 786605C9B7834E6863169016846DAD5F ] \Device\Harddisk0\DR0\Partition8
19:40:48.0350 1448 \Device\Harddisk0\DR0\Partition8 - ok
19:40:48.0365 1448 [ 68C1B7EECECD056403307EF614CAF735 ] \Device\Harddisk0\DR0\Partition9
19:40:48.0365 1448 \Device\Harddisk0\DR0\Partition9 - ok
19:40:48.0381 1448 [ 60A105906FC38A9CDD8E99388A79BF70 ] \Device\Harddisk0\DR0\Partition10
19:40:48.0381 1448 \Device\Harddisk0\DR0\Partition10 - ok
19:40:48.0381 1448 [ 0318AA29F92E3374646BBEE7D566DA44 ] \Device\Harddisk0\DR0\Partition11
19:40:48.0381 1448 \Device\Harddisk0\DR0\Partition11 - ok
19:40:48.0381 1448 ============================================================
19:40:48.0381 1448 Scan finished
19:40:48.0381 1448 ============================================================
19:40:48.0396 4804 Detected object count: 4
19:40:48.0396 4804 Actual detected object count: 4
19:40:52.0218 4804 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:52.0218 4804 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:52.0218 4804 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:52.0218 4804 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:52.0218 4804 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:52.0218 4804 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:52.0218 4804 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
19:40:52.0218 4804 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
Waterdragon |
|
14.09.2012, 23:00
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernenCode:
ATTFilter C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen |
| antivir, autorun, avira, avira searchfree toolbar, bho, downloader, entfernen, error, firefox, flash player, format, google, grand theft auto, helper, home, install.exe, java/exploit.cve-2012-1723.ab, langs, logfile, maus, mozilla, plug-in, realtek, recycle.bin, registry, richtlinie, rundll, scan, security, software, system, trojaner, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
