Flashpla.exe Trojaner, ja oder nein?

dertb · 21.09.2012, 19:42

Hallo zusammen,

ich habe heute mit Malwarebytes einen Scan durchgeführt, der zu der Meldung führte, daß "Flashpla.exe" in einem Verzeichnis der Druckersoftware eine Trojaner sei, siehe log-Datei (Zeitstempel 26-24-21).

Dann habe ich das Problem entfernt.

Danach habe ich im Internet noch nachgelesen, daß es vielleicht nur ein Fehler in der Malware-Bytes Definitions-Datei gewesen sein könnte:
Flash Player FP - Malwarebytes Forum

Folgend wurde mein Rechner auf einen früheren Wiederherstellungspunkt gesetzt, und mit der neuesten Defintionsdatei ein Malwarebytes-Scan gemacht. Dies ergab keine Fehlermeldung (Zeitstempel 18-45-08).

Virustotal liefert:https://www.virustotal.com/file/cdfd68bbbe8ce8d1f8a710b26de358b1c54df60c3802b1011f1d7e3adc679bc4/analysis/

Ich wollte nur sichergehen daß es sich nicht doch um einen Trojaner handelt.
Angehängt finden sich noch OTL-Logs.

Vielen Dank im voraus für die Hilfe.

Grüße

cosinus · 22.09.2012, 14:22

Das wird wahrscheinlich ein Fehlalarm sein, vgl. diesen Strang => http://www.trojaner-board.de/124447-...tml#post920511
Da warte ich aber noch auf Ergebnisse. Du kannst ja auch mal die Datei auswerten falls "IT-confused" das noch nicht gemacht haben sollte, wenn du das hier liest.

dertb · 22.09.2012, 19:27

Vilen Dank für deine Antwort.

Hast du den virustotal-link gesehen.
Ich denke 7 von 43 Scannern ist wohle eher ein Fehlalarm, oder?

Sorry daß ich nochmal nachfrage, ich kenne mich nicht aus wie ich das virustotal-Ergebnis bewerten soll.

cosinus · 22.09.2012, 19:30

Oh sorry den hab ich übersehen
Hab nur den Zusammehang zwischen deinem und dem anderen erstmal gesehen, zeitlich waren da auch nur wenige Minuten zwischen

7/43 finde ich schon etwas bedenklich, das ist eher KEIN Fehlalarm mehr.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

dertb · 23.09.2012, 03:00

So, nun ein Scan mit ESET gemacht, mit ausgeschaltetem Virenscanner und Windows Defender.
Hier das log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7cbe3087264c484ab1041849cf0b3c13
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-23 01:51:49
# local_time=2012-09-23 03:51:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 675 99989316 0 0
# compatibility_mode=8192 67108863 100 0 843 843 0 0
# scanned=108939
# found=0
# cleaned=0
# scan_time=6984

cosinus · 23.09.2012, 16:49

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

dertb · 23.09.2012, 17:46

Hallo,

hier die Ausgabe von adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.002 - Datei am 09/23/2012 um 18:41:45 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : ***_2 - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : \user.js
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Users\***_2\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-3622946368-3746487688-68310204-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kija7qnd.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\***_2\AppData\Roaming\Mozilla\Firefox\Profiles\ve4g762j.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1355 octets] - [23/09/2012 18:41:45]

########## EOF - \AdwCleaner[R1].txt - [1415 octets] ##########

cosinus · 23.09.2012, 19:19

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

dertb · 23.09.2012, 19:51

Hallo, hier das log vom löschen.

Code:

ATTFilter

# AdwCleaner v2.002 - Datei am 09/23/2012 um 20:41:31 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : ***_2 - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : \user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Users\***_2\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kija7qnd.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\***_2\AppData\Roaming\Mozilla\Firefox\Profiles\ve4g762j.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1446 octets] - [23/09/2012 20:41:31]
AdwCleaner[R2].txt - [1482 octets] - [23/09/2012 19:00:31]

########## EOF - \AdwCleaner[S1].txt - [1566 octets] ##########

Die babylon-toolbar hatte ich schon vor 2 Wochen deinstalliert, es waren anscheinend noch Reste vorhanden.

Meinst du das waren alle Probleme?

cosinus · 23.09.2012, 19:54

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

dertb · 23.09.2012, 20:21

Hallo,

was meinst du mit normalem Modus? windows funktioniert so wie es sollte,
ich hatte vorher auch keine Probleme.
Im Startmenü sind auch noch alle Programme vorhanden.

cosinus · 24.09.2012, 12:42

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

dertb · 24.09.2012, 14:39

Hier nun das neue OTL-log.
Ich hoffe es war ok daß ich den Virenscanner nicht ausgeschaltet habe.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.09.2012 15:02:09 - Run 2
OTL by OldTimer - Version 3.2.66.2     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,54% Memory free
5,75 Gb Paging File | 4,81 Gb Available in Paging File | 83,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 200,43 Gb Total Space | 89,80 Gb Free Space | 44,80% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 86,72 Gb Free Space | 98,67% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Users\***\AppData\Local\Temp\7zS1BE4\hpslpsvc32.dll (Hewlett-Packard Co.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 B2 A5 E4 88 84 CD 01  [binary data]
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 0D B6 F2 89 84 CD 01  [binary data]
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3622946368-3746487688-68310204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.21 22:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.21 18:50:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.08.27 05:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***_2\AppData\Roaming\mozilla\Extensions
[2012.09.21 18:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***_2\AppData\Roaming\mozilla\Firefox\Profiles\ve4g762j.default\extensions
[2012.08.27 05:05:45 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***_2\AppData\Roaming\mozilla\firefox\profiles\ve4g762j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.21 18:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.21 18:50:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.21 18:49:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.21 18:49:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.21 18:49:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.21 18:49:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.21 18:49:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.21 18:49:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.29 21:51:35 | 000,444,105 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15252 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-3622946368-3746487688-68310204-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.69.252.252 129.69.252.212 129.69.252.202 129.69.252.232
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1A51328-B885-471C-9A09-60E99AAD179C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E83ACDD1-5D59-4895-B321-3672DDF15C80}: DhcpNameServer = 129.69.252.252 129.69.252.212 129.69.252.202 129.69.252.232
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {07e84f41-11d5-4615-aaf6-368df0762b41} - C:\ProgramData\Duden\dkreg.exe /dktray=off /csapi=off /ALLUSERS
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 01:40:08 | 000,000,000 | ---D | C] -- C:\Users\***_2\AppData\Local\ElevatedDiagnostics
[2012.09.21 18:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.08.28 01:00:39 | 000,000,000 | ---D | C] -- C:\Users\***_2\AppData\Roaming\HpUpdate
[2012.08.28 01:00:21 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.08.27 21:29:06 | 000,000,000 | ---D | C] -- C:\Users\***_2\AppData\Roaming\Softland
[2012.08.27 21:29:05 | 000,023,392 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll
[2012.08.27 21:29:05 | 000,020,832 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll
[2012.08.27 21:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
[2012.08.27 21:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2012.08.27 05:02:37 | 000,000,000 | ---D | C] -- C:\Users\***_2\AppData\Roaming\Mozilla
[2012.08.27 05:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.08.27 04:22:02 | 000,000,000 | ---D | C] -- C:\Users\***_2\AppData\Roaming\Macromedia
[2012.08.27 04:22:02 | 000,000,000 | ---D | C] -- C:\Users\***_2\AppData\Local\Macromedia
[2012.08.27 03:22:20 | 000,000,000 | ---D | C] -- C:\Users\***_2\AppData\Roaming\Malwarebytes
[2012.08.27 03:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.27 03:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.27 03:22:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.27 03:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.27 02:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden
[2012.08.27 02:35:21 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\License
[2012.08.27 02:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Duden
[2012.08.27 00:52:27 | 000,000,000 | ---D | C] -- C:\Users\***_2\Documents\Add-in Express
[2012.08.27 00:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Duden
[2012.08.27 00:49:28 | 000,000,000 | ---D | C] -- C:\Users\***_2\AppData\Roaming\Duden
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.24 14:57:24 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.24 14:57:24 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.24 14:54:24 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.24 14:54:24 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.24 14:54:24 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.24 14:54:24 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.24 14:50:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.24 14:50:00 | 2313,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.23 21:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.23 18:31:29 | 000,318,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.21 18:21:31 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.21 18:21:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.11 01:08:24 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.29 21:51:35 | 000,444,105 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.08.28 23:57:25 | 000,025,640 | ---- | M] () -- C:\Users\***_2\Documents\cc_20120828_235718.reg
[2012.08.27 05:02:30 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.28 23:57:23 | 000,025,640 | ---- | C] () -- C:\Users\***_2\Documents\cc_20120828_235718.reg
[2012.08.27 21:29:05 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm
[2012.08.27 05:02:30 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.27 05:02:30 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.27 04:18:13 | 000,001,414 | ---- | C] () -- C:\Users\***_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.27 03:22:13 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.21 23:52:37 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2012.08.21 00:13:25 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2012.08.21 00:13:25 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012.08.21 00:13:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2012.08.21 00:13:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012.08.21 00:13:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012.08.21 00:13:25 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.08.21 00:01:17 | 000,180,768 | ---- | C] () -- C:\Windows\hpoins27.dat
[2012.08.21 00:01:17 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2012.08.18 18:16:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.20 23:36:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.08.27 01:44:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Duden
[2012.08.21 00:59:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.08.20 23:35:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NoteTab Light
[2012.08.20 02:11:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup5
[2012.09.23 01:28:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland
[2012.08.27 00:53:00 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Duden
[2012.08.20 23:51:11 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\DVDVideoSoft
[2012.08.20 23:51:11 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.20 23:32:49 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\IrfanView
[2012.08.27 21:29:06 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Softland
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.08.21 00:09:52 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Adobe
[2012.08.27 00:53:00 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Duden
[2012.08.20 23:51:11 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\DVDVideoSoft
[2012.08.20 23:51:11 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.21 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\HP
[2012.08.28 01:03:16 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\HpUpdate
[2012.08.18 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Identities
[2012.08.21 00:34:00 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\InstallShield
[2012.08.20 23:32:49 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\IrfanView
[2012.08.27 04:22:02 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Macromedia
[2012.08.27 03:22:20 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Media Center Programs
[2012.08.27 04:22:02 | 000,000,000 | --SD | M] -- C:\Users\***_2\AppData\Roaming\Microsoft
[2012.08.27 05:02:41 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Mozilla
[2012.08.27 21:29:06 | 000,000,000 | ---D | M] -- C:\Users\***_2\AppData\Roaming\Softland
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2010.01.02 18:40:58 | 000,188,944 | ---- | M] (Advanced Micro Devices, Inc) MD5=A2A2E677071141196C57FF7D2608EBB3 -- C:\Users\***\Software\Treiber_WIN7_32bit\WHQL_SB7xx_RAID_Vista_3.1.1540.127\x86\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 24.09.2012, 19:33

Ist rel. unauffällig.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

dertb · 24.09.2012, 20:41

Hier das log-file von Kaspersky (TDSS-Killer).

Zwei Einträge wurden gefunden, ich sollte vielleicht dazu sagen daß ich vor kurzem einen HP-Drucker deinstalliert habe, vielleicht kommen die daher.

Code:

ATTFilter

 
21:29:03.0045 3124  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:29:03.0185 3124  ============================================================
21:29:03.0185 3124  Current date / time: 2012/09/24 21:29:03.0185
21:29:03.0185 3124  SystemInfo:
21:29:03.0185 3124  
21:29:03.0185 3124  OS Version: 6.1.7601 ServicePack: 1.0
21:29:03.0185 3124  Product type: Workstation
21:29:03.0185 3124  ComputerName: ***-PC
21:29:03.0185 3124  UserName: ***_2
21:29:03.0185 3124  Windows directory: C:\Windows
21:29:03.0185 3124  System windows directory: C:\Windows
21:29:03.0185 3124  Processor architecture: Intel x86
21:29:03.0185 3124  Number of processors: 2
21:29:03.0185 3124  Page size: 0x1000
21:29:03.0185 3124  Boot type: Normal boot
21:29:03.0185 3124  ============================================================
21:29:04.0573 3124  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:29:04.0573 3124  ============================================================
21:29:04.0573 3124  \Device\Harddisk0\DR0:
21:29:04.0573 3124  MBR partitions:
21:29:04.0573 3124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x190DD7D8
21:29:04.0573 3124  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A466000, BlocksNum 0xAFC7800
21:29:04.0573 3124  ============================================================
21:29:04.0651 3124  C: <-> \Device\Harddisk0\DR0\Partition1
21:29:04.0761 3124  D: <-> \Device\Harddisk0\DR0\Partition2
21:29:04.0761 3124  ============================================================
21:29:04.0761 3124  Initialize success
21:29:04.0761 3124  ============================================================
21:31:25.0805 2792  ============================================================
21:31:25.0805 2792  Scan started
21:31:25.0805 2792  Mode: Manual; SigCheck; TDLFS; 
21:31:25.0805 2792  ============================================================
21:31:26.0413 2792  ================ Scan system memory ========================
21:31:26.0413 2792  System memory - ok
21:31:26.0413 2792  ================ Scan services =============================
21:31:26.0616 2792  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:31:26.0694 2792  1394ohci - ok
21:31:26.0725 2792  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:31:26.0741 2792  ACPI - ok
21:31:26.0772 2792  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:31:26.0803 2792  AcpiPmi - ok
21:31:26.0913 2792  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:31:26.0944 2792  AdobeARMservice - ok
21:31:27.0022 2792  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:31:27.0053 2792  AdobeFlashPlayerUpdateSvc - ok
21:31:27.0100 2792  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:31:27.0131 2792  adp94xx - ok
21:31:27.0131 2792  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:31:27.0162 2792  adpahci - ok
21:31:27.0178 2792  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:31:27.0209 2792  adpu320 - ok
21:31:27.0240 2792  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:31:27.0287 2792  AeLookupSvc - ok
21:31:27.0334 2792  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:31:27.0381 2792  AFD - ok
21:31:27.0412 2792  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:31:27.0427 2792  agp440 - ok
21:31:27.0521 2792  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:31:27.0552 2792  aic78xx - ok
21:31:27.0599 2792  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:31:27.0661 2792  ALG - ok
21:31:27.0693 2792  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:31:27.0708 2792  aliide - ok
21:31:27.0771 2792  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:31:27.0802 2792  AMD External Events Utility - ok
21:31:27.0833 2792  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:31:27.0849 2792  amdagp - ok
21:31:27.0864 2792  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:31:27.0880 2792  amdide - ok
21:31:27.0911 2792  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:31:27.0958 2792  AmdK8 - ok
21:31:27.0989 2792  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:31:28.0020 2792  AmdPPM - ok
21:31:28.0067 2792  [ 6F64C768A9A48FAB7C6D6CEE1B30F97F ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
21:31:28.0083 2792  amdsata - ok
21:31:28.0129 2792  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:31:28.0145 2792  amdsbs - ok
21:31:28.0161 2792  [ E27866684780606BCCE640A57937D88A ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:31:28.0176 2792  amdxata - ok
21:31:28.0223 2792  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:31:28.0270 2792  AppID - ok
21:31:28.0301 2792  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:31:28.0379 2792  AppIDSvc - ok
21:31:28.0426 2792  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:31:28.0473 2792  Appinfo - ok
21:31:28.0504 2792  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:31:28.0519 2792  arc - ok
21:31:28.0551 2792  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:31:28.0566 2792  arcsas - ok
21:31:28.0582 2792  [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
21:31:28.0597 2792  aswFsBlk - ok
21:31:28.0660 2792  [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
21:31:28.0675 2792  aswMonFlt - ok
21:31:28.0691 2792  [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
21:31:28.0707 2792  aswRdr - ok
21:31:28.0738 2792  [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:31:28.0769 2792  aswSnx - ok
21:31:28.0800 2792  [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
21:31:28.0816 2792  aswSP - ok
21:31:28.0831 2792  [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
21:31:28.0847 2792  aswTdi - ok
21:31:28.0863 2792  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:28.0909 2792  AsyncMac - ok
21:31:28.0956 2792  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:31:28.0972 2792  atapi - ok
21:31:29.0034 2792  [ B01751CC563AECAC09BBE36AAA21FBEF ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:31:29.0143 2792  athr - ok
21:31:29.0190 2792  [ BB9E7C7F937714F05A4E05C287D6DDFF ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
21:31:29.0206 2792  AtiHdmiService - ok
21:31:29.0362 2792  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:31:29.0565 2792  atikmdag - ok
21:31:29.0627 2792  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
21:31:29.0643 2792  AtiPcie - ok
21:31:29.0705 2792  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:31:29.0767 2792  AudioEndpointBuilder - ok
21:31:29.0783 2792  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:31:29.0830 2792  Audiosrv - ok
21:31:29.0861 2792  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:31:29.0877 2792  avast! Antivirus - ok
21:31:29.0908 2792  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:31:29.0939 2792  AxInstSV - ok
21:31:29.0986 2792  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:31:30.0033 2792  b06bdrv - ok
21:31:30.0079 2792  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:31:30.0111 2792  b57nd60x - ok
21:31:30.0157 2792  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:31:30.0173 2792  BDESVC - ok
21:31:30.0189 2792  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:31:30.0235 2792  Beep - ok
21:31:30.0298 2792  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:31:30.0360 2792  BFE - ok
21:31:30.0407 2792  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:31:30.0485 2792  BITS - ok
21:31:30.0516 2792  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:31:30.0547 2792  blbdrive - ok
21:31:30.0579 2792  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:31:30.0610 2792  bowser - ok
21:31:30.0625 2792  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:31:30.0657 2792  BrFiltLo - ok
21:31:30.0672 2792  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:31:30.0719 2792  BrFiltUp - ok
21:31:30.0735 2792  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:31:30.0766 2792  Browser - ok
21:31:30.0781 2792  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:31:30.0828 2792  Brserid - ok
21:31:30.0844 2792  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:31:30.0906 2792  BrSerWdm - ok
21:31:30.0922 2792  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:31:30.0969 2792  BrUsbMdm - ok
21:31:30.0984 2792  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:31:31.0031 2792  BrUsbSer - ok
21:31:31.0062 2792  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:31:31.0109 2792  BthEnum - ok
21:31:31.0125 2792  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:31:31.0156 2792  BTHMODEM - ok
21:31:31.0187 2792  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:31:31.0203 2792  BthPan - ok
21:31:31.0265 2792  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:31:31.0296 2792  BTHPORT - ok
21:31:31.0327 2792  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:31:31.0390 2792  bthserv - ok
21:31:31.0421 2792  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:31:31.0452 2792  BTHUSB - ok
21:31:31.0499 2792  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:31:31.0546 2792  cdfs - ok
21:31:31.0593 2792  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:31:31.0639 2792  cdrom - ok
21:31:31.0686 2792  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:31:31.0733 2792  CertPropSvc - ok
21:31:31.0764 2792  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:31:31.0795 2792  circlass - ok
21:31:31.0842 2792  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:31:31.0873 2792  CLFS - ok
21:31:31.0936 2792  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:31.0967 2792  clr_optimization_v2.0.50727_32 - ok
21:31:32.0029 2792  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:32.0061 2792  clr_optimization_v4.0.30319_32 - ok
21:31:32.0092 2792  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:31:32.0139 2792  CmBatt - ok
21:31:32.0170 2792  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:31:32.0185 2792  cmdide - ok
21:31:32.0232 2792  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:31:32.0263 2792  CNG - ok
21:31:32.0295 2792  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:31:32.0295 2792  Compbatt - ok
21:31:32.0341 2792  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:31:32.0388 2792  CompositeBus - ok
21:31:32.0419 2792  COMSysApp - ok
21:31:32.0435 2792  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:31:32.0466 2792  crcdisk - ok
21:31:32.0513 2792  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:31:32.0544 2792  CryptSvc - ok
21:31:32.0607 2792  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:31:32.0716 2792  DcomLaunch - ok
21:31:32.0763 2792  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:31:32.0841 2792  defragsvc - ok
21:31:32.0872 2792  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:31:32.0919 2792  DfsC - ok
21:31:32.0981 2792  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:31:33.0075 2792  Dhcp - ok
21:31:33.0106 2792  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:31:33.0153 2792  discache - ok
21:31:33.0184 2792  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:31:33.0199 2792  Disk - ok
21:31:33.0262 2792  [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
21:31:33.0293 2792  DKbFltr - ok
21:31:33.0324 2792  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:31:33.0371 2792  Dnscache - ok
21:31:33.0418 2792  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:31:33.0480 2792  dot3svc - ok
21:31:33.0527 2792  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:31:33.0543 2792  Dot4 - ok
21:31:33.0558 2792  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:31:33.0605 2792  Dot4Print - ok
21:31:33.0621 2792  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:31:33.0667 2792  dot4usb - ok
21:31:33.0699 2792  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:31:33.0792 2792  DPS - ok
21:31:33.0839 2792  DritekPortIO - ok
21:31:33.0886 2792  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:31:33.0933 2792  drmkaud - ok
21:31:33.0995 2792  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:31:34.0042 2792  DXGKrnl - ok
21:31:34.0089 2792  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:31:34.0167 2792  EapHost - ok
21:31:34.0291 2792  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:31:34.0432 2792  ebdrv - ok
21:31:34.0479 2792  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:31:34.0525 2792  EFS - ok
21:31:34.0588 2792  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:31:34.0666 2792  ehRecvr - ok
21:31:34.0697 2792  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:31:34.0744 2792  ehSched - ok
21:31:34.0775 2792  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:31:34.0806 2792  elxstor - ok
21:31:34.0837 2792  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:31:34.0869 2792  ErrDev - ok
21:31:34.0931 2792  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:31:35.0025 2792  EventSystem - ok
21:31:35.0056 2792  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:31:35.0103 2792  exfat - ok
21:31:35.0118 2792  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:31:35.0149 2792  fastfat - ok
21:31:35.0196 2792  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:31:35.0243 2792  Fax - ok
21:31:35.0274 2792  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:31:35.0290 2792  fdc - ok
21:31:35.0337 2792  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:31:35.0383 2792  fdPHost - ok
21:31:35.0399 2792  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:31:35.0446 2792  FDResPub - ok
21:31:35.0477 2792  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:31:35.0493 2792  FileInfo - ok
21:31:35.0508 2792  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:31:35.0555 2792  Filetrace - ok
21:31:35.0586 2792  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:35.0617 2792  flpydisk - ok
21:31:35.0649 2792  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:31:35.0680 2792  FltMgr - ok
21:31:35.0711 2792  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:31:35.0789 2792  FontCache - ok
21:31:35.0851 2792  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:31:35.0883 2792  FontCache3.0.0.0 - ok
21:31:35.0945 2792  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:31:35.0992 2792  FsDepends - ok
21:31:36.0023 2792  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:31:36.0039 2792  Fs_Rec - ok
21:31:36.0070 2792  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:31:36.0117 2792  fvevol - ok
21:31:36.0148 2792  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:31:36.0179 2792  gagp30kx - ok
21:31:36.0226 2792  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:31:36.0304 2792  gpsvc - ok
21:31:36.0335 2792  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:31:36.0382 2792  hcw85cir - ok
21:31:36.0444 2792  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:31:36.0507 2792  HdAudAddService - ok
21:31:36.0553 2792  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:31:36.0600 2792  HDAudBus - ok
21:31:36.0616 2792  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:31:36.0663 2792  HidBatt - ok
21:31:36.0678 2792  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:31:36.0741 2792  HidBth - ok
21:31:36.0756 2792  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:31:36.0772 2792  HidIr - ok
21:31:36.0819 2792  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:31:36.0865 2792  hidserv - ok
21:31:36.0912 2792  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:31:36.0928 2792  HidUsb - ok
21:31:36.0959 2792  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:31:37.0006 2792  hkmsvc - ok
21:31:37.0053 2792  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:31:37.0099 2792  HomeGroupListener - ok
21:31:37.0131 2792  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:31:37.0162 2792  HomeGroupProvider - ok
21:31:37.0193 2792  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:31:37.0224 2792  HpSAMD - ok
21:31:37.0396 2792  [ C3B71A7EE3ADA9E9D1A30133B9D2FC74 ] HPSLPSVC        C:\Users\***\AppData\Local\Temp\7zS1BE4\hpslpsvc32.dll
21:31:37.0427 2792  HPSLPSVC - ok
21:31:37.0505 2792  [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:31:37.0583 2792  HSF_DPV - ok
21:31:37.0614 2792  [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:31:37.0661 2792  HSXHWAZL - ok
21:31:37.0692 2792  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:31:37.0739 2792  HTTP - ok
21:31:37.0770 2792  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:31:37.0801 2792  hwpolicy - ok
21:31:37.0833 2792  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:37.0864 2792  i8042prt - ok
21:31:37.0911 2792  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:31:37.0957 2792  iaStor - ok
21:31:37.0989 2792  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:31:38.0020 2792  iaStorV - ok
21:31:38.0082 2792  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:31:38.0160 2792  idsvc - ok
21:31:38.0176 2792  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:31:38.0191 2792  iirsp - ok
21:31:38.0238 2792  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:31:38.0285 2792  IKEEXT - ok
21:31:38.0410 2792  [ B29E79C67F3779E70BA187E31B639EBC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:31:38.0472 2792  IntcAzAudAddService - ok
21:31:38.0519 2792  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:31:38.0550 2792  intelide - ok
21:31:38.0581 2792  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:31:38.0613 2792  intelppm - ok
21:31:38.0644 2792  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:31:38.0706 2792  IPBusEnum - ok
21:31:38.0737 2792  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:38.0800 2792  IpFilterDriver - ok
21:31:38.0847 2792  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:31:38.0925 2792  iphlpsvc - ok
21:31:38.0956 2792  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:31:38.0987 2792  IPMIDRV - ok
21:31:39.0034 2792  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:31:39.0096 2792  IPNAT - ok
21:31:39.0112 2792  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:31:39.0143 2792  IRENUM - ok
21:31:39.0159 2792  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:31:39.0174 2792  isapnp - ok
21:31:39.0221 2792  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:31:39.0237 2792  iScsiPrt - ok
21:31:39.0283 2792  [ C4C95805B85BCE1EB9D20F4A02FC5F9B ] k57nd60x        C:\Windows\system32\DRIVERS\k57nd60x.sys
21:31:39.0315 2792  k57nd60x - ok
21:31:39.0346 2792  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:39.0377 2792  kbdclass - ok
21:31:39.0393 2792  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:39.0424 2792  kbdhid - ok
21:31:39.0439 2792  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:31:39.0455 2792  KeyIso - ok
21:31:39.0486 2792  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:31:39.0502 2792  KSecDD - ok
21:31:39.0533 2792  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:31:39.0549 2792  KSecPkg - ok
21:31:39.0580 2792  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:31:39.0627 2792  KtmRm - ok
21:31:39.0658 2792  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:31:39.0720 2792  LanmanServer - ok
21:31:39.0751 2792  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:31:39.0814 2792  LanmanWorkstation - ok
21:31:39.0907 2792  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:31:39.0970 2792  lltdio - ok
21:31:40.0017 2792  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:31:40.0079 2792  lltdsvc - ok
21:31:40.0110 2792  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:31:40.0157 2792  lmhosts - ok
21:31:40.0188 2792  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:31:40.0204 2792  LSI_FC - ok
21:31:40.0219 2792  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:31:40.0235 2792  LSI_SAS - ok
21:31:40.0251 2792  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:31:40.0266 2792  LSI_SAS2 - ok
21:31:40.0282 2792  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:31:40.0297 2792  LSI_SCSI - ok
21:31:40.0313 2792  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:31:40.0375 2792  luafv - ok
21:31:40.0422 2792  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:31:40.0438 2792  Mcx2Svc - ok
21:31:40.0485 2792  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:31:40.0500 2792  mdmxsdk - ok
21:31:40.0516 2792  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:31:40.0531 2792  megasas - ok
21:31:40.0563 2792  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:31:40.0578 2792  MegaSR - ok
21:31:40.0625 2792  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:31:40.0672 2792  MMCSS - ok
21:31:40.0687 2792  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:31:40.0734 2792  Modem - ok
21:31:40.0750 2792  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:31:40.0781 2792  monitor - ok
21:31:40.0828 2792  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:31:40.0859 2792  mouclass - ok
21:31:40.0875 2792  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:31:40.0906 2792  mouhid - ok
21:31:40.0937 2792  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:31:40.0953 2792  mountmgr - ok
21:31:41.0015 2792  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:31:41.0046 2792  MozillaMaintenance - ok
21:31:41.0077 2792  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:31:41.0124 2792  mpio - ok
21:31:41.0155 2792  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:31:41.0187 2792  mpsdrv - ok
21:31:41.0233 2792  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:31:41.0296 2792  MpsSvc - ok
21:31:41.0343 2792  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:31:41.0374 2792  MRxDAV - ok
21:31:41.0405 2792  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:41.0452 2792  mrxsmb - ok
21:31:41.0483 2792  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:41.0530 2792  mrxsmb10 - ok
21:31:41.0561 2792  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:41.0592 2792  mrxsmb20 - ok
21:31:41.0623 2792  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:31:41.0639 2792  msahci - ok
21:31:41.0670 2792  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:31:41.0686 2792  msdsm - ok
21:31:41.0701 2792  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:31:41.0748 2792  MSDTC - ok
21:31:41.0795 2792  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:31:41.0826 2792  Msfs - ok
21:31:41.0842 2792  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:31:41.0904 2792  mshidkmdf - ok
21:31:41.0935 2792  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:31:41.0935 2792  msisadrv - ok
21:31:41.0982 2792  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:31:42.0029 2792  MSiSCSI - ok
21:31:42.0045 2792  msiserver - ok
21:31:42.0060 2792  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:31:42.0123 2792  MSKSSRV - ok
21:31:42.0154 2792  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:42.0216 2792  MSPCLOCK - ok
21:31:42.0247 2792  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:31:42.0294 2792  MSPQM - ok
21:31:42.0325 2792  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:31:42.0341 2792  MsRPC - ok
21:31:42.0372 2792  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:31:42.0388 2792  mssmbios - ok
21:31:42.0403 2792  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:31:42.0435 2792  MSTEE - ok
21:31:42.0450 2792  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:31:42.0466 2792  MTConfig - ok
21:31:42.0497 2792  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:31:42.0513 2792  Mup - ok
21:31:42.0544 2792  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:31:42.0606 2792  napagent - ok
21:31:42.0653 2792  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:31:42.0684 2792  NativeWifiP - ok
21:31:42.0731 2792  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:31:42.0762 2792  NDIS - ok
21:31:42.0778 2792  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:31:42.0840 2792  NdisCap - ok
21:31:42.0871 2792  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:42.0918 2792  NdisTapi - ok
21:31:42.0965 2792  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:43.0027 2792  Ndisuio - ok
21:31:43.0059 2792  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:43.0121 2792  NdisWan - ok
21:31:43.0152 2792  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:31:43.0183 2792  NDProxy - ok
21:31:43.0215 2792  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:31:43.0261 2792  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:31:43.0261 2792  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:31:43.0293 2792  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:31:43.0371 2792  NetBIOS - ok
21:31:43.0402 2792  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:31:43.0464 2792  NetBT - ok
21:31:43.0495 2792  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:31:43.0527 2792  Netlogon - ok
21:31:43.0558 2792  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:31:43.0620 2792  Netman - ok
21:31:43.0636 2792  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:31:43.0698 2792  netprofm - ok
21:31:43.0729 2792  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:43.0761 2792  NetTcpPortSharing - ok
21:31:43.0807 2792  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:31:43.0823 2792  nfrd960 - ok
21:31:43.0854 2792  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:31:43.0932 2792  NlaSvc - ok
21:31:43.0963 2792  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:31:44.0010 2792  Npfs - ok
21:31:44.0026 2792  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:31:44.0073 2792  nsi - ok
21:31:44.0088 2792  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:31:44.0119 2792  nsiproxy - ok
21:31:44.0182 2792  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:31:44.0244 2792  Ntfs - ok
21:31:44.0260 2792  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:31:44.0322 2792  Null - ok
21:31:44.0369 2792  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:31:44.0385 2792  nvraid - ok
21:31:44.0400 2792  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:31:44.0431 2792  nvstor - ok
21:31:44.0463 2792  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:31:44.0478 2792  nv_agp - ok
21:31:44.0556 2792  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:31:44.0619 2792  odserv - ok
21:31:44.0650 2792  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:31:44.0681 2792  ohci1394 - ok
21:31:44.0728 2792  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:31:44.0759 2792  ose - ok
21:31:44.0806 2792  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:31:44.0868 2792  p2pimsvc - ok
21:31:44.0915 2792  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:31:44.0977 2792  p2psvc - ok
21:31:45.0024 2792  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:31:45.0055 2792  Parport - ok
21:31:45.0087 2792  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:31:45.0102 2792  partmgr - ok
21:31:45.0118 2792  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:31:45.0149 2792  Parvdm - ok
21:31:45.0180 2792  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:31:45.0211 2792  PcaSvc - ok
21:31:45.0243 2792  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:31:45.0258 2792  pci - ok
21:31:45.0289 2792  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:31:45.0305 2792  pciide - ok
21:31:45.0321 2792  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:31:45.0352 2792  pcmcia - ok
21:31:45.0367 2792  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:31:45.0383 2792  pcw - ok
21:31:45.0414 2792  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:31:45.0508 2792  PEAUTH - ok
21:31:45.0601 2792  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:31:45.0695 2792  pla - ok
21:31:45.0742 2792  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:31:45.0804 2792  PlugPlay - ok
21:31:45.0851 2792  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:31:45.0882 2792  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:31:45.0882 2792  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:31:45.0929 2792  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:31:45.0976 2792  PNRPAutoReg - ok
21:31:46.0023 2792  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:31:46.0054 2792  PNRPsvc - ok
21:31:46.0147 2792  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:31:46.0194 2792  PolicyAgent - ok
21:31:46.0225 2792  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:31:46.0288 2792  Power - ok
21:31:46.0335 2792  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:31:46.0381 2792  PptpMiniport - ok
21:31:46.0413 2792  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:31:46.0459 2792  Processor - ok
21:31:46.0506 2792  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:31:46.0569 2792  ProfSvc - ok
21:31:46.0584 2792  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:31:46.0600 2792  ProtectedStorage - ok
21:31:46.0631 2792  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:31:46.0693 2792  Psched - ok
21:31:46.0740 2792  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:31:46.0818 2792  ql2300 - ok
21:31:46.0849 2792  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:31:46.0865 2792  ql40xx - ok
21:31:46.0896 2792  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:31:46.0943 2792  QWAVE - ok
21:31:46.0959 2792  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:31:46.0974 2792  QWAVEdrv - ok
21:31:46.0990 2792  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:31:47.0037 2792  RasAcd - ok
21:31:47.0068 2792  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:31:47.0115 2792  RasAgileVpn - ok
21:31:47.0146 2792  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:31:47.0193 2792  RasAuto - ok
21:31:47.0224 2792  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:47.0302 2792  Rasl2tp - ok
21:31:47.0349 2792  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:31:47.0458 2792  RasMan - ok
21:31:47.0473 2792  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:47.0536 2792  RasPppoe - ok
21:31:47.0583 2792  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:31:47.0629 2792  RasSstp - ok
21:31:47.0661 2792  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:31:47.0723 2792  rdbss - ok
21:31:47.0754 2792  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:31:47.0770 2792  rdpbus - ok
21:31:47.0801 2792  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:47.0879 2792  RDPCDD - ok
21:31:47.0910 2792  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:31:47.0973 2792  RDPENCDD - ok
21:31:48.0004 2792  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:31:48.0066 2792  RDPREFMP - ok
21:31:48.0113 2792  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:31:48.0160 2792  RDPWD - ok
21:31:48.0222 2792  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:31:48.0253 2792  rdyboost - ok
21:31:48.0285 2792  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:31:48.0363 2792  RemoteAccess - ok
21:31:48.0409 2792  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:31:48.0472 2792  RemoteRegistry - ok
21:31:48.0519 2792  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:31:48.0534 2792  RFCOMM - ok
21:31:48.0565 2792  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:31:48.0612 2792  RpcEptMapper - ok
21:31:48.0628 2792  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:31:48.0675 2792  RpcLocator - ok
21:31:48.0706 2792  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:31:48.0768 2792  RpcSs - ok
21:31:48.0815 2792  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:31:48.0862 2792  rspndr - ok
21:31:48.0909 2792  [ F9541F3B59DA30423F2F76EF443C07FC ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
21:31:48.0924 2792  RSUSBSTOR - ok
21:31:48.0940 2792  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:31:48.0955 2792  SamSs - ok
21:31:48.0987 2792  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:31:49.0002 2792  sbp2port - ok
21:31:49.0049 2792  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:31:49.0143 2792  SCardSvr - ok
21:31:49.0189 2792  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:31:49.0236 2792  scfilter - ok
21:31:49.0299 2792  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:31:49.0377 2792  Schedule - ok
21:31:49.0408 2792  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:31:49.0455 2792  SCPolicySvc - ok
21:31:49.0470 2792  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:31:49.0517 2792  SDRSVC - ok
21:31:49.0564 2792  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:31:49.0626 2792  secdrv - ok
21:31:49.0673 2792  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:31:49.0720 2792  seclogon - ok
21:31:49.0735 2792  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:31:49.0798 2792  SENS - ok
21:31:49.0829 2792  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:31:49.0876 2792  SensrSvc - ok
21:31:49.0891 2792  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:31:49.0923 2792  Serenum - ok
21:31:49.0954 2792  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:31:50.0001 2792  Serial - ok
21:31:50.0032 2792  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:31:50.0047 2792  sermouse - ok
21:31:50.0110 2792  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:31:50.0157 2792  SessionEnv - ok
21:31:50.0203 2792  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:31:50.0235 2792  sffdisk - ok
21:31:50.0250 2792  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:31:50.0281 2792  sffp_mmc - ok
21:31:50.0313 2792  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:31:50.0344 2792  sffp_sd - ok
21:31:50.0359 2792  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:31:50.0406 2792  sfloppy - ok
21:31:50.0437 2792  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:31:50.0515 2792  SharedAccess - ok
21:31:50.0562 2792  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:31:50.0625 2792  ShellHWDetection - ok
21:31:50.0656 2792  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:31:50.0671 2792  sisagp - ok
21:31:50.0687 2792  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:31:50.0703 2792  SiSRaid2 - ok
21:31:50.0734 2792  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:31:50.0749 2792  SiSRaid4 - ok
21:31:50.0781 2792  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:31:50.0827 2792  Smb - ok
21:31:50.0874 2792  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:31:50.0905 2792  SNMPTRAP - ok
21:31:50.0937 2792  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:31:50.0952 2792  spldr - ok
21:31:50.0983 2792  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:31:51.0030 2792  Spooler - ok
21:31:51.0155 2792  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:31:51.0327 2792  sppsvc - ok
21:31:51.0358 2792  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:31:51.0420 2792  sppuinotify - ok
21:31:51.0467 2792  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:31:51.0498 2792  srv - ok
21:31:51.0529 2792  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:31:51.0561 2792  srv2 - ok
21:31:51.0592 2792  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:31:51.0607 2792  SrvHsfHDA - ok
21:31:51.0654 2792  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:31:51.0717 2792  SrvHsfV92 - ok
21:31:51.0763 2792  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:31:51.0810 2792  SrvHsfWinac - ok
21:31:51.0857 2792  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:31:51.0873 2792  srvnet - ok
21:31:51.0904 2792  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:31:51.0951 2792  SSDPSRV - ok
21:31:51.0966 2792  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:31:52.0013 2792  SstpSvc - ok
21:31:52.0029 2792  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:31:52.0044 2792  stexstor - ok
21:31:52.0091 2792  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:31:52.0153 2792  StiSvc - ok
21:31:52.0169 2792  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:31:52.0185 2792  swenum - ok
21:31:52.0200 2792  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:31:52.0263 2792  swprv - ok
21:31:52.0309 2792  [ 47183E3520C88FADD5B0C87D57040DA5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:31:52.0341 2792  SynTP - ok
21:31:52.0403 2792  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:31:52.0481 2792  SysMain - ok
21:31:52.0497 2792  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:31:52.0543 2792  TabletInputService - ok
21:31:52.0559 2792  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:31:52.0621 2792  TapiSrv - ok
21:31:52.0653 2792  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:31:52.0699 2792  TBS - ok
21:31:52.0762 2792  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:31:52.0824 2792  Tcpip - ok
21:31:52.0887 2792  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:31:52.0918 2792  TCPIP6 - ok
21:31:52.0949 2792  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:31:52.0980 2792  tcpipreg - ok
21:31:53.0027 2792  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:31:53.0058 2792  TDPIPE - ok
21:31:53.0089 2792  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:31:53.0105 2792  TDTCP - ok
21:31:53.0136 2792  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:31:53.0183 2792  tdx - ok
21:31:53.0214 2792  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:31:53.0230 2792  TermDD - ok
21:31:53.0277 2792  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:31:53.0339 2792  TermService - ok
21:31:53.0386 2792  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:31:53.0417 2792  Themes - ok
21:31:53.0448 2792  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:31:53.0495 2792  THREADORDER - ok
21:31:53.0526 2792  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:31:53.0573 2792  TrkWks - ok
21:31:53.0635 2792  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:31:53.0682 2792  TrustedInstaller - ok
21:31:53.0729 2792  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:53.0776 2792  tssecsrv - ok
21:31:53.0916 2792  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:31:53.0963 2792  TsUsbFlt - ok
21:31:54.0010 2792  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:31:54.0088 2792  tunnel - ok
21:31:54.0119 2792  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:31:54.0135 2792  uagp35 - ok
21:31:54.0166 2792  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:31:54.0213 2792  udfs - ok
21:31:54.0259 2792  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:31:54.0306 2792  UI0Detect - ok
21:31:54.0337 2792  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:31:54.0353 2792  uliagpkx - ok
21:31:54.0384 2792  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:31:54.0415 2792  umbus - ok
21:31:54.0431 2792  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:31:54.0462 2792  UmPass - ok
21:31:54.0493 2792  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:31:54.0556 2792  upnphost - ok
21:31:54.0587 2792  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:54.0618 2792  usbccgp - ok
21:31:54.0649 2792  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:31:54.0681 2792  usbcir - ok
21:31:54.0712 2792  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:31:54.0743 2792  usbehci - ok
21:31:54.0790 2792  [ 0150B06D3E73F6C27AFCB963FD931820 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
21:31:54.0821 2792  usbfilter - ok
21:31:54.0852 2792  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:31:54.0899 2792  usbhub - ok
21:31:54.0915 2792  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:31:54.0946 2792  usbohci - ok
21:31:54.0977 2792  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:31:55.0039 2792  usbprint - ok
21:31:55.0071 2792  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:31:55.0117 2792  usbscan - ok
21:31:55.0149 2792  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:55.0180 2792  USBSTOR - ok
21:31:55.0195 2792  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:31:55.0242 2792  usbuhci - ok
21:31:55.0273 2792  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:31:55.0320 2792  UxSms - ok
21:31:55.0336 2792  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:31:55.0351 2792  VaultSvc - ok
21:31:55.0383 2792  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:31:55.0398 2792  vdrvroot - ok
21:31:55.0429 2792  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:31:55.0492 2792  vds - ok
21:31:55.0523 2792  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:55.0570 2792  vga - ok
21:31:55.0601 2792  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:31:55.0632 2792  VgaSave - ok
21:31:55.0679 2792  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:31:55.0710 2792  vhdmp - ok
21:31:55.0741 2792  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:31:55.0757 2792  viaagp - ok
21:31:55.0788 2792  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:31:55.0819 2792  ViaC7 - ok
21:31:55.0851 2792  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:31:55.0866 2792  viaide - ok
21:31:55.0882 2792  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:31:55.0897 2792  volmgr - ok
21:31:55.0929 2792  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:31:55.0944 2792  volmgrx - ok
21:31:55.0960 2792  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:31:55.0991 2792  volsnap - ok
21:31:56.0022 2792  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:31:56.0038 2792  vsmraid - ok
21:31:56.0085 2792  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:31:56.0194 2792  VSS - ok
21:31:56.0225 2792  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:31:56.0256 2792  vwifibus - ok
21:31:56.0287 2792  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:31:56.0303 2792  vwififlt - ok
21:31:56.0334 2792  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:31:56.0365 2792  vwifimp - ok
21:31:56.0443 2792  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:31:56.0521 2792  W32Time - ok
21:31:56.0553 2792  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:31:56.0584 2792  WacomPen - ok
21:31:56.0615 2792  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:31:56.0662 2792  WANARP - ok
21:31:56.0677 2792  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:31:56.0709 2792  Wanarpv6 - ok
21:31:56.0771 2792  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:31:56.0865 2792  wbengine - ok
21:31:56.0896 2792  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:31:56.0943 2792  WbioSrvc - ok
21:31:56.0989 2792  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:31:57.0036 2792  wcncsvc - ok
21:31:57.0067 2792  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:31:57.0099 2792  WcsPlugInService - ok
21:31:57.0130 2792  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:31:57.0145 2792  Wd - ok
21:31:57.0177 2792  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:31:57.0208 2792  Wdf01000 - ok
21:31:57.0239 2792  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:31:57.0270 2792  WdiServiceHost - ok
21:31:57.0270 2792  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:31:57.0301 2792  WdiSystemHost - ok
21:31:57.0333 2792  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:31:57.0395 2792  WebClient - ok
21:31:57.0426 2792  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:31:57.0473 2792  Wecsvc - ok
21:31:57.0489 2792  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:31:57.0551 2792  wercplsupport - ok
21:31:57.0598 2792  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:31:57.0660 2792  WerSvc - ok
21:31:57.0707 2792  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:31:57.0738 2792  WfpLwf - ok
21:31:57.0769 2792  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:31:57.0785 2792  WIMMount - ok
21:31:57.0847 2792  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:31:57.0910 2792  winachsf - ok
21:31:57.0988 2792  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:31:58.0050 2792  WinDefend - ok
21:31:58.0066 2792  WinHttpAutoProxySvc - ok
21:31:58.0128 2792  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:31:58.0206 2792  Winmgmt - ok
21:31:58.0269 2792  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:31:58.0347 2792  WinRM - ok
21:31:58.0425 2792  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:31:58.0471 2792  Wlansvc - ok
21:31:58.0518 2792  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:31:58.0549 2792  WmiAcpi - ok
21:31:58.0596 2792  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:31:58.0627 2792  wmiApSrv - ok
21:31:58.0721 2792  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:31:58.0783 2792  WMPNetworkSvc - ok
21:31:58.0799 2792  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:31:58.0830 2792  WPCSvc - ok
21:31:58.0846 2792  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:31:58.0877 2792  WPDBusEnum - ok
21:31:58.0908 2792  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:31:58.0955 2792  ws2ifsl - ok
21:31:58.0971 2792  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:31:59.0002 2792  wscsvc - ok
21:31:59.0017 2792  WSearch - ok
21:31:59.0095 2792  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:31:59.0220 2792  wuauserv - ok
21:31:59.0236 2792  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:31:59.0283 2792  WudfPf - ok
21:31:59.0329 2792  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:59.0392 2792  WUDFRd - ok
21:31:59.0407 2792  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:31:59.0454 2792  wudfsvc - ok
21:31:59.0485 2792  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:31:59.0532 2792  WwanSvc - ok
21:31:59.0563 2792  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
21:31:59.0610 2792  XAudio - ok
21:31:59.0657 2792  [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
21:31:59.0704 2792  XAudioService - ok
21:31:59.0766 2792  ================ Scan global ===============================
21:31:59.0797 2792  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:31:59.0829 2792  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:31:59.0844 2792  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:31:59.0891 2792  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:31:59.0938 2792  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:31:59.0953 2792  [Global] - ok
21:31:59.0953 2792  ================ Scan MBR ==================================
21:31:59.0985 2792  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:32:00.0437 2792  \Device\Harddisk0\DR0 - ok
21:32:00.0437 2792  ================ Scan VBR ==================================
21:32:00.0453 2792  [ CB76A8035097147003405B5931C1939D ] \Device\Harddisk0\DR0\Partition1
21:32:00.0453 2792  \Device\Harddisk0\DR0\Partition1 - ok
21:32:00.0484 2792  [ 66175795CFDAE2E594CCCA9355279A93 ] \Device\Harddisk0\DR0\Partition2
21:32:00.0484 2792  \Device\Harddisk0\DR0\Partition2 - ok
21:32:00.0484 2792  ============================================================
21:32:00.0484 2792  Scan finished
21:32:00.0484 2792  ============================================================
21:32:00.0499 3720  Detected object count: 2
21:32:00.0499 3720  Actual detected object count: 2
21:32:19.0126 3720  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:19.0126 3720  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:19.0141 3720  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:19.0141 3720  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:33:01.0845 3016  Deinitialize success

22.09.2012, 14:22	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Flashpla.exe Trojaner, ja oder nein? Das wird wahrscheinlich ein Fehlalarm sein, vgl. diesen Strang => http://www.trojaner-board.de/124447-...tml#post920511 Da warte ich aber noch auf Ergebnisse. Du kannst ja auch mal die Datei auswerten falls "IT-confused" das noch nicht gemacht haben sollte, wenn du das hier liest. __________________ __________________

23.09.2012, 19:54	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Flashpla.exe Trojaner, ja oder nein? Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Flashpla.exe Trojaner, ja oder nein?

Log-Analyse und Auswertung: Flashpla.exe Trojaner, ja oder nein?