| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bka - Trojaner ProblemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.10.2012, 14:37
| #16 |
 |  Bka - Trojaner Problem habe diesmal versucht, alles richtig zu machen. |
|
08.10.2012, 16:16
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bka - Trojaner Problem Nein!!
__________________Nicht das Log selbst von OTL da rein kopieren! Lies bitte meinen Beitrag richtig, das was in der CODE-Box in meinem Beitrag steht muss ins Textfenster von OTL eingefügt werden
__________________ |
|
08.10.2012, 17:04
| #18 |
| | Bka - Trojaner Problem habe es bereits 2x mal so gemacht wie beschrieben, die codebox mit dem text, angefangen mit "netsvcs" und endend mit "CREATERESTOREPOINT" kopiert, dann bei otl bei den benutzerdefinierten scans eingefügt, den haken bei "scan alle user" gesetzt u quick scan gedrückt. ich machs gerne noch ein drittes mal
__________________sry war mein fehler. Code:
ATTFilter OTL logfile created on: 08.10.2012 18:19:05 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BERNADETTE\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,93 Gb Available Physical Memory | 73,15% Memory free 8,00 Gb Paging File | 6,79 Gb Available in Paging File | 84,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 160,23 Gb Total Space | 110,30 Gb Free Space | 68,84% Space Free | Partition Type: NTFS Drive E: | 472,00 Mb Total Space | 441,88 Mb Free Space | 93,62% Space Free | Partition Type: NTFS Drive F: | 137,76 Gb Total Space | 137,00 Gb Free Space | 99,45% Space Free | Partition Type: NTFS Computer Name: BERNADETTE | User Name: BERNADETTE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.08 18:06:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BERNADETTE\Downloads\OTL.exe PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.28 19:31:20 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009.08.12 14:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009.07.23 17:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe PRC - [2009.07.07 11:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008.08.13 20:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe PRC - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV - [2012.10.08 01:29:41 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.18 02:15:46 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.23 17:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 05:11:42 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.05.13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.07.24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-268219738-2317036416-718143215-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-268219738-2317036416-718143215-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 02:15:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.29 01:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BERNADETTE\AppData\Roaming\mozilla\Extensions [2012.08.29 04:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BERNADETTE\AppData\Roaming\mozilla\Firefox\Profiles\pxbxa4bj.default\extensions [2012.08.29 01:26:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\BERNADETTE\AppData\Roaming\mozilla\firefox\profiles\pxbxa4bj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.28 19:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.18 02:15:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BERNADETTE O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E2D1ECD-D776-4A2A-B82C-CF4B856E3C8B}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4BC1E72-183C-44CA-91D4-8ABA09D48AA6}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe - () MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tmchlang.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^BERNADETTE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - - File not found MsConfig:64bit - StartUpReg: AmIcoSinglun64 - hkey= - key= - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.08 14:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.08 14:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.05 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\Documents\anti massnahmen [2012.10.05 16:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.04 20:21:37 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Roaming\Malwarebytes [2012.10.04 20:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.04 20:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.04 20:21:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.04 20:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.04 20:08:21 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Roaming\Avira [2012.10.04 20:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.04 20:05:29 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.04 20:05:29 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.04 20:05:29 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.04 20:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.04 20:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.04 19:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\atrxlawikzunvdh [2012.09.30 12:17:39 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.09.30 12:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.09.30 12:17:38 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Roaming\Notepad++ [2012.09.30 12:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2012.09.29 08:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.29 08:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.29 08:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.09.29 08:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.29 08:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.09.29 08:36:15 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Roaming\Apple Computer [2012.09.29 08:36:15 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Local\Apple Computer [2012.09.18 02:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.18 02:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.16 19:10:29 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Local\Adobe [2012.09.14 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Roaming\vlc [2012.09.12 17:22:18 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\Documents\origin [2012.09.12 16:59:18 | 000,000,000 | ---D | C] -- C:\Users\BERNADETTE\AppData\Roaming\Skype ========== Files - Modified Within 30 Days ========== [2012.10.08 16:21:53 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 16:21:53 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 16:18:48 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.08 16:18:48 | 000,665,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.08 16:18:48 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.08 16:18:48 | 000,133,758 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.08 16:18:48 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.08 16:14:41 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.10.08 16:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.08 16:14:24 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys [2012.10.04 20:21:24 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.04 20:05:32 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.04 19:10:05 | 000,076,360 | ---- | M] () -- C:\ProgramData\dbnuefexsgngaox [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.29 08:37:06 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.12 17:00:57 | 000,016,181 | ---- | M] () -- C:\Users\BERNADETTE\Documents\config.cfg [2012.09.12 16:59:13 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.10.04 20:21:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.04 20:05:32 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.04 19:10:01 | 000,076,360 | ---- | C] () -- C:\ProgramData\dbnuefexsgngaox [2012.09.29 08:37:06 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.12 17:00:55 | 000,016,181 | ---- | C] () -- C:\Users\BERNADETTE\Documents\config.cfg [2012.08.28 19:49:33 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.23 07:26:25 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Dropbox [2012.09.30 12:17:52 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Notepad++ [2012.09.06 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.09.16 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Adobe [2012.09.30 10:19:22 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Apple Computer [2012.10.04 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Avira [2012.09.23 07:26:25 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Dropbox [2012.08.29 00:59:32 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Identities [2012.08.29 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Macromedia [2012.10.04 20:21:37 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Malwarebytes [2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Media Center Programs [2012.09.17 20:34:53 | 000,000,000 | --SD | M] -- C:\Users\BERNADETTE\AppData\Roaming\Microsoft [2012.08.29 01:14:45 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Mozilla [2012.09.30 12:17:52 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Notepad++ [2012.09.12 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\Skype [2012.09.06 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\TuneUp Software [2012.09.14 17:47:56 | 000,000,000 | ---D | M] -- C:\Users\BERNADETTE\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2012.08.27 06:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\BERNADETTE\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.08.27 06:21:14 | 000,874,384 | ---- | M] (Dropbox, Inc.) -- C:\Users\BERNADETTE\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.08.27 06:21:24 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\BERNADETTE\AppData\Roaming\Dropbox\bin\Uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,012,978 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT < End of report > |
|
08.10.2012, 18:06
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bka - Trojaner Problem Kaum macht man es richtig klappt es  Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\ProgramData\dbnuefexsgngaox
C:\ProgramData\atrxlawikzunvdh
C:\Users\All Users\atrxlawikzunvdh
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.10.2012, 18:24
| #20 |
| | Bka - Trojaner ProblemCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\ProgramData\dbnuefexsgngaox moved successfully.
C:\ProgramData\atrxlawikzunvdh folder moved successfully.
File\Folder C:\Users\All Users\atrxlawikzunvdh not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\BERNADETTE\Downloads\cmd.bat deleted successfully.
C:\Users\BERNADETTE\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: BERNADETTE
->Temp folder emptied: 1054933619 bytes
->Temporary Internet Files folder emptied: 228804010 bytes
->FireFox cache emptied: 61115485 bytes
->Flash cache emptied: 506 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136066 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36074918 bytes
RecycleBin emptied: 654474 bytes
Total Files Cleaned = 1.318,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10082012_191526
Files\Folders moved on Reboot...
C:\Users\BERNADETTE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
08.10.2012, 21:36
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bka - Trojaner Problem Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Bka - Trojaner Problem |
|
09.10.2012, 05:46
| #22 |
| | Bka - Trojaner ProblemCode:
ATTFilter 06:36:56.0004 2956 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
06:36:56.0207 2956 ============================================================
06:36:56.0207 2956 Current date / time: 2012/10/09 06:36:56.0207
06:36:56.0207 2956 SystemInfo:
06:36:56.0207 2956
06:36:56.0207 2956 OS Version: 6.1.7601 ServicePack: 1.0
06:36:56.0207 2956 Product type: Workstation
06:36:56.0207 2956 ComputerName: BERNADETTE
06:36:56.0207 2956 UserName: BERNADETTE
06:36:56.0207 2956 Windows directory: C:\Windows
06:36:56.0207 2956 System windows directory: C:\Windows
06:36:56.0207 2956 Running under WOW64
06:36:56.0207 2956 Processor architecture: Intel x64
06:36:56.0207 2956 Number of processors: 2
06:36:56.0207 2956 Page size: 0x1000
06:36:56.0207 2956 Boot type: Normal boot
06:36:56.0207 2956 ============================================================
06:36:56.0644 2956 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:36:56.0644 2956 Drive \Device\Harddisk1\DR1 - Size: 0x3B100000 (0.92 Gb), SectorSize: 0x200, Cylinders: 0x78, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:36:56.0644 2956 ============================================================
06:36:56.0644 2956 \Device\Harddisk0\DR0:
06:36:56.0644 2956 MBR partitions:
06:36:56.0644 2956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:36:56.0644 2956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x14077000
06:36:56.0644 2956 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x140A9800, BlocksNum 0x11384000
06:36:56.0644 2956 \Device\Harddisk1\DR1:
06:36:56.0644 2956 MBR partitions:
06:36:56.0644 2956 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x80, BlocksNum 0xEC000
06:36:56.0644 2956 ============================================================
06:36:56.0706 2956 C: <-> \Device\Harddisk0\DR0\Partition2
06:36:56.0753 2956 F: <-> \Device\Harddisk0\DR0\Partition3
06:36:56.0753 2956 ============================================================
06:36:56.0753 2956 Initialize success
06:36:56.0753 2956 ============================================================
06:38:11.0976 1184 ============================================================
06:38:11.0976 1184 Scan started
06:38:11.0976 1184 Mode: Manual; SigCheck; TDLFS;
06:38:11.0976 1184 ============================================================
06:38:12.0538 1184 ================ Scan system memory ========================
06:38:12.0538 1184 System memory - ok
06:38:12.0538 1184 ================ Scan services =============================
06:38:12.0678 1184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
06:38:12.0772 1184 1394ohci - ok
06:38:12.0819 1184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:38:12.0834 1184 ACPI - ok
06:38:12.0850 1184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
06:38:12.0912 1184 AcpiPmi - ok
06:38:12.0943 1184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
06:38:12.0959 1184 adp94xx - ok
06:38:12.0975 1184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
06:38:13.0006 1184 adpahci - ok
06:38:13.0021 1184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
06:38:13.0037 1184 adpu320 - ok
06:38:13.0053 1184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:38:13.0177 1184 AeLookupSvc - ok
06:38:13.0224 1184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
06:38:13.0271 1184 AFD - ok
06:38:13.0302 1184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:38:13.0318 1184 agp440 - ok
06:38:13.0333 1184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
06:38:13.0380 1184 ALG - ok
06:38:13.0411 1184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
06:38:13.0427 1184 aliide - ok
06:38:13.0443 1184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
06:38:13.0443 1184 amdide - ok
06:38:13.0474 1184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
06:38:13.0505 1184 AmdK8 - ok
06:38:13.0521 1184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
06:38:13.0552 1184 AmdPPM - ok
06:38:13.0583 1184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:38:13.0583 1184 amdsata - ok
06:38:13.0614 1184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
06:38:13.0630 1184 amdsbs - ok
06:38:13.0645 1184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:38:13.0661 1184 amdxata - ok
06:38:13.0692 1184 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
06:38:13.0723 1184 AmUStor - ok
06:38:13.0817 1184 [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
06:38:13.0833 1184 AntiVirSchedulerService - ok
06:38:13.0848 1184 [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
06:38:13.0848 1184 AntiVirService - ok
06:38:13.0895 1184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
06:38:14.0051 1184 AppID - ok
06:38:14.0067 1184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:38:14.0129 1184 AppIDSvc - ok
06:38:14.0145 1184 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
06:38:14.0191 1184 Appinfo - ok
06:38:14.0269 1184 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:38:14.0285 1184 Apple Mobile Device - ok
06:38:14.0316 1184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
06:38:14.0332 1184 arc - ok
06:38:14.0347 1184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
06:38:14.0363 1184 arcsas - ok
06:38:14.0425 1184 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
06:38:14.0441 1184 ASLDRService - ok
06:38:14.0457 1184 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
06:38:14.0472 1184 ASMMAP64 - ok
06:38:14.0488 1184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:38:14.0550 1184 AsyncMac - ok
06:38:14.0581 1184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
06:38:14.0597 1184 atapi - ok
06:38:14.0659 1184 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
06:38:14.0769 1184 athr - ok
06:38:14.0784 1184 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
06:38:14.0800 1184 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
06:38:14.0800 1184 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
06:38:14.0862 1184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:38:14.0925 1184 AudioEndpointBuilder - ok
06:38:14.0940 1184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:38:14.0987 1184 AudioSrv - ok
06:38:15.0034 1184 [ 25B63A3C24A5E0223A35DE2F0D9E0FAF ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
06:38:15.0049 1184 avgntflt - ok
06:38:15.0049 1184 [ A83691240C1568E6A3EAA5C86D9F8AE3 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
06:38:15.0065 1184 avipbb - ok
06:38:15.0096 1184 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
06:38:15.0112 1184 avkmgr - ok
06:38:15.0143 1184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:38:15.0221 1184 AxInstSV - ok
06:38:15.0283 1184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
06:38:15.0315 1184 b06bdrv - ok
06:38:15.0346 1184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:38:15.0377 1184 b57nd60a - ok
06:38:15.0408 1184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:38:15.0439 1184 BDESVC - ok
06:38:15.0455 1184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:38:15.0502 1184 Beep - ok
06:38:15.0549 1184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
06:38:15.0611 1184 BFE - ok
06:38:15.0642 1184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
06:38:15.0751 1184 BITS - ok
06:38:15.0767 1184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:38:15.0798 1184 blbdrive - ok
06:38:15.0829 1184 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:38:15.0861 1184 Bonjour Service - ok
06:38:15.0892 1184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:38:15.0923 1184 bowser - ok
06:38:15.0954 1184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
06:38:15.0985 1184 BrFiltLo - ok
06:38:16.0017 1184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
06:38:16.0032 1184 BrFiltUp - ok
06:38:16.0063 1184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
06:38:16.0079 1184 Browser - ok
06:38:16.0095 1184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:38:16.0157 1184 Brserid - ok
06:38:16.0173 1184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:38:16.0204 1184 BrSerWdm - ok
06:38:16.0219 1184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:38:16.0251 1184 BrUsbMdm - ok
06:38:16.0266 1184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:38:16.0297 1184 BrUsbSer - ok
06:38:16.0313 1184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
06:38:16.0344 1184 BTHMODEM - ok
06:38:16.0375 1184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
06:38:16.0407 1184 bthserv - ok
06:38:16.0422 1184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:38:16.0469 1184 cdfs - ok
06:38:16.0500 1184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:38:16.0531 1184 cdrom - ok
06:38:16.0563 1184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
06:38:16.0609 1184 CertPropSvc - ok
06:38:16.0625 1184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
06:38:16.0656 1184 circlass - ok
06:38:16.0687 1184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
06:38:16.0703 1184 CLFS - ok
06:38:16.0781 1184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:38:16.0797 1184 clr_optimization_v2.0.50727_32 - ok
06:38:16.0828 1184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:38:16.0843 1184 clr_optimization_v2.0.50727_64 - ok
06:38:16.0890 1184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:38:16.0968 1184 clr_optimization_v4.0.30319_32 - ok
06:38:16.0999 1184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:38:17.0015 1184 clr_optimization_v4.0.30319_64 - ok
06:38:17.0031 1184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:38:17.0062 1184 CmBatt - ok
06:38:17.0077 1184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:38:17.0093 1184 cmdide - ok
06:38:17.0109 1184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
06:38:17.0140 1184 CNG - ok
06:38:17.0140 1184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:38:17.0155 1184 Compbatt - ok
06:38:17.0187 1184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
06:38:17.0202 1184 CompositeBus - ok
06:38:17.0218 1184 COMSysApp - ok
06:38:17.0233 1184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
06:38:17.0249 1184 crcdisk - ok
06:38:17.0265 1184 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:38:17.0296 1184 CryptSvc - ok
06:38:17.0343 1184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:38:17.0405 1184 DcomLaunch - ok
06:38:17.0436 1184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
06:38:17.0499 1184 defragsvc - ok
06:38:17.0514 1184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:38:17.0577 1184 DfsC - ok
06:38:17.0608 1184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
06:38:17.0670 1184 Dhcp - ok
06:38:17.0686 1184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
06:38:17.0733 1184 discache - ok
06:38:17.0764 1184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
06:38:17.0779 1184 Disk - ok
06:38:17.0795 1184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:38:17.0826 1184 Dnscache - ok
06:38:17.0857 1184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
06:38:17.0920 1184 dot3svc - ok
06:38:17.0920 1184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
06:38:17.0967 1184 DPS - ok
06:38:18.0013 1184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:38:18.0029 1184 drmkaud - ok
06:38:18.0076 1184 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:38:18.0123 1184 DXGKrnl - ok
06:38:18.0123 1184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:38:18.0185 1184 EapHost - ok
06:38:18.0247 1184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
06:38:18.0357 1184 ebdrv - ok
06:38:18.0372 1184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
06:38:18.0419 1184 EFS - ok
06:38:18.0466 1184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:38:18.0513 1184 ehRecvr - ok
06:38:18.0544 1184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
06:38:18.0559 1184 ehSched - ok
06:38:18.0606 1184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
06:38:18.0637 1184 elxstor - ok
06:38:18.0653 1184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:38:18.0669 1184 ErrDev - ok
06:38:18.0715 1184 [ 1299D1EA00B7A4BF69C5869DCA31E0F6 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
06:38:18.0747 1184 ETD - ok
06:38:18.0778 1184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
06:38:18.0840 1184 EventSystem - ok
06:38:18.0856 1184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
06:38:18.0903 1184 exfat - ok
06:38:19.0012 1184 [ 8C89F06DBC239492E0AAAA0B0D8645EA ] FastBootAgent C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
06:38:19.0027 1184 FastBootAgent - ok
06:38:19.0043 1184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:38:19.0105 1184 fastfat - ok
06:38:19.0137 1184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
06:38:19.0199 1184 Fax - ok
06:38:19.0230 1184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
06:38:19.0261 1184 fdc - ok
06:38:19.0277 1184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:38:19.0324 1184 fdPHost - ok
06:38:19.0339 1184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:38:19.0386 1184 FDResPub - ok
06:38:19.0402 1184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:38:19.0417 1184 FileInfo - ok
06:38:19.0433 1184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:38:19.0480 1184 Filetrace - ok
06:38:19.0511 1184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
06:38:19.0527 1184 flpydisk - ok
06:38:19.0542 1184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:38:19.0558 1184 FltMgr - ok
06:38:19.0605 1184 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
06:38:19.0683 1184 FontCache - ok
06:38:19.0729 1184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:38:19.0745 1184 FontCache3.0.0.0 - ok
06:38:19.0745 1184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:38:19.0761 1184 FsDepends - ok
06:38:19.0792 1184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:38:19.0792 1184 Fs_Rec - ok
06:38:19.0839 1184 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:38:19.0854 1184 fvevol - ok
06:38:19.0885 1184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
06:38:19.0901 1184 gagp30kx - ok
06:38:19.0932 1184 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:38:19.0932 1184 GEARAspiWDM - ok
06:38:19.0979 1184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
06:38:20.0026 1184 gpsvc - ok
06:38:20.0041 1184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:38:20.0073 1184 hcw85cir - ok
06:38:20.0104 1184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:38:20.0135 1184 HdAudAddService - ok
06:38:20.0182 1184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
06:38:20.0213 1184 HDAudBus - ok
06:38:20.0229 1184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
06:38:20.0260 1184 HidBatt - ok
06:38:20.0275 1184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
06:38:20.0307 1184 HidBth - ok
06:38:20.0322 1184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
06:38:20.0338 1184 HidIr - ok
06:38:20.0369 1184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
06:38:20.0416 1184 hidserv - ok
06:38:20.0447 1184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:38:20.0463 1184 HidUsb - ok
06:38:20.0478 1184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:38:20.0541 1184 hkmsvc - ok
06:38:20.0556 1184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:38:20.0587 1184 HomeGroupListener - ok
06:38:20.0619 1184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:38:20.0634 1184 HomeGroupProvider - ok
06:38:20.0650 1184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:38:20.0665 1184 HpSAMD - ok
06:38:20.0728 1184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:38:20.0806 1184 HTTP - ok
06:38:20.0821 1184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:38:20.0821 1184 hwpolicy - ok
06:38:20.0853 1184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
06:38:20.0868 1184 i8042prt - ok
06:38:20.0899 1184 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
06:38:20.0915 1184 iaStor - ok
06:38:20.0962 1184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:38:20.0977 1184 iaStorV - ok
06:38:21.0024 1184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:38:21.0071 1184 idsvc - ok
06:38:21.0071 1184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
06:38:21.0087 1184 iirsp - ok
06:38:21.0118 1184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
06:38:21.0196 1184 IKEEXT - ok
06:38:21.0274 1184 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:38:21.0336 1184 IntcAzAudAddService - ok
06:38:21.0352 1184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
06:38:21.0367 1184 intelide - ok
06:38:21.0399 1184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:38:21.0445 1184 intelppm - ok
06:38:21.0461 1184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:38:21.0508 1184 IPBusEnum - ok
06:38:21.0523 1184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:38:21.0555 1184 IpFilterDriver - ok
06:38:21.0570 1184 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:38:21.0633 1184 iphlpsvc - ok
06:38:21.0648 1184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
06:38:21.0664 1184 IPMIDRV - ok
06:38:21.0679 1184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:38:21.0726 1184 IPNAT - ok
06:38:21.0789 1184 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:38:21.0820 1184 iPod Service - ok
06:38:21.0835 1184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:38:21.0882 1184 IRENUM - ok
06:38:21.0898 1184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:38:21.0898 1184 isapnp - ok
06:38:21.0929 1184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
06:38:21.0945 1184 iScsiPrt - ok
06:38:21.0960 1184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:38:21.0976 1184 kbdclass - ok
06:38:21.0991 1184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
06:38:22.0007 1184 kbdhid - ok
06:38:22.0038 1184 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
06:38:22.0054 1184 kbfiltr - ok
06:38:22.0069 1184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
06:38:22.0069 1184 KeyIso - ok
06:38:22.0101 1184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:38:22.0116 1184 KSecDD - ok
06:38:22.0132 1184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:38:22.0147 1184 KSecPkg - ok
06:38:22.0163 1184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:38:22.0210 1184 ksthunk - ok
06:38:22.0241 1184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
06:38:22.0288 1184 KtmRm - ok
06:38:22.0319 1184 [ 2377EC4CC3E356655B996F39B43486B6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
06:38:22.0350 1184 L1C - ok
06:38:22.0381 1184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
06:38:22.0428 1184 LanmanServer - ok
06:38:22.0459 1184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:38:22.0506 1184 LanmanWorkstation - ok
06:38:22.0537 1184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:38:22.0600 1184 lltdio - ok
06:38:22.0615 1184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:38:22.0662 1184 lltdsvc - ok
06:38:22.0693 1184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:38:22.0740 1184 lmhosts - ok
06:38:22.0771 1184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
06:38:22.0787 1184 LSI_FC - ok
06:38:22.0818 1184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
06:38:22.0834 1184 LSI_SAS - ok
06:38:22.0834 1184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
06:38:22.0849 1184 LSI_SAS2 - ok
06:38:22.0865 1184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
06:38:22.0881 1184 LSI_SCSI - ok
06:38:22.0912 1184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
06:38:22.0959 1184 luafv - ok
06:38:23.0005 1184 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
06:38:23.0021 1184 MBAMProtector - ok
06:38:23.0083 1184 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:38:23.0099 1184 MBAMScheduler - ok
06:38:23.0115 1184 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:38:23.0146 1184 MBAMService - ok
06:38:23.0161 1184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:38:23.0193 1184 Mcx2Svc - ok
06:38:23.0224 1184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
06:38:23.0224 1184 megasas - ok
06:38:23.0255 1184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
06:38:23.0271 1184 MegaSR - ok
06:38:23.0302 1184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
06:38:23.0364 1184 MMCSS - ok
06:38:23.0380 1184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:38:23.0427 1184 Modem - ok
06:38:23.0442 1184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:38:23.0473 1184 monitor - ok
06:38:23.0489 1184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:38:23.0505 1184 mouclass - ok
06:38:23.0520 1184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:38:23.0551 1184 mouhid - ok
06:38:23.0567 1184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:38:23.0583 1184 mountmgr - ok
06:38:23.0629 1184 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:38:23.0645 1184 MozillaMaintenance - ok
06:38:23.0645 1184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
06:38:23.0661 1184 mpio - ok
06:38:23.0676 1184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:38:23.0707 1184 mpsdrv - ok
06:38:23.0754 1184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:38:23.0817 1184 MpsSvc - ok
06:38:23.0832 1184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:38:23.0863 1184 MRxDAV - ok
06:38:23.0895 1184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:38:23.0941 1184 mrxsmb - ok
06:38:23.0957 1184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:38:23.0973 1184 mrxsmb10 - ok
06:38:23.0973 1184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:38:23.0988 1184 mrxsmb20 - ok
06:38:24.0004 1184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
06:38:24.0019 1184 msahci - ok
06:38:24.0035 1184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:38:24.0051 1184 msdsm - ok
06:38:24.0082 1184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
06:38:24.0097 1184 MSDTC - ok
06:38:24.0113 1184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:38:24.0160 1184 Msfs - ok
06:38:24.0175 1184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:38:24.0222 1184 mshidkmdf - ok
06:38:24.0238 1184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:38:24.0253 1184 msisadrv - ok
06:38:24.0300 1184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:38:24.0347 1184 MSiSCSI - ok
06:38:24.0347 1184 msiserver - ok
06:38:24.0394 1184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:38:24.0441 1184 MSKSSRV - ok
06:38:24.0456 1184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:38:24.0519 1184 MSPCLOCK - ok
06:38:24.0519 1184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:38:24.0550 1184 MSPQM - ok
06:38:24.0581 1184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:38:24.0597 1184 MsRPC - ok
06:38:24.0612 1184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:38:24.0628 1184 mssmbios - ok
06:38:24.0628 1184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:38:24.0675 1184 MSTEE - ok
06:38:24.0690 1184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
06:38:24.0721 1184 MTConfig - ok
06:38:24.0753 1184 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
06:38:24.0768 1184 MTsensor - ok
06:38:24.0784 1184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:38:24.0799 1184 Mup - ok
06:38:24.0815 1184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
06:38:24.0877 1184 napagent - ok
06:38:24.0924 1184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:38:24.0955 1184 NativeWifiP - ok
06:38:25.0002 1184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:38:25.0049 1184 NDIS - ok
06:38:25.0065 1184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:38:25.0111 1184 NdisCap - ok
06:38:25.0127 1184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:38:25.0158 1184 NdisTapi - ok
06:38:25.0174 1184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:38:25.0221 1184 Ndisuio - ok
06:38:25.0236 1184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:38:25.0283 1184 NdisWan - ok
06:38:25.0283 1184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:38:25.0330 1184 NDProxy - ok
06:38:25.0345 1184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:38:25.0377 1184 NetBIOS - ok
06:38:25.0408 1184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:38:25.0455 1184 NetBT - ok
06:38:25.0455 1184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
06:38:25.0470 1184 Netlogon - ok
06:38:25.0501 1184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
06:38:25.0564 1184 Netman - ok
06:38:25.0564 1184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
06:38:25.0611 1184 netprofm - ok
06:38:25.0642 1184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:38:25.0657 1184 NetTcpPortSharing - ok
06:38:25.0689 1184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
06:38:25.0704 1184 nfrd960 - ok
06:38:25.0720 1184 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:38:25.0767 1184 NlaSvc - ok
06:38:25.0782 1184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:38:25.0813 1184 Npfs - ok
06:38:25.0829 1184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:38:25.0876 1184 nsi - ok
06:38:25.0891 1184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:38:25.0938 1184 nsiproxy - ok
06:38:25.0985 1184 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:38:26.0032 1184 Ntfs - ok
06:38:26.0047 1184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
06:38:26.0094 1184 Null - ok
06:38:26.0313 1184 [ 0D3F6E25C658530A2AD4B648849F1483 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:38:26.0609 1184 nvlddmkm - ok
06:38:26.0640 1184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:38:26.0656 1184 nvraid - ok
06:38:26.0671 1184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:38:26.0687 1184 nvstor - ok
06:38:26.0718 1184 [ 7DD5A1A53BB2D1B1B85C9C543D05E222 ] nvsvc C:\Windows\system32\nvvsvc.exe
06:38:26.0734 1184 nvsvc - ok
06:38:26.0765 1184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:38:26.0781 1184 nv_agp - ok
06:38:26.0812 1184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
06:38:26.0827 1184 ohci1394 - ok
06:38:26.0859 1184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:38:26.0905 1184 p2pimsvc - ok
06:38:26.0937 1184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:38:26.0952 1184 p2psvc - ok
06:38:26.0968 1184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
06:38:26.0999 1184 Parport - ok
06:38:27.0030 1184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:38:27.0046 1184 partmgr - ok
06:38:27.0046 1184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:38:27.0093 1184 PcaSvc - ok
06:38:27.0093 1184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
06:38:27.0108 1184 pci - ok
06:38:27.0124 1184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
06:38:27.0139 1184 pciide - ok
06:38:27.0155 1184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
06:38:27.0171 1184 pcmcia - ok
06:38:27.0186 1184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:38:27.0186 1184 pcw - ok
06:38:27.0217 1184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:38:27.0280 1184 PEAUTH - ok
06:38:27.0311 1184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:38:27.0342 1184 PerfHost - ok
06:38:27.0405 1184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
06:38:27.0498 1184 pla - ok
06:38:27.0545 1184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:38:27.0576 1184 PlugPlay - ok
06:38:27.0592 1184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:38:27.0623 1184 PNRPAutoReg - ok
06:38:27.0639 1184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:38:27.0654 1184 PNRPsvc - ok
06:38:27.0685 1184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:38:27.0748 1184 PolicyAgent - ok
06:38:27.0763 1184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
06:38:27.0810 1184 Power - ok
06:38:27.0841 1184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:38:27.0888 1184 PptpMiniport - ok
06:38:27.0919 1184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
06:38:27.0935 1184 Processor - ok
06:38:27.0966 1184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
06:38:28.0013 1184 ProfSvc - ok
06:38:28.0029 1184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:38:28.0044 1184 ProtectedStorage - ok
06:38:28.0075 1184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:38:28.0122 1184 Psched - ok
06:38:28.0169 1184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
06:38:28.0231 1184 ql2300 - ok
06:38:28.0263 1184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
06:38:28.0278 1184 ql40xx - ok
06:38:28.0309 1184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
06:38:28.0356 1184 QWAVE - ok
06:38:28.0356 1184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:38:28.0387 1184 QWAVEdrv - ok
06:38:28.0403 1184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:38:28.0450 1184 RasAcd - ok
06:38:28.0497 1184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:38:28.0528 1184 RasAgileVpn - ok
06:38:28.0543 1184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
06:38:28.0590 1184 RasAuto - ok
06:38:28.0621 1184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:38:28.0668 1184 Rasl2tp - ok
06:38:28.0684 1184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
06:38:28.0731 1184 RasMan - ok
06:38:28.0731 1184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:38:28.0777 1184 RasPppoe - ok
06:38:28.0793 1184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:38:28.0840 1184 RasSstp - ok
06:38:28.0871 1184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:38:28.0918 1184 rdbss - ok
06:38:28.0933 1184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
06:38:28.0949 1184 rdpbus - ok
06:38:28.0965 1184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:38:29.0011 1184 RDPCDD - ok
06:38:29.0027 1184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:38:29.0074 1184 RDPENCDD - ok
06:38:29.0074 1184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:38:29.0121 1184 RDPREFMP - ok
06:38:29.0136 1184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:38:29.0167 1184 RDPWD - ok
06:38:29.0199 1184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:38:29.0214 1184 rdyboost - ok
06:38:29.0230 1184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:38:29.0277 1184 RemoteAccess - ok
06:38:29.0308 1184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:38:29.0370 1184 RemoteRegistry - ok
06:38:29.0386 1184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:38:29.0433 1184 RpcEptMapper - ok
06:38:29.0464 1184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
06:38:29.0479 1184 RpcLocator - ok
06:38:29.0511 1184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
06:38:29.0557 1184 RpcSs - ok
06:38:29.0604 1184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:38:29.0635 1184 rspndr - ok
06:38:29.0651 1184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
06:38:29.0651 1184 SamSs - ok
06:38:29.0667 1184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:38:29.0682 1184 sbp2port - ok
06:38:29.0698 1184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:38:29.0745 1184 SCardSvr - ok
06:38:29.0760 1184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:38:29.0791 1184 scfilter - ok
06:38:29.0838 1184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
06:38:29.0916 1184 Schedule - ok
06:38:29.0947 1184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:38:29.0979 1184 SCPolicySvc - ok
06:38:29.0994 1184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:38:30.0025 1184 SDRSVC - ok
06:38:30.0072 1184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:38:30.0119 1184 secdrv - ok
06:38:30.0135 1184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
06:38:30.0166 1184 seclogon - ok
06:38:30.0181 1184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
06:38:30.0228 1184 SENS - ok
06:38:30.0244 1184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:38:30.0291 1184 SensrSvc - ok
06:38:30.0322 1184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
06:38:30.0353 1184 Serenum - ok
06:38:30.0369 1184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
06:38:30.0400 1184 Serial - ok
06:38:30.0415 1184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
06:38:30.0447 1184 sermouse - ok
06:38:30.0462 1184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
06:38:30.0525 1184 SessionEnv - ok
06:38:30.0556 1184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:38:30.0571 1184 sffdisk - ok
06:38:30.0587 1184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:38:30.0603 1184 sffp_mmc - ok
06:38:30.0618 1184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:38:30.0649 1184 sffp_sd - ok
06:38:30.0649 1184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
06:38:30.0665 1184 sfloppy - ok
06:38:30.0681 1184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:38:30.0743 1184 SharedAccess - ok
06:38:30.0774 1184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:38:30.0837 1184 ShellHWDetection - ok
06:38:30.0868 1184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
06:38:30.0883 1184 SiSRaid2 - ok
06:38:30.0883 1184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
06:38:30.0899 1184 SiSRaid4 - ok
06:38:30.0930 1184 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
06:38:30.0946 1184 SkypeUpdate - ok
06:38:30.0961 1184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:38:31.0008 1184 Smb - ok
06:38:31.0055 1184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:38:31.0086 1184 SNMPTRAP - ok
06:38:31.0149 1184 [ 1D8474722CDFFBB8FCA5FA12C50A05A2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
06:38:31.0211 1184 SNP2UVC - ok
06:38:31.0227 1184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:38:31.0242 1184 spldr - ok
06:38:31.0273 1184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
06:38:31.0305 1184 Spooler - ok
06:38:31.0398 1184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
06:38:31.0507 1184 sppsvc - ok
06:38:31.0523 1184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:38:31.0570 1184 sppuinotify - ok
06:38:31.0601 1184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
06:38:31.0648 1184 srv - ok
06:38:31.0663 1184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:38:31.0679 1184 srv2 - ok
06:38:31.0695 1184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:38:31.0710 1184 srvnet - ok
06:38:31.0741 1184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:38:31.0788 1184 SSDPSRV - ok
06:38:31.0804 1184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:38:31.0835 1184 SstpSvc - ok
06:38:31.0882 1184 Steam Client Service - ok
06:38:31.0913 1184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
06:38:31.0929 1184 stexstor - ok
06:38:31.0960 1184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
06:38:31.0991 1184 stisvc - ok
06:38:32.0007 1184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:38:32.0007 1184 swenum - ok
06:38:32.0038 1184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
06:38:32.0085 1184 swprv - ok
06:38:32.0131 1184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
06:38:32.0209 1184 SysMain - ok
06:38:32.0225 1184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:38:32.0241 1184 TabletInputService - ok
06:38:32.0256 1184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:38:32.0303 1184 TapiSrv - ok
06:38:32.0319 1184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
06:38:32.0350 1184 TBS - ok
06:38:32.0412 1184 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:38:32.0475 1184 Tcpip - ok
06:38:32.0506 1184 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:38:32.0553 1184 TCPIP6 - ok
06:38:32.0568 1184 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:38:32.0615 1184 tcpipreg - ok
06:38:32.0631 1184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:38:32.0677 1184 TDPIPE - ok
06:38:32.0709 1184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:38:32.0724 1184 TDTCP - ok
06:38:32.0740 1184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:38:32.0787 1184 tdx - ok
06:38:32.0802 1184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:38:32.0818 1184 TermDD - ok
06:38:32.0849 1184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
06:38:32.0896 1184 TermService - ok
06:38:32.0911 1184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
06:38:32.0943 1184 Themes - ok
06:38:32.0943 1184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
06:38:32.0989 1184 THREADORDER - ok
06:38:33.0005 1184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
06:38:33.0052 1184 TrkWks - ok
06:38:33.0114 1184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:38:33.0161 1184 TrustedInstaller - ok
06:38:33.0177 1184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:38:33.0223 1184 tssecsrv - ok
06:38:33.0239 1184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:38:33.0255 1184 TsUsbFlt - ok
06:38:33.0270 1184 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
06:38:33.0286 1184 TsUsbGD - ok
06:38:33.0317 1184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:38:33.0364 1184 tunnel - ok
06:38:33.0395 1184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
06:38:33.0411 1184 uagp35 - ok
06:38:33.0426 1184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:38:33.0473 1184 udfs - ok
06:38:33.0504 1184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:38:33.0535 1184 UI0Detect - ok
06:38:33.0551 1184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:38:33.0567 1184 uliagpkx - ok
06:38:33.0582 1184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:38:33.0613 1184 umbus - ok
06:38:33.0629 1184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
06:38:33.0660 1184 UmPass - ok
06:38:33.0691 1184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
06:38:33.0738 1184 upnphost - ok
06:38:33.0769 1184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:38:33.0816 1184 usbccgp - ok
06:38:33.0847 1184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:38:33.0863 1184 usbcir - ok
06:38:33.0879 1184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:38:33.0910 1184 usbehci - ok
06:38:33.0941 1184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:38:33.0988 1184 usbhub - ok
06:38:34.0003 1184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:38:34.0019 1184 usbohci - ok
06:38:34.0035 1184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
06:38:34.0066 1184 usbprint - ok
06:38:34.0081 1184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:38:34.0128 1184 USBSTOR - ok
06:38:34.0144 1184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
06:38:34.0175 1184 usbuhci - ok
06:38:34.0206 1184 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
06:38:34.0222 1184 usbvideo - ok
06:38:34.0253 1184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
06:38:34.0300 1184 UxSms - ok
06:38:34.0315 1184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
06:38:34.0331 1184 VaultSvc - ok
06:38:34.0362 1184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:38:34.0378 1184 vdrvroot - ok
06:38:34.0393 1184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
06:38:34.0456 1184 vds - ok
06:38:34.0471 1184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:38:34.0487 1184 vga - ok
06:38:34.0487 1184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
06:38:34.0534 1184 VgaSave - ok
06:38:34.0565 1184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
06:38:34.0581 1184 vhdmp - ok
06:38:34.0581 1184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
06:38:34.0596 1184 viaide - ok
06:38:34.0612 1184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:38:34.0627 1184 volmgr - ok
06:38:34.0627 1184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:38:34.0659 1184 volmgrx - ok
06:38:34.0659 1184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:38:34.0674 1184 volsnap - ok
06:38:34.0705 1184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
06:38:34.0721 1184 vsmraid - ok
06:38:34.0768 1184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
06:38:34.0861 1184 VSS - ok
06:38:34.0877 1184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
06:38:34.0908 1184 vwifibus - ok
06:38:34.0924 1184 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:38:34.0955 1184 vwififlt - ok
06:38:34.0986 1184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
06:38:35.0033 1184 W32Time - ok
06:38:35.0064 1184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
06:38:35.0095 1184 WacomPen - ok
06:38:35.0111 1184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:38:35.0158 1184 WANARP - ok
06:38:35.0173 1184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:38:35.0205 1184 Wanarpv6 - ok
06:38:35.0251 1184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
06:38:35.0329 1184 wbengine - ok
06:38:35.0361 1184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:38:35.0392 1184 WbioSrvc - ok
06:38:35.0407 1184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:38:35.0454 1184 wcncsvc - ok
06:38:35.0470 1184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:38:35.0517 1184 WcsPlugInService - ok
06:38:35.0532 1184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
06:38:35.0532 1184 Wd - ok
06:38:35.0563 1184 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:38:35.0595 1184 Wdf01000 - ok
06:38:35.0610 1184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:38:35.0688 1184 WdiServiceHost - ok
06:38:35.0704 1184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:38:35.0719 1184 WdiSystemHost - ok
06:38:35.0735 1184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
06:38:35.0766 1184 WebClient - ok
06:38:35.0782 1184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:38:35.0844 1184 Wecsvc - ok
06:38:35.0844 1184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:38:35.0907 1184 wercplsupport - ok
06:38:35.0922 1184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:38:35.0969 1184 WerSvc - ok
06:38:35.0985 1184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:38:36.0016 1184 WfpLwf - ok
06:38:36.0063 1184 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
06:38:36.0078 1184 WimFltr - ok
06:38:36.0078 1184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:38:36.0094 1184 WIMMount - ok
06:38:36.0109 1184 WinDefend - ok
06:38:36.0125 1184 WinHttpAutoProxySvc - ok
06:38:36.0187 1184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:38:36.0234 1184 Winmgmt - ok
06:38:36.0297 1184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
06:38:36.0375 1184 WinRM - ok
06:38:36.0421 1184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
06:38:36.0484 1184 Wlansvc - ok
06:38:36.0515 1184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:38:36.0531 1184 WmiAcpi - ok
06:38:36.0562 1184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:38:36.0593 1184 wmiApSrv - ok
06:38:36.0624 1184 WMPNetworkSvc - ok
06:38:36.0655 1184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:38:36.0687 1184 WPCSvc - ok
06:38:36.0687 1184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:38:36.0718 1184 WPDBusEnum - ok
06:38:36.0749 1184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:38:36.0780 1184 ws2ifsl - ok
06:38:36.0796 1184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
06:38:36.0827 1184 wscsvc - ok
06:38:36.0827 1184 WSearch - ok
06:38:36.0905 1184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:38:36.0983 1184 wuauserv - ok
06:38:36.0999 1184 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:38:37.0045 1184 WudfPf - ok
06:38:37.0077 1184 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:38:37.0123 1184 WUDFRd - ok
06:38:37.0139 1184 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:38:37.0186 1184 wudfsvc - ok
06:38:37.0201 1184 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
06:38:37.0233 1184 WwanSvc - ok
06:38:37.0279 1184 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
06:38:37.0295 1184 xusb21 - ok
06:38:37.0311 1184 ================ Scan global ===============================
06:38:37.0342 1184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:38:37.0373 1184 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
06:38:37.0373 1184 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
06:38:37.0404 1184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:38:37.0420 1184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:38:37.0420 1184 [Global] - ok
06:38:37.0420 1184 ================ Scan MBR ==================================
06:38:37.0435 1184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:38:37.0794 1184 \Device\Harddisk0\DR0 - ok
06:38:37.0810 1184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
06:38:37.0997 1184 \Device\Harddisk1\DR1 - ok
06:38:37.0997 1184 ================ Scan VBR ==================================
06:38:37.0997 1184 [ BF2F148DBA25FF01B29F1DC665271B0C ] \Device\Harddisk0\DR0\Partition1
06:38:38.0013 1184 \Device\Harddisk0\DR0\Partition1 - ok
06:38:38.0013 1184 [ 2322949A9532C55845DD8634D3414A2E ] \Device\Harddisk0\DR0\Partition2
06:38:38.0013 1184 \Device\Harddisk0\DR0\Partition2 - ok
06:38:38.0044 1184 [ C60255F5BA90491D014E76BFC89083FC ] \Device\Harddisk0\DR0\Partition3
06:38:38.0044 1184 \Device\Harddisk0\DR0\Partition3 - ok
06:38:38.0059 1184 [ B82D65A0F4912FE749BC4EA68E083CCD ] \Device\Harddisk1\DR1\Partition1
06:38:38.0059 1184 \Device\Harddisk1\DR1\Partition1 - ok
06:38:38.0059 1184 ============================================================
06:38:38.0059 1184 Scan finished
06:38:38.0059 1184 ============================================================
06:38:38.0075 1892 Detected object count: 1
06:38:38.0075 1892 Actual detected object count: 1
06:39:00.0102 1892 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
06:39:00.0102 1892 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.10.2012, 14:35
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bka - Trojaner Problem Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 15:27
| #24 |
| | Bka - Trojaner ProblemCode:
ATTFilter ComboFix 12-10-09.01 - BERNADETTE 09.10.2012 16:17:03.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.3091 [GMT 2:00]
ausgeführt von:: c:\users\BERNADETTE\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-09 bis 2012-10-09 ))))))))))))))))))))))))))))))
.
.
2012-10-09 14:21 . 2012-10-09 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-08 17:15 . 2012-10-08 17:15 -------- d-----w- C:\_OTL
2012-10-08 12:59 . 2012-10-08 12:59 -------- d-----w- c:\program files (x86)\7-Zip
2012-10-05 14:51 . 2012-10-05 14:51 -------- d-----w- c:\program files (x86)\ESET
2012-10-04 18:21 . 2012-10-04 18:21 -------- d-----w- c:\users\BERNADETTE\AppData\Roaming\Malwarebytes
2012-10-04 18:21 . 2012-10-04 18:21 -------- d-----w- c:\programdata\Malwarebytes
2012-10-04 18:21 . 2012-10-04 18:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-04 18:21 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-04 18:08 . 2012-10-04 18:08 -------- d-----w- c:\users\BERNADETTE\AppData\Roaming\Avira
2012-10-04 18:05 . 2012-10-01 15:14 129576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-04 18:05 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-04 18:05 . 2012-09-13 13:52 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-04 18:05 . 2012-10-04 18:05 -------- d-----w- c:\programdata\Avira
2012-10-04 18:05 . 2012-10-04 18:05 -------- d-----w- c:\program files (x86)\Avira
2012-10-04 17:10 . 2012-09-30 10:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92C94A27-1202-4A60-ABF5-D89B7FF52AA1}\offreg.dll
2012-09-30 10:17 . 2012-09-30 10:17 -------- d-----w- c:\users\BERNADETTE\AppData\Roaming\Notepad++
2012-09-30 10:17 . 2012-09-30 10:17 -------- d-----w- c:\program files (x86)\Notepad++
2012-09-29 06:37 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-29 06:36 . 2012-09-29 06:37 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-29 06:36 . 2012-09-29 06:37 -------- d-----w- c:\program files\iTunes
2012-09-29 06:36 . 2012-09-29 06:37 -------- d-----w- c:\program files (x86)\iTunes
2012-09-29 06:36 . 2012-09-29 06:36 -------- d-----w- c:\program files\iPod
2012-09-29 06:36 . 2012-09-30 08:19 -------- d-----w- c:\users\BERNADETTE\AppData\Roaming\Apple Computer
2012-09-29 06:36 . 2012-09-29 06:36 -------- d-----w- c:\users\BERNADETTE\AppData\Local\Apple Computer
2012-09-22 13:26 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92C94A27-1202-4A60-ABF5-D89B7FF52AA1}\mpengine.dll
2012-09-18 00:15 . 2012-09-18 00:15 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-16 17:10 . 2012-09-16 17:10 -------- d-----w- c:\users\BERNADETTE\AppData\Local\Adobe
2012-09-14 15:27 . 2012-09-14 15:47 -------- d-----w- c:\users\BERNADETTE\AppData\Roaming\vlc
2012-09-12 14:59 . 2012-09-12 15:36 -------- d-----w- c:\users\BERNADETTE\AppData\Roaming\Skype
2012-09-12 11:28 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 11:28 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 11:28 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 11:28 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 11:28 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 11:28 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 11:28 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 15:27 . 2012-08-25 14:37 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-28 18:07 . 2012-08-28 18:07 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 18:07 . 2012-08-28 18:07 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 17:31 . 2012-08-28 17:31 3054136 ----a-w- c:\windows\AsScrPro.exe
2012-08-21 11:01 . 2012-08-28 20:11 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-08-28 20:11 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-24 18:52 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\BERNADETTE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\BERNADETTE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\BERNADETTE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2012-8-28 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-12-03 00:34 35184 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2012-08-28 17:31 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Media\DMedia.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-23 306232]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 53681906
*Deregistered* - 53681906
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\BERNADETTE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\BERNADETTE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\BERNADETTE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\BERNADETTE\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\BERNADETTE\AppData\Roaming\Mozilla\Firefox\Profiles\pxbxa4bj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-ADSMTray - c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSConfigStartUp-ASUS Camera ScreenSaver - c:\windows\AsScrProlog.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
Zeit der Fertigstellung: 2012-10-09 16:23:51
ComboFix-quarantined-files.txt 2012-10-09 14:23
.
Vor Suchlauf: 10 Verzeichnis(se), 118.997.123.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 118.875.361.280 Bytes frei
.
- - End Of File - - 40BC9A712E594E9B35E455460442F7E8
|
|
09.10.2012, 16:13
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bka - Trojaner Problem Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 19:41
| #26 |
| | Bka - Trojaner Problem GMER hat nichts gefunden, die log habe ich auch nicht gefunden. OSAM log Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:39:45 on 09.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP64" (ASMMAP64) - ? - C:\Program Files\ATKGFNEX\ASMMAP64.sys "avgntflt" (avgntflt) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avkmgr.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "SRS Premium Sound.lnk" - "SRS Labs, Inc." - C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe "Avira Echtzeit-Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FastBootAgent" (FastBootAgent) - "ASUSTeK Computer Inc." - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 20:42:35
-----------------------------
20:42:35.450 OS Version: Windows x64 6.1.7601 Service Pack 1
20:42:35.450 Number of processors: 2 586 0x170A
20:42:35.450 ComputerName: BERNADETTE UserName: BERNADETTE
20:42:36.496 Initialize success
20:43:35.833 AVAST engine defs: 12100900
20:44:34.739 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:44:34.739 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
20:44:34.754 Disk 0 MBR read successfully
20:44:34.754 Disk 0 MBR scan
20:44:34.754 Disk 0 Windows 7 default MBR code
20:44:34.754 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:44:34.770 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 164078 MB offset 206848
20:44:34.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141064 MB offset 336238592
20:44:34.817 Disk 0 scanning C:\Windows\system32\drivers
20:44:41.291 Service scanning
20:44:56.438 Modules scanning
20:44:56.438 Disk 0 trace - called modules:
20:44:56.469 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:44:56.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c295e0]
20:44:56.485 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80046e55d0]
20:44:56.501 5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ea050]
20:44:57.780 AVAST engine scan C:\Windows
20:45:00.151 AVAST engine scan C:\Windows\system32
20:47:23.080 AVAST engine scan C:\Windows\system32\drivers
20:47:37.698 AVAST engine scan C:\Users\BERNADETTE
20:48:05.700 AVAST engine scan C:\ProgramData
20:48:19.568 Scan finished successfully
20:48:36.635 Disk 0 MBR has been saved successfully to "C:\Users\BERNADETTE\Documents\MBR.dat"
20:48:36.650 The log file has been saved successfully to "C:\Users\BERNADETTE\Documents\aswMBR.txt"
|
|
09.10.2012, 20:09
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bka - Trojaner Problem Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (09.10.2012 um 20:26 Uhr) |
|
09.10.2012, 20:20
| #28 |
| | Bka - Trojaner Problem das hatten wir bereit, die logs sind oben ;-) |
|
09.10.2012, 20:26
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bka - Trojaner Problem Sry hab mich verklickt, Korrektur ist gemacht 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 21:44
| #30 |
| | Bka - Trojaner ProblemCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.09.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 BERNADETTE :: BERNADETTE [Administrator] Schutz: Aktiviert 09.10.2012 21:56:44 mbam-log-2012-10-09 (21-56-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 280828 Laufzeit: 16 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/09/2012 at 10:36 PM
Application Version : 5.6.1008
Core Rules Database Version : 9370
Trace Rules Database Version: 7182
Scan type : Complete Scan
Total Scan Time : 00:19:03
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 536
Memory threats detected : 0
Registry items scanned : 69347
Registry threats detected : 0
File items scanned : 35758
File threats detected : 39
Adware.Tracking Cookie
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\OR8M0ONY.txt [ /mediaplex.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\6KM45B81.txt [ /zanox.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\EI7NHUOD.txt [ /advertising.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\NYE9NZ19.txt [ /doubleclick.net ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\WGOGR8YW.txt [ /c.atdmt.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\6D8F24R3.txt [ /imrworldwide.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\J8EN3Q4H.txt [ /ad1.adfarm1.adition.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\BA0VW8FL.txt [ /apmebf.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\5S3GJA30.txt [ /invitemedia.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\MHJ21315.txt [ /tradedoubler.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\VBXP9F2R.txt [ /ad.yieldmanager.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\17BVBCR1.txt [ /media.photobucket.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\WOLXSGKX.txt [ /ads.pubmatic.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\D9XEBUPV.txt [ /atdmt.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\2CANDKA8.txt [ /adfarm1.adition.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\CLLG1Z9K.txt [ /ad.zanox.com ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\P5KWAYFB.txt [ /fastclick.net ]
C:\Users\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\JQNB4Q5K.txt [ /ru4.com ]
C:\USERS\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\QW3H2O92.txt [ Cookie:bernadette@adsonar.com/adserving ]
C:\USERS\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5MKM3B7M.txt [ Cookie:bernadette@doubleclick.net/ ]
C:\USERS\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YXXZH50D.txt [ Cookie:bernadette@apmebf.com/ ]
C:\USERS\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\05BXW9R8.txt [ Cookie:bernadette@ad.yieldmanager.com/ ]
C:\USERS\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJF42876.txt [ Cookie:bernadette@fl01.ct2.comclick.com/ ]
C:\USERS\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\EXGKL2ND.txt [ Cookie:bernadette@atdmt.com/ ]
C:\USERS\BERNADETTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\MGJ3PZ54.txt [ Cookie:bernadette@adfarm1.adition.com/ ]
C:\USERS\BERNADETTE\Cookies\OR8M0ONY.txt [ Cookie:bernadette@mediaplex.com/ ]
C:\USERS\BERNADETTE\Cookies\6KM45B81.txt [ Cookie:bernadette@zanox.com/ ]
C:\USERS\BERNADETTE\Cookies\EI7NHUOD.txt [ Cookie:bernadette@advertising.com/ ]
C:\USERS\BERNADETTE\Cookies\NYE9NZ19.txt [ Cookie:bernadette@doubleclick.net/ ]
C:\USERS\BERNADETTE\Cookies\WGOGR8YW.txt [ Cookie:bernadette@c.atdmt.com/ ]
C:\USERS\BERNADETTE\Cookies\6D8F24R3.txt [ Cookie:bernadette@imrworldwide.com/cgi-bin ]
C:\USERS\BERNADETTE\Cookies\J8EN3Q4H.txt [ Cookie:bernadette@ad1.adfarm1.adition.com/ ]
C:\USERS\BERNADETTE\Cookies\BA0VW8FL.txt [ Cookie:bernadette@apmebf.com/ ]
C:\USERS\BERNADETTE\Cookies\MHJ21315.txt [ Cookie:bernadette@tradedoubler.com/ ]
C:\USERS\BERNADETTE\Cookies\VBXP9F2R.txt [ Cookie:bernadette@ad.yieldmanager.com/ ]
C:\USERS\BERNADETTE\Cookies\D9XEBUPV.txt [ Cookie:bernadette@atdmt.com/ ]
C:\USERS\BERNADETTE\Cookies\2CANDKA8.txt [ Cookie:bernadette@adfarm1.adition.com/ ]
C:\USERS\BERNADETTE\Cookies\CLLG1Z9K.txt [ Cookie:bernadette@ad.zanox.com/ ]
C:\USERS\BERNADETTE\Cookies\QW3H2O92.txt [ Cookie:bernadette@adsonar.com/adserving ]
|
|
| Themen zu Bka - Trojaner Problem |
| abgesicherte, abgesicherten, abgesicherten modus, betriebssystem, bka - trojaner, bka trojaner, bka-trojaner, compu, computer, ellung, knapp, kumpel, modus, nicht sicher, proble, problem, schei, seite, sofort, systemwiederherstellung, troja, trojaner, trojaner problem, win, win 7, wirklich |
Linear-Darstellung
