Windows 7 Pro Verschlüsselungstrojaner

cosinus · 18.10.2012, 12:56

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Bong · 18.10.2012, 16:19

Also der Rechner bootet ganz normal, auch im Startmenü keine Auffälligkeiten. Desktop ist bis auf OTL, adw etc genau wie vorher.
Alle Files, Folders etc sind vorhanden, Programme starten wie gehabt.

cosinus · 18.10.2012, 16:20

Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Bong · 18.10.2012, 16:42

Soll ich das im Safe Mode oder ganz normal machen?

So, ich hab den Scan jetzt mal im Normalen Modus ausgeführt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18/10/2012 18:45:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000140C | Country: Luxembourg | Language: FRL | Date Format: dd/MM/yyyy
 
3,43 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 73,29% Memory free
6,87 Gb Paging File | 5,86 Gb Available in Paging File | 85,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,81 Gb Total Space | 124,40 Gb Free Space | 41,77% Space Free | Partition Type: NTFS
 
Computer Name: STATION01 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/12 17:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/08/09 09:20:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/09 10:44:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/09 10:44:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/09 10:44:27 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/11/14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/26 02:14:10 | 000,053,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LBTWiz.exe
PRC - [2010/06/22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/06/14 00:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
PRC - [2009/11/04 23:46:40 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 23:46:38 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/04 23:46:30 | 001,098,264 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/23 16:16:12 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2005/09/06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/11 13:50:51 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/08/11 13:50:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/12 12:39:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/12 12:39:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/12 12:39:53 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/12 12:39:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/11/14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2009/05/18 10:55:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/05/18 10:55:44 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/05/18 10:55:44 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/09/19 15:26:15 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/08 12:25:03 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/09 10:44:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 10:44:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/17 16:59:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/14 00:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/04 23:46:40 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 23:46:38 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/23 16:16:12 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/09/06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/05/09 10:44:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 10:44:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/07/02 14:21:18 | 010,993,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/01/12 16:24:00 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/12/10 09:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 23:50:46 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2003/07/11 15:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.lu/
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 34 61 90 16 CF CA 01  [binary data]
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes,DefaultScope = {9009733B-8683-4B13-9C08-5B4378D967C8}
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{9009733B-8683-4B13-9C08-5B4378D967C8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/19 15:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/25 14:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/05/02 03:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\snipb2ir.default\extensions
[2012/03/15 12:57:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\snipb2ir.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/25 14:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/19 15:26:15 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/19 15:26:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/19 15:26:14 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/10/13 03:08:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D81D153-0A2A-41E5-8E83-621BFAD54993}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8da25799-3b42-11df-a0ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8da25799-3b42-11df-a0ee-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/18 17:16:03 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BMW
[2012/10/14 21:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/14 21:33:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/10/14 21:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/14 21:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/14 21:33:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/14 21:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/14 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Diagnostics
[2012/10/13 03:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/12 18:56:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/09/19 01:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/19 01:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/18 18:48:27 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 18:48:27 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 18:45:33 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/18 18:45:33 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/18 18:41:15 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/18 18:41:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/18 18:41:06 | 2765,991,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/18 13:24:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 13:07:02 | 000,538,941 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012/10/14 21:33:09 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/13 03:08:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/12 17:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/09/21 15:16:37 | 000,001,105 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/09/19 01:29:40 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/18 23:36:09 | 001,471,414 | ---- | M] () -- C:\Users\User\Documents\IMG_1673.JPG
 
========== Files Created - No Company Name ==========
 
[2012/10/17 13:06:43 | 000,538,941 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012/10/14 21:33:09 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/18 23:51:43 | 001,923,849 | ---- | C] () -- C:\Users\User\Documents\IMG_1743.JPG
[2012/09/18 23:51:43 | 001,854,024 | ---- | C] () -- C:\Users\User\Documents\IMG_1745.JPG
[2012/09/18 23:51:43 | 001,830,059 | ---- | C] () -- C:\Users\User\Documents\IMG_1744.JPG
[2012/09/18 23:51:42 | 001,935,569 | ---- | C] () -- C:\Users\User\Documents\IMG_1742.JPG
[2012/09/18 23:51:42 | 001,687,218 | ---- | C] () -- C:\Users\User\Documents\IMG_1736.JPG
[2012/09/18 23:51:42 | 001,657,945 | ---- | C] () -- C:\Users\User\Documents\IMG_1741.JPG
[2012/09/18 23:51:42 | 001,553,175 | ---- | C] () -- C:\Users\User\Documents\IMG_1737.JPG
[2012/09/18 23:51:42 | 001,505,575 | ---- | C] () -- C:\Users\User\Documents\IMG_1738.JPG
[2012/09/18 23:51:42 | 001,274,171 | ---- | C] () -- C:\Users\User\Documents\IMG_1739.JPG
[2012/09/18 23:51:42 | 001,244,727 | ---- | C] () -- C:\Users\User\Documents\IMG_1740.JPG
[2012/09/18 23:51:41 | 001,992,984 | ---- | C] () -- C:\Users\User\Documents\IMG_1734.JPG
[2012/09/18 23:51:41 | 001,966,867 | ---- | C] () -- C:\Users\User\Documents\IMG_1733.JPG
[2012/09/18 23:51:41 | 001,948,377 | ---- | C] () -- C:\Users\User\Documents\IMG_1732.JPG
[2012/09/18 23:51:41 | 001,880,119 | ---- | C] () -- C:\Users\User\Documents\IMG_1731.JPG
[2012/09/18 23:51:41 | 001,828,339 | ---- | C] () -- C:\Users\User\Documents\IMG_1730.JPG
[2012/09/18 23:51:41 | 001,787,871 | ---- | C] () -- C:\Users\User\Documents\IMG_1729.JPG
[2012/09/18 23:51:41 | 001,660,175 | ---- | C] () -- C:\Users\User\Documents\IMG_1728.JPG
[2012/09/18 23:51:40 | 001,667,076 | ---- | C] () -- C:\Users\User\Documents\IMG_1726.JPG
[2012/09/18 23:51:40 | 001,627,959 | ---- | C] () -- C:\Users\User\Documents\IMG_1727.JPG
[2012/09/18 23:51:40 | 001,462,537 | ---- | C] () -- C:\Users\User\Documents\IMG_1723.JPG
[2012/09/18 23:51:40 | 001,454,001 | ---- | C] () -- C:\Users\User\Documents\IMG_1721.JPG
[2012/09/18 23:51:40 | 001,430,465 | ---- | C] () -- C:\Users\User\Documents\IMG_1722.JPG
[2012/09/18 23:51:40 | 001,404,024 | ---- | C] () -- C:\Users\User\Documents\IMG_1724.JPG
[2012/09/18 23:51:40 | 001,387,425 | ---- | C] () -- C:\Users\User\Documents\IMG_1725.JPG
[2012/09/18 23:51:39 | 001,787,235 | ---- | C] () -- C:\Users\User\Documents\IMG_1746.JPG
[2012/09/18 23:32:59 | 002,709,638 | ---- | C] () -- C:\Users\User\Documents\IMG_1718.JPG
[2012/09/18 23:32:59 | 002,550,431 | ---- | C] () -- C:\Users\User\Documents\IMG_1717.JPG
[2012/09/18 23:32:59 | 001,761,504 | ---- | C] () -- C:\Users\User\Documents\IMG_1715.JPG
[2012/09/18 23:32:59 | 001,690,212 | ---- | C] () -- C:\Users\User\Documents\IMG_1716.JPG
[2012/09/18 23:32:59 | 001,660,314 | ---- | C] () -- C:\Users\User\Documents\IMG_1714.JPG
[2012/09/18 23:32:58 | 002,019,683 | ---- | C] () -- C:\Users\User\Documents\IMG_1711.JPG
[2012/09/18 23:32:58 | 001,566,553 | ---- | C] () -- C:\Users\User\Documents\IMG_1712.JPG
[2012/09/18 23:32:58 | 000,925,351 | ---- | C] () -- C:\Users\User\Documents\IMG_1713.JPG
[2012/09/18 23:32:57 | 022,575,690 | ---- | C] () -- C:\Users\User\Documents\IMG_1693.MOV
[2012/09/18 23:32:47 | 128,400,393 | ---- | C] () -- C:\Users\User\Documents\IMG_1692.MOV
[2012/09/18 23:32:45 | 045,910,042 | ---- | C] () -- C:\Users\User\Documents\IMG_1691.MOV
[2012/09/18 23:32:43 | 027,496,376 | ---- | C] () -- C:\Users\User\Documents\IMG_1690.MOV
[2012/09/18 23:32:39 | 053,115,200 | ---- | C] () -- C:\Users\User\Documents\IMG_1689.MOV
[2012/09/18 23:32:28 | 081,584,599 | ---- | C] () -- C:\Users\User\Documents\IMG_1688.MOV
[2012/09/18 23:32:26 | 029,618,847 | ---- | C] () -- C:\Users\User\Documents\IMG_1687.MOV
[2012/09/18 23:32:26 | 001,222,367 | ---- | C] () -- C:\Users\User\Documents\IMG_1685.JPG
[2012/09/18 23:32:22 | 052,675,465 | ---- | C] () -- C:\Users\User\Documents\IMG_1683.MOV
[2012/09/18 23:32:21 | 018,497,900 | ---- | C] () -- C:\Users\User\Documents\IMG_1682.MOV
[2012/09/18 23:32:21 | 001,630,410 | ---- | C] () -- C:\Users\User\Documents\IMG_1681.JPG
[2012/09/18 23:32:20 | 002,116,019 | ---- | C] () -- C:\Users\User\Documents\IMG_1675.JPG
[2012/09/18 23:32:20 | 002,035,388 | ---- | C] () -- C:\Users\User\Documents\IMG_1677.JPG
[2012/09/18 23:32:20 | 001,938,783 | ---- | C] () -- C:\Users\User\Documents\IMG_1678.JPG
[2012/09/18 23:32:20 | 001,915,754 | ---- | C] () -- C:\Users\User\Documents\IMG_1676.JPG
[2012/09/18 23:32:20 | 001,678,798 | ---- | C] () -- C:\Users\User\Documents\IMG_1679.JPG
[2012/09/18 23:32:20 | 001,641,200 | ---- | C] () -- C:\Users\User\Documents\IMG_1680.JPG
[2012/09/18 23:32:19 | 002,195,733 | ---- | C] () -- C:\Users\User\Documents\IMG_1674.JPG
[2012/09/18 23:32:19 | 001,759,712 | ---- | C] () -- C:\Users\User\Documents\IMG_1719.JPG
[2012/09/18 23:32:19 | 001,729,643 | ---- | C] () -- C:\Users\User\Documents\IMG_1672.JPG
[2012/09/18 23:32:19 | 001,471,414 | ---- | C] () -- C:\Users\User\Documents\IMG_1673.JPG
[2012/09/18 23:32:19 | 001,462,831 | ---- | C] () -- C:\Users\User\Documents\IMG_1670.JPG
[2012/09/18 23:32:19 | 001,299,658 | ---- | C] () -- C:\Users\User\Documents\IMG_1671.JPG
[2010/10/22 15:43:31 | 000,000,266 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2010/10/22 15:29:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2002/08/26 19:54:44 | 000,327,680 | R--- | C] () -- C:\Users\User\AppData\Roaming\MafiaSetup.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Spearit
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Spearit
[2010/11/24 15:55:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DassaultSystemes
[2012/03/15 12:54:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Garmin
[2010/09/21 08:26:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011/10/19 19:52:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SkyTestBU0
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spearit
[2012/02/25 02:06:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2012/08/10 00:50:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
[2012/03/12 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Avira
[2010/11/24 15:55:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DassaultSystemes
[2012/05/11 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FastStone
[2012/03/15 12:54:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Garmin
[2010/10/24 01:40:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Google
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2010/09/21 08:26:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2010/09/21 08:25:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logishrd
[2010/09/21 08:29:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logitech
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2012/10/14 21:33:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2009/07/14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2012/05/12 00:28:15 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2012/02/25 14:34:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2010/10/28 12:48:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nero
[2010/09/30 20:27:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NVIDIA
[2011/07/31 23:19:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2011/10/19 19:52:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SkyTestBU0
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spearit
[2012/02/25 02:06:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
 
< %APPDATA%\*.exe /s >
[2002/08/26 19:54:44 | 000,327,680 | R--- | M] () -- C:\Users\User\AppData\Roaming\MafiaSetup.exe
[2010/02/01 03:45:40 | 000,038,784 | ---- | M] () -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012/05/10 03:57:53 | 000,007,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}\_20e36a9a.exe
[2012/05/10 03:57:53 | 000,007,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}\_5a9f4086.exe
[2010/09/21 08:26:48 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 18.10.2012, 19:15

Code:

ATTFilter

Professional  (Version = 6.1.7600)
(Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)

Windows Prof und CATIA?

Ist das ein Büro-/Firmen-PC?

Bong · 21.10.2012, 13:41

Das CATIA ist noch ein Überbleibsel aus meiner Zeit als Maschinenbau-Student.
Der PC ist mein privater Home-PC, also weder Büro noch Firma.

cosinus · 21.10.2012, 15:58

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Bong · 21.10.2012, 18:01

Mir ist aufgefallen, dass ich veschiedene aktionen im Normalen Modus nicht mehr unbeschränkt ausführen kann:
Ich bastele gerne an Microsoft FlightSimulator9 rum, und jetzt muss ich immer "administrator rights" providen um folder oder files zu verschieben, und wenn ich .txt Dateien editiere, kann ich diese nicht mehr überschreiben ("access denied").

Hier das Log:

Code:

ATTFilter

18:54:23.0891 3620  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:54:23.0907 3620  ============================================================
18:54:23.0907 3620  Current date / time: 2012/10/21 18:54:23.0907
18:54:23.0907 3620  SystemInfo:
18:54:23.0907 3620  
18:54:23.0907 3620  OS Version: 6.1.7600 ServicePack: 0.0
18:54:23.0907 3620  Product type: Workstation
18:54:23.0907 3620  ComputerName: STATION01
18:54:23.0907 3620  UserName: User
18:54:23.0907 3620  Windows directory: C:\Windows
18:54:23.0907 3620  System windows directory: C:\Windows
18:54:23.0907 3620  Processor architecture: Intel x86
18:54:23.0907 3620  Number of processors: 8
18:54:23.0907 3620  Page size: 0x1000
18:54:23.0907 3620  Boot type: Normal boot
18:54:23.0907 3620  ============================================================
18:54:25.0250 3620  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:54:25.0266 3620  Drive \Device\Harddisk3\DR5 - Size: 0xEE800000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:54:25.0266 3620  ============================================================
18:54:25.0266 3620  \Device\Harddisk0\DR0:
18:54:25.0266 3620  MBR partitions:
18:54:25.0266 3620  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x8D800
18:54:25.0266 3620  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8E000, BlocksNum 0x253A0000
18:54:25.0266 3620  \Device\Harddisk3\DR5:
18:54:25.0266 3620  MBR partitions:
18:54:25.0266 3620  \Device\Harddisk3\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x772080
18:54:25.0266 3620  ============================================================
18:54:25.0297 3620  C: <-> \Device\Harddisk0\DR0\Partition2
18:54:25.0297 3620  ============================================================
18:54:25.0297 3620  Initialize success
18:54:25.0297 3620  ============================================================
18:54:44.0002 4616  ============================================================
18:54:44.0002 4616  Scan started
18:54:44.0002 4616  Mode: Manual; SigCheck; TDLFS; 
18:54:44.0002 4616  ============================================================
18:54:45.0393 4616  ================ Scan system memory ========================
18:54:45.0393 4616  System memory - ok
18:54:45.0393 4616  ================ Scan services =============================
18:54:45.0487 4616  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
18:54:45.0581 4616  1394ohci - ok
18:54:45.0596 4616  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
18:54:45.0612 4616  ACPI - ok
18:54:45.0627 4616  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
18:54:45.0659 4616  AcpiPmi - ok
18:54:45.0706 4616  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:54:45.0737 4616  adp94xx - ok
18:54:45.0752 4616  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:54:45.0768 4616  adpahci - ok
18:54:45.0799 4616  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:54:45.0831 4616  adpu320 - ok
18:54:45.0846 4616  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:54:45.0877 4616  AeLookupSvc - ok
18:54:45.0941 4616  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
18:54:46.0003 4616  AFD - ok
18:54:46.0035 4616  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
18:54:46.0066 4616  agp440 - ok
18:54:46.0082 4616  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
18:54:46.0097 4616  aic78xx - ok
18:54:46.0128 4616  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
18:54:46.0175 4616  ALG - ok
18:54:46.0191 4616  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
18:54:46.0207 4616  aliide - ok
18:54:46.0222 4616  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
18:54:46.0238 4616  amdagp - ok
18:54:46.0253 4616  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
18:54:46.0285 4616  amdide - ok
18:54:46.0300 4616  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:54:46.0347 4616  AmdK8 - ok
18:54:46.0363 4616  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:54:46.0394 4616  AmdPPM - ok
18:54:46.0425 4616  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:54:46.0441 4616  amdsata - ok
18:54:46.0457 4616  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:54:46.0488 4616  amdsbs - ok
18:54:46.0488 4616  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:54:46.0519 4616  amdxata - ok
18:54:46.0613 4616  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:54:46.0628 4616  AntiVirSchedulerService - ok
18:54:46.0660 4616  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:54:46.0675 4616  AntiVirService - ok
18:54:46.0691 4616  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
18:54:46.0832 4616  AppID - ok
18:54:46.0925 4616  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:54:47.0035 4616  AppIDSvc - ok
18:54:47.0050 4616  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
18:54:47.0066 4616  Appinfo - ok
18:54:47.0144 4616  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:54:47.0160 4616  Apple Mobile Device - ok
18:54:47.0175 4616  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:54:47.0238 4616  AppMgmt - ok
18:54:47.0269 4616  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:54:47.0285 4616  arc - ok
18:54:47.0300 4616  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:54:47.0332 4616  arcsas - ok
18:54:47.0347 4616  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:47.0378 4616  AsyncMac - ok
18:54:47.0394 4616  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
18:54:47.0394 4616  atapi - ok
18:54:47.0425 4616  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:54:47.0472 4616  AudioEndpointBuilder - ok
18:54:47.0488 4616  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:54:47.0503 4616  Audiosrv - ok
18:54:47.0550 4616  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:54:47.0550 4616  avgntflt - ok
18:54:47.0582 4616  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:54:47.0597 4616  avipbb - ok
18:54:47.0597 4616  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:54:47.0613 4616  avkmgr - ok
18:54:47.0644 4616  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:54:47.0707 4616  AxInstSV - ok
18:54:47.0738 4616  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
18:54:47.0785 4616  b06bdrv - ok
18:54:47.0816 4616  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:54:47.0878 4616  b57nd60x - ok
18:54:48.0003 4616  [ B68B7EB9C8652E51654396AED5078E49 ] BBDemon         C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
18:54:51.0191 4616  BBDemon ( UnsignedFile.Multi.Generic ) - warning
18:54:51.0191 4616  BBDemon - detected UnsignedFile.Multi.Generic (1)
18:54:51.0253 4616  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:54:51.0332 4616  BDESVC - ok
18:54:51.0363 4616  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:54:51.0410 4616  Beep - ok
18:54:51.0441 4616  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
18:54:51.0472 4616  BFE - ok
18:54:51.0488 4616  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
18:54:51.0535 4616  BITS - ok
18:54:51.0550 4616  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:54:51.0582 4616  blbdrive - ok
18:54:51.0691 4616  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:54:51.0691 4616  Bonjour Service - ok
18:54:51.0738 4616  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:54:51.0769 4616  bowser - ok
18:54:51.0785 4616  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:54:51.0816 4616  BrFiltLo - ok
18:54:51.0832 4616  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:54:51.0863 4616  BrFiltUp - ok
18:54:51.0894 4616  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser         C:\Windows\System32\browser.dll
18:54:51.0925 4616  Browser - ok
18:54:51.0972 4616  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:54:52.0019 4616  Brserid - ok
18:54:52.0035 4616  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:54:52.0082 4616  BrSerWdm - ok
18:54:52.0097 4616  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:54:52.0128 4616  BrUsbMdm - ok
18:54:52.0144 4616  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:54:52.0175 4616  BrUsbSer - ok
18:54:52.0191 4616  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:54:52.0222 4616  BTHMODEM - ok
18:54:52.0253 4616  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
18:54:52.0285 4616  bthserv - ok
18:54:52.0332 4616  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:54:52.0378 4616  cdfs - ok
18:54:52.0410 4616  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:54:52.0441 4616  cdrom - ok
18:54:52.0457 4616  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:54:52.0503 4616  CertPropSvc - ok
18:54:52.0519 4616  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:54:52.0550 4616  circlass - ok
18:54:52.0566 4616  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
18:54:52.0597 4616  CLFS - ok
18:54:52.0660 4616  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:54:52.0675 4616  clr_optimization_v2.0.50727_32 - ok
18:54:52.0785 4616  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:54:52.0816 4616  clr_optimization_v4.0.30319_32 - ok
18:54:52.0832 4616  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:54:52.0863 4616  CmBatt - ok
18:54:52.0878 4616  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
18:54:52.0894 4616  cmdide - ok
18:54:52.0941 4616  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:54:52.0989 4616  CNG - ok
18:54:53.0004 4616  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:54:53.0036 4616  Compbatt - ok
18:54:53.0051 4616  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:54:53.0067 4616  CompositeBus - ok
18:54:53.0067 4616  COMSysApp - ok
18:54:53.0083 4616  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:54:53.0098 4616  crcdisk - ok
18:54:53.0145 4616  [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:54:53.0176 4616  CryptSvc - ok
18:54:53.0208 4616  [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC             C:\Windows\system32\drivers\csc.sys
18:54:53.0286 4616  CSC - ok
18:54:53.0301 4616  [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService      C:\Windows\System32\cscsvc.dll
18:54:53.0333 4616  CscService - ok
18:54:53.0379 4616  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:54:53.0411 4616  DcomLaunch - ok
18:54:53.0426 4616  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:54:53.0442 4616  defragsvc - ok
18:54:53.0489 4616  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:54:53.0520 4616  DfsC - ok
18:54:53.0551 4616  [ 31273C758C6DF7FC27B00BE78C7220E9 ] DFUBTUSB        C:\Windows\system32\Drivers\frmupgr.sys
18:54:53.0583 4616  DFUBTUSB - ok
18:54:53.0598 4616  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:54:53.0614 4616  Dhcp - ok
18:54:53.0629 4616  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
18:54:53.0661 4616  discache - ok
18:54:53.0708 4616  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:54:53.0723 4616  Disk - ok
18:54:53.0754 4616  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:54:53.0786 4616  Dnscache - ok
18:54:53.0801 4616  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:54:53.0864 4616  dot3svc - ok
18:54:53.0895 4616  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
18:54:53.0926 4616  DPS - ok
18:54:53.0958 4616  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:54:53.0973 4616  drmkaud - ok
18:54:54.0020 4616  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:54:54.0051 4616  DXGKrnl - ok
18:54:54.0083 4616  [ A13F07A0422E4A04E7FF6F6F3B05E729 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
18:54:54.0114 4616  e1kexpress - ok
18:54:54.0129 4616  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
18:54:54.0161 4616  EapHost - ok
18:54:54.0239 4616  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
18:54:54.0348 4616  ebdrv - ok
18:54:54.0379 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\Windows\System32\lsass.exe
18:54:54.0426 4616  EFS - ok
18:54:54.0489 4616  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:54:54.0536 4616  ehRecvr - ok
18:54:54.0551 4616  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
18:54:54.0614 4616  ehSched - ok
18:54:54.0629 4616  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:54:54.0676 4616  elxstor - ok
18:54:54.0692 4616  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
18:54:54.0723 4616  ErrDev - ok
18:54:54.0754 4616  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
18:54:54.0786 4616  EventSystem - ok
18:54:54.0817 4616  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
18:54:54.0848 4616  exfat - ok
18:54:54.0864 4616  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:54:54.0895 4616  fastfat - ok
18:54:54.0911 4616  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
18:54:54.0942 4616  Fax - ok
18:54:54.0958 4616  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:54:54.0989 4616  fdc - ok
18:54:55.0004 4616  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
18:54:55.0020 4616  fdPHost - ok
18:54:55.0036 4616  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
18:54:55.0067 4616  FDResPub - ok
18:54:55.0098 4616  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:54:55.0129 4616  FileInfo - ok
18:54:55.0129 4616  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:54:55.0161 4616  Filetrace - ok
18:54:55.0192 4616  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:54:55.0223 4616  flpydisk - ok
18:54:55.0254 4616  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:54:55.0270 4616  FltMgr - ok
18:54:55.0317 4616  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
18:54:55.0364 4616  FontCache - ok
18:54:55.0395 4616  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:54:55.0426 4616  FontCache3.0.0.0 - ok
18:54:55.0442 4616  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:54:55.0458 4616  FsDepends - ok
18:54:55.0504 4616  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:54:55.0504 4616  Fs_Rec - ok
18:54:55.0551 4616  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:54:55.0583 4616  fvevol - ok
18:54:55.0614 4616  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:54:55.0629 4616  gagp30kx - ok
18:54:55.0676 4616  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:54:55.0692 4616  GEARAspiWDM - ok
18:54:55.0723 4616  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
18:54:55.0754 4616  gpsvc - ok
18:54:55.0879 4616  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:54:55.0895 4616  gupdate - ok
18:54:55.0895 4616  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:54:55.0911 4616  gupdatem - ok
18:54:55.0973 4616  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:54:55.0973 4616  gusvc - ok
18:54:56.0004 4616  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:54:56.0036 4616  hcw85cir - ok
18:54:56.0067 4616  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:54:56.0098 4616  HdAudAddService - ok
18:54:56.0114 4616  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:54:56.0129 4616  HDAudBus - ok
18:54:56.0161 4616  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
18:54:56.0192 4616  HECI - ok
18:54:56.0208 4616  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:54:56.0254 4616  HidBatt - ok
18:54:56.0270 4616  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:54:56.0301 4616  HidBth - ok
18:54:56.0333 4616  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:54:56.0364 4616  HidIr - ok
18:54:56.0395 4616  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
18:54:56.0411 4616  hidserv - ok
18:54:56.0442 4616  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:54:56.0473 4616  HidUsb - ok
18:54:56.0504 4616  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:54:56.0536 4616  hkmsvc - ok
18:54:56.0551 4616  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:54:56.0614 4616  HomeGroupListener - ok
18:54:56.0629 4616  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:54:56.0661 4616  HomeGroupProvider - ok
18:54:56.0676 4616  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
18:54:56.0708 4616  HpSAMD - ok
18:54:56.0739 4616  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:54:56.0786 4616  HTTP - ok
18:54:56.0817 4616  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:54:56.0833 4616  hwpolicy - ok
18:54:56.0848 4616  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:54:56.0895 4616  i8042prt - ok
18:54:56.0958 4616  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:54:56.0989 4616  iaStorV - ok
18:54:57.0114 4616  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:54:57.0129 4616  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:54:57.0129 4616  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:54:57.0176 4616  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:54:57.0223 4616  idsvc - ok
18:54:57.0364 4616  [ 678B92645258162C9A81F3CC874CFF43 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:54:57.0551 4616  igfx ( UnsignedFile.Multi.Generic ) - warning
18:54:57.0551 4616  igfx - detected UnsignedFile.Multi.Generic (1)
18:54:57.0567 4616  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:54:57.0583 4616  iirsp - ok
18:54:57.0614 4616  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:54:57.0645 4616  IKEEXT - ok
18:54:57.0739 4616  [ 810AD686E0C342817B24A631F734850C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:54:57.0848 4616  IntcAzAudAddService - ok
18:54:57.0864 4616  [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:54:57.0895 4616  IntcDAud ( UnsignedFile.Multi.Generic ) - warning
18:54:57.0895 4616  IntcDAud - detected UnsignedFile.Multi.Generic (1)
18:54:57.0911 4616  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
18:54:57.0942 4616  intelide - ok
18:54:57.0958 4616  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:54:57.0989 4616  intelppm - ok
18:54:58.0004 4616  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:54:58.0051 4616  IPBusEnum - ok
18:54:58.0083 4616  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:54:58.0129 4616  IpFilterDriver - ok
18:54:58.0161 4616  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:54:58.0192 4616  iphlpsvc - ok
18:54:58.0208 4616  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:54:58.0254 4616  IPMIDRV - ok
18:54:58.0270 4616  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:54:58.0317 4616  IPNAT - ok
18:54:58.0379 4616  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:54:58.0395 4616  iPod Service - ok
18:54:58.0411 4616  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:54:58.0442 4616  IRENUM - ok
18:54:58.0473 4616  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
18:54:58.0489 4616  isapnp - ok
18:54:58.0504 4616  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:54:58.0536 4616  iScsiPrt - ok
18:54:58.0551 4616  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:54:58.0583 4616  kbdclass - ok
18:54:58.0598 4616  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:54:58.0629 4616  kbdhid - ok
18:54:58.0629 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
18:54:58.0645 4616  KeyIso - ok
18:54:58.0676 4616  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:54:58.0708 4616  KSecDD - ok
18:54:58.0723 4616  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:54:58.0754 4616  KSecPkg - ok
18:54:58.0786 4616  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:54:58.0833 4616  KtmRm - ok
18:54:58.0879 4616  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:54:58.0926 4616  LanmanServer - ok
18:54:58.0942 4616  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:54:58.0958 4616  LanmanWorkstation - ok
18:54:59.0083 4616  [ AB097D0F93B30A6D79D430422AC6A7E8 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:54:59.0098 4616  LBTServ - ok
18:54:59.0114 4616  [ B68309F25C5787385DA842EB5B496958 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:54:59.0129 4616  LHidFilt - ok
18:54:59.0176 4616  [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:54:59.0208 4616  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:54:59.0208 4616  LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:54:59.0239 4616  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:54:59.0286 4616  lltdio - ok
18:54:59.0317 4616  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:54:59.0364 4616  lltdsvc - ok
18:54:59.0379 4616  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:54:59.0411 4616  lmhosts - ok
18:54:59.0426 4616  [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:54:59.0458 4616  LMouFilt - ok
18:54:59.0520 4616  [ 17A9C5FFA241AAAB275EE5CACEF77686 ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:54:59.0536 4616  LMS - ok
18:54:59.0567 4616  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:54:59.0583 4616  LSI_FC - ok
18:54:59.0614 4616  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:54:59.0645 4616  LSI_SAS - ok
18:54:59.0676 4616  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:54:59.0692 4616  LSI_SAS2 - ok
18:54:59.0708 4616  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:54:59.0739 4616  LSI_SCSI - ok
18:54:59.0754 4616  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
18:54:59.0786 4616  luafv - ok
18:54:59.0848 4616  [ A83CA48076A3C43C3B71175095838D69 ] LUMDriver       C:\Windows\system32\drivers\LUMDriver.sys
18:54:59.0864 4616  LUMDriver ( UnsignedFile.Multi.Generic ) - warning
18:54:59.0864 4616  LUMDriver - detected UnsignedFile.Multi.Generic (1)
18:54:59.0879 4616  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:54:59.0911 4616  Mcx2Svc - ok
18:54:59.0926 4616  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:54:59.0958 4616  megasas - ok
18:54:59.0973 4616  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:54:59.0989 4616  MegaSR - ok
18:55:00.0004 4616  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
18:55:00.0036 4616  MMCSS - ok
18:55:00.0067 4616  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
18:55:00.0114 4616  Modem - ok
18:55:00.0129 4616  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:55:00.0145 4616  monitor - ok
18:55:00.0176 4616  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:55:00.0192 4616  mouclass - ok
18:55:00.0208 4616  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:55:00.0223 4616  mouhid - ok
18:55:00.0239 4616  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:55:00.0270 4616  mountmgr - ok
18:55:00.0333 4616  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:55:00.0348 4616  MozillaMaintenance - ok
18:55:00.0379 4616  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
18:55:00.0411 4616  mpio - ok
18:55:00.0426 4616  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:55:00.0473 4616  mpsdrv - ok
18:55:00.0504 4616  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:55:00.0536 4616  MpsSvc - ok
18:55:00.0567 4616  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:55:00.0583 4616  MRxDAV - ok
18:55:00.0629 4616  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:00.0676 4616  mrxsmb - ok
18:55:00.0708 4616  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:00.0739 4616  mrxsmb10 - ok
18:55:00.0739 4616  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:00.0786 4616  mrxsmb20 - ok
18:55:00.0801 4616  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
18:55:00.0833 4616  msahci - ok
18:55:00.0848 4616  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
18:55:00.0864 4616  msdsm - ok
18:55:00.0879 4616  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
18:55:00.0911 4616  MSDTC - ok
18:55:00.0942 4616  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:55:00.0974 4616  Msfs - ok
18:55:00.0974 4616  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:55:01.0005 4616  mshidkmdf - ok
18:55:01.0021 4616  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
18:55:01.0037 4616  msisadrv - ok
18:55:01.0052 4616  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:55:01.0083 4616  MSiSCSI - ok
18:55:01.0099 4616  msiserver - ok
18:55:01.0115 4616  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:55:01.0162 4616  MSKSSRV - ok
18:55:01.0177 4616  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:01.0208 4616  MSPCLOCK - ok
18:55:01.0208 4616  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:55:01.0255 4616  MSPQM - ok
18:55:01.0271 4616  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:55:01.0287 4616  MsRPC - ok
18:55:01.0302 4616  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:55:01.0318 4616  mssmbios - ok
18:55:01.0318 4616  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:55:01.0349 4616  MSTEE - ok
18:55:01.0380 4616  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:55:01.0396 4616  MTConfig - ok
18:55:01.0412 4616  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:55:01.0443 4616  Mup - ok
18:55:01.0474 4616  [ 7F16EE8322EBDF3C3B2D1A69F8030FD4 ] NAL             C:\Windows\system32\Drivers\iqvw32.sys
18:55:01.0490 4616  NAL - ok
18:55:01.0521 4616  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
18:55:01.0552 4616  napagent - ok
18:55:01.0583 4616  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:55:01.0615 4616  NativeWifiP - ok
18:55:01.0646 4616  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:55:01.0662 4616  NDIS - ok
18:55:01.0677 4616  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:55:01.0724 4616  NdisCap - ok
18:55:01.0740 4616  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:01.0771 4616  NdisTapi - ok
18:55:01.0802 4616  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:01.0833 4616  Ndisuio - ok
18:55:01.0865 4616  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:01.0896 4616  NdisWan - ok
18:55:01.0896 4616  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:55:01.0927 4616  NDProxy - ok
18:55:01.0990 4616  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:55:02.0005 4616  Nero BackItUp Scheduler 4.0 - ok
18:55:02.0021 4616  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:55:02.0068 4616  NetBIOS - ok
18:55:02.0083 4616  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:55:02.0115 4616  NetBT - ok
18:55:02.0115 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
18:55:02.0130 4616  Netlogon - ok
18:55:02.0162 4616  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
18:55:02.0193 4616  Netman - ok
18:55:02.0224 4616  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
18:55:02.0255 4616  netprofm - ok
18:55:02.0287 4616  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:55:02.0302 4616  NetTcpPortSharing - ok
18:55:02.0318 4616  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:55:02.0349 4616  nfrd960 - ok
18:55:02.0365 4616  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:55:02.0380 4616  NlaSvc - ok
18:55:02.0412 4616  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:55:02.0443 4616  Npfs - ok
18:55:02.0458 4616  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
18:55:02.0474 4616  nsi - ok
18:55:02.0490 4616  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:55:02.0505 4616  nsiproxy - ok
18:55:02.0568 4616  [ 187002CE05693C306F43C873F821381F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:55:02.0599 4616  Ntfs - ok
18:55:02.0615 4616  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
18:55:02.0630 4616  Null - ok
18:55:02.0802 4616  [ 1516CEEF99501B2D130651AF261644EE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:55:03.0052 4616  nvlddmkm - ok
18:55:03.0068 4616  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:55:03.0083 4616  nvraid - ok
18:55:03.0130 4616  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:55:03.0146 4616  nvstor - ok
18:55:03.0177 4616  [ 3E12F75F840974395178654AD3CFCC8C ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:55:03.0177 4616  nvsvc - ok
18:55:03.0193 4616  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
18:55:03.0224 4616  nv_agp - ok
18:55:03.0240 4616  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:55:03.0255 4616  ohci1394 - ok
18:55:03.0287 4616  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:03.0302 4616  ose - ok
18:55:03.0412 4616  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:55:03.0521 4616  osppsvc - ok
18:55:03.0552 4616  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:55:03.0599 4616  p2pimsvc - ok
18:55:03.0599 4616  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:55:03.0646 4616  p2psvc - ok
18:55:03.0662 4616  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:55:03.0693 4616  Parport - ok
18:55:03.0724 4616  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:55:03.0755 4616  partmgr - ok
18:55:03.0771 4616  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
18:55:03.0802 4616  Parvdm - ok
18:55:03.0818 4616  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:55:03.0833 4616  PcaSvc - ok
18:55:03.0849 4616  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
18:55:03.0849 4616  pci - ok
18:55:03.0865 4616  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
18:55:03.0896 4616  pciide - ok
18:55:03.0912 4616  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:55:03.0943 4616  pcmcia - ok
18:55:03.0958 4616  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
18:55:03.0990 4616  pcw - ok
18:55:04.0021 4616  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:55:04.0083 4616  PEAUTH - ok
18:55:04.0115 4616  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:55:04.0162 4616  PeerDistSvc - ok
18:55:04.0224 4616  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
18:55:04.0287 4616  pla - ok
18:55:04.0333 4616  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:55:04.0380 4616  PlugPlay - ok
18:55:04.0396 4616  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:55:04.0427 4616  PNRPAutoReg - ok
18:55:04.0443 4616  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:55:04.0458 4616  PNRPsvc - ok
18:55:04.0490 4616  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:55:04.0537 4616  PolicyAgent - ok
18:55:04.0552 4616  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
18:55:04.0568 4616  Power - ok
18:55:04.0583 4616  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:55:04.0615 4616  PptpMiniport - ok
18:55:04.0630 4616  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:55:04.0646 4616  Processor - ok
18:55:04.0708 4616  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\Windows\system32\profsvc.dll
18:55:04.0740 4616  ProfSvc - ok
18:55:04.0755 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:55:04.0755 4616  ProtectedStorage - ok
18:55:04.0787 4616  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:55:04.0818 4616  Psched - ok
18:55:04.0865 4616  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:55:04.0912 4616  ql2300 - ok
18:55:04.0927 4616  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:55:04.0958 4616  ql40xx - ok
18:55:04.0974 4616  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
18:55:05.0021 4616  QWAVE - ok
18:55:05.0037 4616  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:55:05.0068 4616  QWAVEdrv - ok
18:55:05.0146 4616  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
18:55:05.0146 4616  RapiMgr - ok
18:55:05.0162 4616  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:55:05.0193 4616  RasAcd - ok
18:55:05.0208 4616  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:55:05.0240 4616  RasAgileVpn - ok
18:55:05.0271 4616  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
18:55:05.0302 4616  RasAuto - ok
18:55:05.0318 4616  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:05.0365 4616  Rasl2tp - ok
18:55:05.0396 4616  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
18:55:05.0412 4616  RasMan - ok
18:55:05.0427 4616  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:05.0458 4616  RasPppoe - ok
18:55:05.0490 4616  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:55:05.0505 4616  RasSstp - ok
18:55:05.0537 4616  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:55:05.0552 4616  rdbss - ok
18:55:05.0568 4616  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:55:05.0599 4616  rdpbus - ok
18:55:05.0615 4616  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:05.0662 4616  RDPCDD - ok
18:55:05.0677 4616  [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:55:05.0724 4616  RDPDR - ok
18:55:05.0740 4616  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:55:05.0771 4616  RDPENCDD - ok
18:55:05.0771 4616  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:55:05.0802 4616  RDPREFMP - ok
18:55:05.0849 4616  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:55:05.0880 4616  RDPWD - ok
18:55:05.0912 4616  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:55:05.0927 4616  rdyboost - ok
18:55:05.0943 4616  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:55:05.0990 4616  RemoteAccess - ok
18:55:06.0005 4616  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:55:06.0052 4616  RemoteRegistry - ok
18:55:06.0083 4616  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:55:06.0115 4616  RpcEptMapper - ok
18:55:06.0146 4616  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
18:55:06.0177 4616  RpcLocator - ok
18:55:06.0193 4616  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
18:55:06.0224 4616  RpcSs - ok
18:55:06.0240 4616  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:55:06.0287 4616  rspndr - ok
18:55:06.0302 4616  [ 5423D8437051E89DD34749F242C98648 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
18:55:06.0349 4616  s3cap - ok
18:55:06.0365 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\Windows\system32\lsass.exe
18:55:06.0365 4616  SamSs - ok
18:55:06.0396 4616  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
18:55:06.0412 4616  sbp2port - ok
18:55:06.0427 4616  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:55:06.0490 4616  SCardSvr - ok
18:55:06.0505 4616  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:55:06.0552 4616  scfilter - ok
18:55:06.0599 4616  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
18:55:06.0646 4616  Schedule - ok
18:55:06.0662 4616  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:55:06.0693 4616  SCPolicySvc - ok
18:55:06.0708 4616  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:55:06.0755 4616  SDRSVC - ok
18:55:06.0787 4616  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:55:06.0818 4616  secdrv - ok
18:55:06.0833 4616  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
18:55:06.0880 4616  seclogon - ok
18:55:06.0896 4616  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
18:55:06.0912 4616  SENS - ok
18:55:06.0943 4616  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:55:06.0974 4616  SensrSvc - ok
18:55:06.0990 4616  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:55:07.0021 4616  Serenum - ok
18:55:07.0037 4616  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:55:07.0052 4616  Serial - ok
18:55:07.0068 4616  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:55:07.0115 4616  sermouse - ok
18:55:07.0146 4616  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
18:55:07.0162 4616  SessionEnv - ok
18:55:07.0193 4616  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
18:55:07.0240 4616  sffdisk - ok
18:55:07.0255 4616  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:55:07.0271 4616  sffp_mmc - ok
18:55:07.0271 4616  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
18:55:07.0302 4616  sffp_sd - ok
18:55:07.0318 4616  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:55:07.0333 4616  sfloppy - ok
18:55:07.0365 4616  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:55:07.0396 4616  SharedAccess - ok
18:55:07.0427 4616  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:55:07.0458 4616  ShellHWDetection - ok
18:55:07.0490 4616  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
18:55:07.0505 4616  sisagp - ok
18:55:07.0537 4616  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:55:07.0537 4616  SiSRaid2 - ok
18:55:07.0568 4616  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:55:07.0599 4616  SiSRaid4 - ok
18:55:07.0662 4616  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:55:07.0724 4616  SkypeUpdate - ok
18:55:07.0755 4616  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:55:07.0802 4616  Smb - ok
18:55:07.0833 4616  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:55:07.0865 4616  SNMPTRAP - ok
18:55:07.0880 4616  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:55:07.0912 4616  spldr - ok
18:55:07.0958 4616  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler         C:\Windows\System32\spoolsv.exe
18:55:07.0990 4616  Spooler - ok
18:55:08.0052 4616  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
18:55:08.0115 4616  sppsvc - ok
18:55:08.0130 4616  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:55:08.0177 4616  sppuinotify - ok
18:55:08.0224 4616  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:55:08.0255 4616  srv - ok
18:55:08.0287 4616  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:55:08.0318 4616  srv2 - ok
18:55:08.0333 4616  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:55:08.0365 4616  srvnet - ok
18:55:08.0396 4616  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:55:08.0412 4616  SSDPSRV - ok
18:55:08.0458 4616  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:55:08.0458 4616  ssmdrv - ok
18:55:08.0474 4616  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:55:08.0521 4616  SstpSvc - ok
18:55:08.0537 4616  Steam Client Service - ok
18:55:08.0583 4616  [ 108F1BE5B024E5FA0B8801E5B9F5288B ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:55:08.0599 4616  Stereo Service - ok
18:55:08.0615 4616  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:55:08.0630 4616  stexstor - ok
18:55:08.0662 4616  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:55:08.0693 4616  StiSvc - ok
18:55:08.0708 4616  [ 957E346CA948668F2496A6CCF6FF82CC ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
18:55:08.0740 4616  storflt - ok
18:55:08.0755 4616  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
18:55:08.0787 4616  StorSvc - ok
18:55:08.0787 4616  [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
18:55:08.0802 4616  storvsc - ok
18:55:08.0818 4616  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:55:08.0849 4616  swenum - ok
18:55:08.0880 4616  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
18:55:08.0927 4616  swprv - ok
18:55:08.0958 4616  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
18:55:08.0974 4616  SysMain - ok
18:55:09.0006 4616  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:55:09.0038 4616  TabletInputService - ok
18:55:09.0053 4616  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:55:09.0100 4616  TapiSrv - ok
18:55:09.0116 4616  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
18:55:09.0131 4616  TBS - ok
18:55:09.0178 4616  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:55:09.0241 4616  Tcpip - ok
18:55:09.0288 4616  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:55:09.0303 4616  TCPIP6 - ok
18:55:09.0319 4616  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:55:09.0366 4616  tcpipreg - ok
18:55:09.0366 4616  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:55:09.0413 4616  TDPIPE - ok
18:55:09.0444 4616  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:55:09.0459 4616  TDTCP - ok
18:55:09.0475 4616  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:55:09.0538 4616  tdx - ok
18:55:09.0553 4616  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:55:09.0584 4616  TermDD - ok
18:55:09.0616 4616  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
18:55:09.0647 4616  TermService - ok
18:55:09.0663 4616  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
18:55:09.0678 4616  Themes - ok
18:55:09.0694 4616  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:55:09.0709 4616  THREADORDER - ok
18:55:09.0741 4616  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys
18:55:09.0788 4616  TPM - ok
18:55:09.0819 4616  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
18:55:09.0850 4616  TrkWks - ok
18:55:09.0881 4616  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:55:09.0897 4616  TrustedInstaller - ok
18:55:09.0913 4616  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:09.0928 4616  tssecsrv - ok
18:55:09.0944 4616  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:55:09.0991 4616  tunnel - ok
18:55:10.0023 4616  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:55:10.0039 4616  uagp35 - ok
18:55:10.0054 4616  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:55:10.0101 4616  udfs - ok
18:55:10.0132 4616  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:55:10.0148 4616  UI0Detect - ok
18:55:10.0179 4616  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
18:55:10.0195 4616  uliagpkx - ok
18:55:10.0226 4616  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:55:10.0257 4616  umbus - ok
18:55:10.0273 4616  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:55:10.0304 4616  UmPass - ok
18:55:10.0335 4616  [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:55:10.0367 4616  UmRdpService - ok
18:55:10.0429 4616  [ 7953D636309B7F505C70667A7A2437CF ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:55:10.0476 4616  UNS - ok
18:55:10.0492 4616  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
18:55:10.0523 4616  upnphost - ok
18:55:10.0554 4616  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:55:10.0585 4616  USBAAPL - ok
18:55:10.0617 4616  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
18:55:10.0648 4616  usbccgp - ok
18:55:10.0695 4616  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
18:55:10.0710 4616  usbcir - ok
18:55:10.0710 4616  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:55:10.0742 4616  usbehci - ok
18:55:10.0789 4616  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:55:10.0804 4616  usbhub - ok
18:55:10.0835 4616  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:55:10.0851 4616  usbohci - ok
18:55:10.0882 4616  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:55:10.0914 4616  usbprint - ok
18:55:10.0945 4616  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:55:10.0992 4616  usbscan - ok
18:55:11.0007 4616  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:55:11.0071 4616  USBSTOR - ok
18:55:11.0086 4616  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:55:11.0102 4616  usbuhci - ok
18:55:11.0149 4616  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
18:55:11.0165 4616  usb_rndisx - ok
18:55:11.0196 4616  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
18:55:11.0211 4616  UxSms - ok
18:55:11.0227 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
18:55:11.0227 4616  VaultSvc - ok
18:55:11.0258 4616  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
18:55:11.0274 4616  vdrvroot - ok
18:55:11.0290 4616  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
18:55:11.0336 4616  vds - ok
18:55:11.0368 4616  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:11.0383 4616  vga - ok
18:55:11.0399 4616  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:55:11.0430 4616  VgaSave - ok
18:55:11.0446 4616  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
18:55:11.0477 4616  vhdmp - ok
18:55:11.0508 4616  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
18:55:11.0524 4616  viaagp - ok
18:55:11.0540 4616  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
18:55:11.0555 4616  ViaC7 - ok
18:55:11.0555 4616  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
18:55:11.0586 4616  viaide - ok
18:55:11.0586 4616  [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
18:55:11.0618 4616  vmbus - ok
18:55:11.0618 4616  [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
18:55:11.0633 4616  VMBusHID - ok
18:55:11.0633 4616  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
18:55:11.0665 4616  volmgr - ok
18:55:11.0696 4616  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:55:11.0696 4616  volmgrx - ok
18:55:11.0711 4616  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
18:55:11.0743 4616  volsnap - ok
18:55:11.0774 4616  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:55:11.0790 4616  vsmraid - ok
18:55:11.0821 4616  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
18:55:11.0868 4616  VSS - ok
18:55:11.0883 4616  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:55:11.0899 4616  vwifibus - ok
18:55:11.0915 4616  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
18:55:11.0946 4616  W32Time - ok
18:55:11.0977 4616  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:55:11.0993 4616  WacomPen - ok
18:55:12.0008 4616  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:55:12.0057 4616  WANARP - ok
18:55:12.0057 4616  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:55:12.0088 4616  Wanarpv6 - ok
18:55:12.0135 4616  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:55:12.0213 4616  WatAdminSvc - ok
18:55:12.0245 4616  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
18:55:12.0307 4616  wbengine - ok
18:55:12.0338 4616  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:55:12.0401 4616  WbioSrvc - ok
18:55:12.0448 4616  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:55:12.0463 4616  WcesComm - ok
18:55:12.0510 4616  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:55:12.0557 4616  wcncsvc - ok
18:55:12.0588 4616  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:55:12.0620 4616  WcsPlugInService - ok
18:55:12.0635 4616  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:55:12.0651 4616  Wd - ok
18:55:12.0682 4616  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:55:12.0698 4616  Wdf01000 - ok
18:55:12.0713 4616  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:55:12.0745 4616  WdiServiceHost - ok
18:55:12.0745 4616  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:55:12.0760 4616  WdiSystemHost - ok
18:55:12.0791 4616  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
18:55:12.0823 4616  WebClient - ok
18:55:12.0838 4616  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:55:12.0885 4616  Wecsvc - ok
18:55:12.0901 4616  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:55:12.0916 4616  wercplsupport - ok
18:55:12.0948 4616  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:55:12.0963 4616  WerSvc - ok
18:55:12.0979 4616  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:55:13.0010 4616  WfpLwf - ok
18:55:13.0026 4616  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:55:13.0041 4616  WIMMount - ok
18:55:13.0106 4616  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:55:13.0153 4616  WinDefend - ok
18:55:13.0153 4616  WinHttpAutoProxySvc - ok
18:55:13.0184 4616  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:55:13.0215 4616  Winmgmt - ok
18:55:13.0231 4616  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:55:13.0278 4616  WinRM - ok
18:55:13.0340 4616  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:55:13.0356 4616  WinUsb - ok
18:55:13.0372 4616  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:55:13.0418 4616  Wlansvc - ok
18:55:13.0434 4616  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:55:13.0465 4616  WmiAcpi - ok
18:55:13.0481 4616  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:55:13.0497 4616  wmiApSrv - ok
18:55:13.0543 4616  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:55:13.0590 4616  WMPNetworkSvc - ok
18:55:13.0606 4616  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:55:13.0637 4616  WPCSvc - ok
18:55:13.0653 4616  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:55:13.0668 4616  WPDBusEnum - ok
18:55:13.0684 4616  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:55:13.0715 4616  ws2ifsl - ok
18:55:13.0747 4616  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\System32\wscsvc.dll
18:55:13.0778 4616  wscsvc - ok
18:55:13.0778 4616  WSearch - ok
18:55:13.0840 4616  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:55:13.0887 4616  wuauserv - ok
18:55:13.0903 4616  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:55:13.0934 4616  WudfPf - ok
18:55:13.0965 4616  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:55:13.0997 4616  WUDFRd - ok
18:55:14.0028 4616  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:55:14.0059 4616  wudfsvc - ok
18:55:14.0092 4616  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:55:14.0124 4616  WwanSvc - ok
18:55:14.0155 4616  [ CE0C846127D6ABB1E2A22E59682B2527 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
18:55:14.0186 4616  xnacc - ok
18:55:14.0186 4616  ================ Scan global ===============================
18:55:14.0202 4616  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
18:55:14.0249 4616  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
18:55:14.0249 4616  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
18:55:14.0280 4616  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:55:14.0295 4616  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:55:14.0295 4616  [Global] - ok
18:55:14.0295 4616  ================ Scan MBR ==================================
18:55:14.0311 4616  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:55:14.0499 4616  \Device\Harddisk0\DR0 - ok
18:55:14.0499 4616  [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk3\DR5
18:55:15.0014 4616  \Device\Harddisk3\DR5 - ok
18:55:15.0014 4616  ================ Scan VBR ==================================
18:55:15.0030 4616  [ 709BCDEB215087B1D7C7EFAC8C1B01A0 ] \Device\Harddisk0\DR0\Partition1
18:55:15.0030 4616  \Device\Harddisk0\DR0\Partition1 - ok
18:55:15.0045 4616  [ 915241029A06FFC332757D15CB0A32E4 ] \Device\Harddisk0\DR0\Partition2
18:55:15.0045 4616  \Device\Harddisk0\DR0\Partition2 - ok
18:55:15.0045 4616  [ 5F1E540EC69D27543F8CC5E0EDA580B8 ] \Device\Harddisk3\DR5\Partition1
18:55:15.0045 4616  \Device\Harddisk3\DR5\Partition1 - ok
18:55:15.0045 4616  ============================================================
18:55:15.0045 4616  Scan finished
18:55:15.0045 4616  ============================================================
18:55:15.0061 5668  Detected object count: 6
18:55:15.0061 5668  Actual detected object count: 6
18:55:44.0649 5668  BBDemon ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  BBDemon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:55:44.0649 5668  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:55:44.0649 5668  igfx ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:55:44.0649 5668  IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:55:44.0649 5668  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:55:44.0649 5668  LUMDriver ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  LUMDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 21.10.2012, 20:35

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bong · 23.10.2012, 21:43

Hier ist der Combofix-Report:

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-23.01 - User 23/10/2012  21:50:54.1.8 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.3517.2790 [GMT 2:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0E860171-5260-4120-9B6F-1FEC76B1F41E}.xps
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{452EE020-BEA6-4A9E-B7A7-64863D4A4E31}.xps
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BD76176-D78C-4738-BA3D-A1B1149AF9D2}.xps
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
(((((((((((((((((((((((((   Files Created from 2012-09-23 to 2012-10-23  )))))))))))))))))))))))))))))))
.
.
2012-10-23 19:56 . 2012-10-23 19:58	--------	d-----w-	c:\users\User\AppData\Local\temp
2012-10-23 19:56 . 2012-10-23 19:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-14 19:44 . 2012-10-14 19:44	--------	d-----w-	c:\program files\ESET
2012-10-14 19:33 . 2012-10-14 19:33	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2012-10-14 19:33 . 2012-10-14 19:33	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-14 19:33 . 2012-10-14 19:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-14 19:33 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-14 19:24 . 2012-10-14 19:24	--------	d-----w-	c:\users\User\AppData\Local\Diagnostics
2012-10-13 01:08 . 2012-10-14 10:56	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:05 . 2012-09-13 10:59	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-19 13:26 . 2012-02-25 12:34	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-05-18 2363392]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-09 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-23 39408]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-10 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-10 167448]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 15:54	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 23:39]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.lu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\snipb2ir.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Logitech\SetPointP\LBTWiz.exe
c:\windows\system32\WUDFHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-10-23  22:02:20 - machine was rebooted
ComboFix-quarantined-files.txt  2012-10-23 20:02
.
Pre-Run: 126*249*271*296 bytes free
Post-Run: 128*728*211*456 bytes free
.
- - End Of File - - 7532D094F780F28CB1D5413DE1FDA1CE

--- --- ---

cosinus · 24.10.2012, 11:26

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Bong · 15.11.2012, 16:22

Hallo Cosinus,

sorry dass ich so lange nicht mehr geantwortet habe! Ich bin seit Anfang November bis Anfang Dezember gerade ziemlich im Prüfungsstress...
Mein Tower hat hier leider keinen Internet-Anschluss (hab hier nur WiFi), so dass ich den nächsten Schritt erst ausführen kann, wenn ich wieder zuhause bin (8.12.). Ich hoffe, der Thread wird bis dahin nicht gelöscht.

Grüsse
Bong

Bong · 13.12.2012, 00:58

Hallo Cosinus,

Jetzt wo die Prüfungen vorbei sind, will ich endlich die Säuberung meines PCs zu Ende führen

Allerdings scheint Avira nicht mehr zu funktionieren: die Internet-Protection geht nicht, und wenn ich auf "Update" klicke, tut sich ebenfalls nichts.
Ich habe mir daraufhin die neueste Version runtergeladen, doch zum Installieren müsste ich Malware desinstallieren...wie soll ich vorgehen?

Gruß,
Bong

cosinus · 13.12.2012, 15:10

Avira erstmal deinstallieren! Sonst bitte noch nichts neues raufmachen
Wenn wir hier komplett fertig sind kannst du auf Avast oder MSE umsatteln

Bitte mal den aktuellen adwCleaner v2.100 runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Bong · 16.02.2013, 11:55

Hallo cosinus, nach langer Zeit habe ich heute beschlossen, mal wieder den PC weiter zu säubern...

-Avira wurde gelöscht, also gerade KEIN Antivirus installiert.

-GMER und OSAM wurden noch NICHT benutzt.

-Hier die adw-logdatei von heute:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.112 - Logfile created 02/16/2013 at 11:55:57
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional  (32 bits)
# User : User - STATION01
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

*************************

AdwCleaner[R1].txt - [1073 octets] - [17/10/2012 23:59:54]
AdwCleaner[R2].txt - [732 octets] - [16/02/2013 11:55:57]
AdwCleaner[S1].txt - [985 octets] - [18/10/2012 12:03:31]

########## EOF - C:\AdwCleaner[R2].txt - [850 octets] ##########

--- --- ---

18.10.2012, 12:56	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 Pro Verschlüsselungstrojaner Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

18.10.2012, 19:15	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 Pro Verschlüsselungstrojaner Code: ATTFilter Professional (Version = 6.1.7600) (Dassault Systemes) [Auto \| Running] -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon) Windows Prof und CATIA? Ist das ein Büro-/Firmen-PC? __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7 Pro Verschlüsselungstrojaner

Plagegeister aller Art und deren Bekämpfung: Windows 7 Pro Verschlüsselungstrojaner