| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.11.2012, 22:24
| #1 |
 |  Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Hallo zusammen, bitte gebt mir Hilfestellung um oben im Betreff genannte Funde zu beseitigen. Ich habe hier schonmal die Reporte der beiden Scans+OTL beigefügt. mfg Daniel Report Malwarebytes: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.09.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel Graf :: DANIELPC [Administrator] 15.11.2012 18:47:06 mbam-log-2012-11-15 (18-47-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 226831 Laufzeit: 6 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe (Trojan.ZbotR.Gen) -> 2240 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{D4C186CF-AC31-AD7F-E1C0-E6E3C3C3C5FE} (Trojan.ZbotR.Gen) -> Daten: "C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe (Trojan.ZbotR.Gen) -> Löschen bei Neustart. (Ende) Report Avira: Avira Free Antivirus Erstellungsdatum der Reportdatei: Donnerstag, 15. November 2012 18:00 Es wird nach 4498343 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : DANIELPC Versionsinformationen: BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00 AVSCAN.EXE : 12.3.0.48 468256 Bytes 15.11.2012 10:29:48 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 09:05:55 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 09:05:55 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 14:11:12 AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 09:23:48 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:37:55 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:21:14 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:49 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 19:06:06 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 10:36:27 VBASE007.VDF : 7.11.45.207 2363904 Bytes 11.10.2012 14:26:16 VBASE008.VDF : 7.11.45.208 2048 Bytes 11.10.2012 14:26:16 VBASE009.VDF : 7.11.45.209 2048 Bytes 11.10.2012 14:26:16 VBASE010.VDF : 7.11.45.210 2048 Bytes 11.10.2012 14:26:16 VBASE011.VDF : 7.11.45.211 2048 Bytes 11.10.2012 14:26:16 VBASE012.VDF : 7.11.45.212 2048 Bytes 11.10.2012 14:26:16 VBASE013.VDF : 7.11.45.213 2048 Bytes 11.10.2012 14:26:16 VBASE014.VDF : 7.11.46.65 220160 Bytes 16.10.2012 17:27:08 VBASE015.VDF : 7.11.46.153 173568 Bytes 18.10.2012 17:27:08 VBASE016.VDF : 7.11.46.223 162304 Bytes 19.10.2012 18:14:08 VBASE017.VDF : 7.11.47.35 126464 Bytes 22.10.2012 14:59:14 VBASE018.VDF : 7.11.47.95 175616 Bytes 24.10.2012 14:57:30 VBASE019.VDF : 7.11.47.177 164352 Bytes 26.10.2012 14:57:29 VBASE020.VDF : 7.11.47.229 143360 Bytes 28.10.2012 11:59:59 VBASE021.VDF : 7.11.48.47 138240 Bytes 30.10.2012 14:23:29 VBASE022.VDF : 7.11.48.135 122880 Bytes 01.11.2012 15:29:17 VBASE023.VDF : 7.11.48.209 142848 Bytes 05.11.2012 15:28:34 VBASE024.VDF : 7.11.48.243 119296 Bytes 05.11.2012 15:28:35 VBASE025.VDF : 7.11.49.47 136704 Bytes 07.11.2012 15:28:34 VBASE026.VDF : 7.11.49.135 194560 Bytes 09.11.2012 23:12:14 VBASE027.VDF : 7.11.49.209 188416 Bytes 12.11.2012 09:42:27 VBASE028.VDF : 7.11.50.27 212992 Bytes 14.11.2012 10:29:47 VBASE029.VDF : 7.11.50.28 2048 Bytes 14.11.2012 10:29:47 VBASE030.VDF : 7.11.50.29 2048 Bytes 14.11.2012 10:29:47 VBASE031.VDF : 7.11.50.44 45056 Bytes 15.11.2012 10:29:47 Engineversion : 8.2.10.198 AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 10:24:52 AESCRIPT.DLL : 8.1.4.66 463227 Bytes 12.11.2012 09:42:48 AESCN.DLL : 8.1.9.2 131444 Bytes 26.09.2012 17:29:27 AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 07:46:30 AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 15:28:37 AEPACK.DLL : 8.3.0.40 815479 Bytes 12.11.2012 09:42:48 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:28:37 AEHEUR.DLL : 8.1.4.132 5489016 Bytes 12.11.2012 09:42:48 AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 14:26:14 AEGEN.DLL : 8.1.6.8 434548 Bytes 07.11.2012 15:28:34 AEEXP.DLL : 8.2.0.10 119158 Bytes 05.11.2012 15:28:37 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 10:24:51 AECORE.DLL : 8.1.29.2 201079 Bytes 07.11.2012 15:28:34 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:28:35 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 09:05:54 AVPREF.DLL : 12.3.0.32 50720 Bytes 15.11.2012 10:29:48 AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 14:11:12 AVARKT.DLL : 12.3.0.33 209696 Bytes 15.11.2012 10:29:48 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 09:05:55 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 09:05:55 AVSMTP.DLL : 12.3.0.32 63480 Bytes 11.08.2012 19:11:04 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 09:05:55 RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 11.08.2012 19:11:00 RCTEXT.DLL : 12.3.0.32 98848 Bytes 15.11.2012 10:29:47 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Donnerstag, 15. November 2012 18:00 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD3 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD4 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD5 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Fehler in der ARK Library Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '120' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'pdf24.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'RtWlan.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'RtlService.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'suki.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'ezprint.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'lxedmon.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlservr.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'BWH32S.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2677' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\Daniel Graf\AppData\Local\Temp\ICReinstall_AudioConverterSetup.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen C:\Users\Daniel Graf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5cc70d22-117382c0 [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen C:\Users\Daniel Graf\Downloads\AudioConverterSetup.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen C:\Windows\System32\drivers\906d6994eace405d.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\Diskdump.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\drmk.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\drmkaud.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\Dumpata.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\dumpfve.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\dxapi.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\dxg.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\dxgkrnl.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\dxgmms1.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\elxstor.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\errdev.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\evbda.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\exfat.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\fastfat.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\fdc.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\fileinfo.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\filetrace.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\flpydisk.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\fltMgr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\fsdepends.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\fssfltr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\fs_rec.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ftdibus.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ftser2k.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\fvevol.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\FWPKCLNT.SYS [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\GAGP30KX.SYS [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\GEARAspiWDM.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hcw85cir.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hdaudbus.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\HdAudio.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\HECIx64.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hidbatt.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hidbth.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hidclass.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hidir.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hidparse.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hidusb.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\HpSAMD.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\http.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\hwpolicy.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\i8042prt.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\iaStor.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\iaStorV.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\iirsp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\Impcd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\intelide.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\intelppm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ipfltdrv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\IPMIDrv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ipnat.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\irda.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\irenum.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\isapnp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ISASerial.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\jraid.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\kbdclass.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\kbdhid.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ks.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ksecdd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ksecpkg.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ksthunk.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\LHidFilt.Sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\lltdio.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\LMouFilt.Sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\LNonPnP.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\lsi_fc.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\lsi_sas.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\lsi_sas2.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\lsi_scsi.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\luafv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\LUsbFilt.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mcd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\megasas.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\MegaSR.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\modem.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\monitor.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mouclass.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mouhid.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mountmgr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mpio.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mpsdrv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mrxdav.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mrxsmb.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mrxsmb10.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mrxsmb20.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\msahci.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\msdsm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\msfs.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mshidkmdf.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\msisadrv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\msiscsi.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mskssrv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mspclock.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mspqm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\msrpc.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mssmbios.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mstee.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\MTConfig.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\MtsHID.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mup.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mv91xx.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\mvxxmm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ndis.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ndiscap.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ndistapi.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ndisuio.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ndiswan.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ndproxy.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\netbios.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\netbt.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\netio.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nfrd960.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\npfs.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nsiproxy.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ntfs.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\null.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nusb3hub.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nusb3xhc.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nvamacpi.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nvhda64v.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nvlddmkm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nvraid.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nvrd64.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nvsmu.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nvstor.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nvstor64.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\NV_AGP.SYS [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\nwifi.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ohci1394.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\pacer.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\parport.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\partmgr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\pci.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\pciide.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\pciidex.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\PciIsaSerial.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\PciPPorts.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\PciSPorts.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\pcmcia.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\pcw.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\PEAuth.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\portcls.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\PPorts.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\processr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ql2300.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ql40xx.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\qwavedrv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rasacd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rasl2tp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\raspppoe.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\raspptp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rassstp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rdbss.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rdpbus.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\RDPCDD.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\RDPENCDD.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\RDPREFMP.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rdpwd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rdyboost.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rmcast.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\RNDISMP.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rootmdm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rspndr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\Rt64win7.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\rtl8192su.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\sbp2port.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\scfilter.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\scsiport.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\secdrv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\serenum.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\serial.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\sermouse.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\sffdisk.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\sffp_mmc.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\sffp_sd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\sfloppy.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\Si3124r5.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\SiRemFil.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\sisraid2.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\sisraid4.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\SiWinAcc.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\smb.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\smclib.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\spldr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\SPorts.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\spsys.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\srv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\srv2.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\srvnet.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ssudbus.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ssudmdm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\stexstor.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\storport.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\stream.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\swenum.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tape.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tcpip.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tcpipreg.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tdi.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tdpipe.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tdtcp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tdx.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\termdd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tssecsrv.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\TsUsbFlt.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\tunnel.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\UAGP35.SYS [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\udfs.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ULIAGPKX.SYS [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\umbus.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\umpass.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usb8023.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbaapl64.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\USBCAMD2.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbccgp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbcir.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbehci.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbhub.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbohci.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbport.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbprint.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbrpm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbscan.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\USBSTOR.SYS [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\usbuhci.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vdrvroot.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vga.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vgapnp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vhdmp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\viaide.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\videoprt.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\volmgr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\volmgrx.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\volsnap.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vpchbus.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vpcnfltr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vpcusb.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vpcvmm.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vsmraid.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vwifibus.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vwififlt.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\vwifimp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\wacompen.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\wanarp.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\watchdog.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\wd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\Wdf01000.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\WdfLdr.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\wfplwf.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\wimmount.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\winusb.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\wmiacpi.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\wmilib.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\ws2ifsl.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\WUDFPf.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\Windows\System32\drivers\WUDFRd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! Beginne mit der Suche in 'D:\' D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-05-22 200856\Backup files 3.zip [0] Archivtyp: ZIP --> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe [WARNUNG] Die Datei konnte nicht gelesen werden! [WARNUNG] Die Datei konnte nicht gelesen werden! D:\DANIELPC\Backup Set 2012-06-17 190001\Backup Files 2012-06-17 190001\Backup files 13.zip [0] Archivtyp: ZIP --> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe [WARNUNG] Die Datei konnte nicht gelesen werden! [WARNUNG] Die Datei konnte nicht gelesen werden! D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-08-13 212415\Backup files 22.zip [0] Archivtyp: ZIP --> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe [WARNUNG] Die Datei konnte nicht gelesen werden! [WARNUNG] Die Datei konnte nicht gelesen werden! D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-10-29 124127\Backup files 1.zip [0] Archivtyp: ZIP --> C/Users/Daniel Graf/Downloads/AudioConverterSetup.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 12.zip [0] Archivtyp: ZIP --> C/Users/Daniel Graf/Downloads/AudioConverterSetup.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 29.zip [0] Archivtyp: ZIP --> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe [WARNUNG] Die Datei konnte nicht gelesen werden! [WARNUNG] Die Datei konnte nicht gelesen werden! Beginne mit der Desinfektion: D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 12.zip [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '544df491.qua' verschoben! D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-10-29 124127\Backup files 1.zip [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cdadb31.qua' verschoben! C:\Users\Daniel Graf\Downloads\AudioConverterSetup.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e8481fc.qua' verschoben! C:\Users\Daniel Graf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5cc70d22-117382c0 [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '78b2ce20.qua' verschoben! C:\Users\Daniel Graf\AppData\Local\Temp\ICReinstall_AudioConverterSetup.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3cc9e33e.qua' verschoben! Ende des Suchlaufs: Donnerstag, 15. November 2012 22:06 Benötigte Zeit: 4:05:30 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 41800 Verzeichnisse wurden überprüft 5463890 Dateien wurden geprüft 5 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 5 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 259 Dateien konnten nicht durchsucht werden 5463626 Dateien ohne Befall 50477 Archive wurden durchsucht 267 Warnungen 5 Hinweise 64 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Report OTL: OTL logfile created on: 15.11.2012 22:15:59 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel Graf\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,17% Memory free 7,98 Gb Paging File | 5,94 Gb Available in Paging File | 74,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,63 Gb Total Space | 527,89 Gb Free Space | 75,56% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 120,98 Gb Free Space | 17,32% Space Free | Partition Type: NTFS Drive E: | 5,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: DANIELPC | User Name: Daniel Graf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.13 17:26:09 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.10.30 12:29:05 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012.10.29 17:56:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.26 18:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe PRC - [2012.09.29 18:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.08.11 20:11:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.05.08 10:05:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.11 00:15:28 | 000,016,448 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\agcp.exe PRC - [2011.10.28 18:58:36 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.01.23 18:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe PRC - [2011.01.23 18:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe PRC - [2010.12.03 01:40:53 | 000,426,456 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe PRC - [2010.05.14 17:07:16 | 001,093,632 | ---- | M] (Sitecom Corp.) -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtWlan.exe PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.07.09 02:18:24 | 000,126,328 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 17:26:08 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.10.30 12:29:05 | 002,111,456 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012.10.30 12:29:05 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2012.10.30 12:29:05 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2012.10.29 17:56:20 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.15 01:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2011.01.23 18:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe MOD - [2011.01.23 18:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe MOD - [2010.12.03 01:40:53 | 000,426,456 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Epwizard.DLL MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\customui.dll MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Epfunct.DLL MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Eputil.DLL MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Imagutil.DLL MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedDRS.dll MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\EPOEMDll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\EPWizRes.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll MOD - [2009.05.27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcats.dll MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\iptk.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsm.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.06 09:38:16 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\906d6994eace405d.sys -- (906d6994eace405d) SRV:64bit: - [2010.04.14 15:01:15 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxedcoms.exe -- (lxed_device) SRV:64bit: - [2010.04.14 15:01:07 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService) SRV:64bit: - [2007.11.08 00:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2012.11.13 17:26:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 12:29:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.24 12:09:57 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.05.16 20:11:42 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.05.15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.05.08 10:05:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 10:05:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.28 18:58:36 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2010.04.14 15:01:07 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService) SRV - [2010.04.14 15:00:56 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxedcoms.exe -- (lxed_device) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.11 14:19:01 | 000,204,800 | ---- | M] ( ) [Auto | Running] -- C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll -- (LexPrintListener) SRV - [2009.07.09 02:18:24 | 000,126,328 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.02.10 09:03:26 | 000,156,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.06 09:38:16 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\906d6994eace405d.sys -- (906d6994eace405d) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.11 06:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.05.11 06:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.05.08 10:05:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 10:05:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.07 09:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.09.03 13:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.07.01 10:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.04.13 14:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:64bit: - [2010.04.13 14:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:64bit: - [2010.04.13 14:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.06 15:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2010.01.28 11:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132) DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.15 11:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.08 14:44:58 | 000,232,464 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008.05.22 17:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV:64bit: - [2008.05.22 17:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2008.05.22 17:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.02.20 16:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts) DRV:64bit: - [2008.02.20 16:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts) DRV:64bit: - [2008.02.20 16:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial) DRV:64bit: - [2007.10.12 02:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64) DRV:64bit: - [2007.08.17 06:48:40 | 000,018,432 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 FD 1D 8C 86 8D CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{1086A097-7D1E-41F1-850C-A1A6C5BC8C4B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_deDE407 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel Graf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:56:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions [2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.23 16:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions [2012.06.14 10:33:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.19 10:04:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions\ich@maltegoetz.de [2012.02.20 01:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 17:56:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 10:26:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 16:50:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.22 10:26:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.08 01:21:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.06.22 10:26:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 10:26:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 10:26:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://start.facemoods.com/?a=ddrnw O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [{D4C186CF-AC31-AD7F-E1C0-E6E3C3C3C5FE}] C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe () O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133CCE8A-AE40-43EB-9C99-EB0E31A09208}: DhcpNameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.25 07:27:21 | 000,000,133 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{c5307947-f95c-11df-8098-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c5307947-f95c-11df-8098-806e6f6e6963}\Shell\AutoRun\command - "" = SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\bERICHT FLUID [2012.11.12 16:51:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Thermodynamik [2012.11.02 23:13:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Fluidmechanik Übungsaufgaben [2012.11.02 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Fluidmechanik Lösungen [2012.10.30 12:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.10.30 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.10.26 21:32:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Tracing [2012.10.26 21:27:01 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.10.26 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.10.26 21:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.10.26 21:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2012.10.26 21:18:27 | 000,000,000 | R--D | C] -- C:\Users\Daniel Graf\SkyDrive [2012.10.26 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2012.10.26 18:33:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe [2012.10.26 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\AppData\Roaming\Malwarebytes [2012.10.26 17:54:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.26 11:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012.10.18 16:52:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Bewerbungsschreiben [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2012.11.15 22:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.15 22:12:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.15 18:05:47 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 18:05:47 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:57:34 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.15 17:56:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.15 17:56:10 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 21:27:37 | 000,000,517 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\bERICHT FLUID.lnk [2012.11.14 20:08:06 | 000,026,015 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Situationsanalyse.odt [2012.11.14 11:27:16 | 001,763,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.14 11:27:16 | 000,756,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.14 11:27:16 | 000,700,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.14 11:27:16 | 000,173,058 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.14 11:27:16 | 000,139,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url [2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url [2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url [2012.11.06 09:57:05 | 000,322,743 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\06-11-2012 09;37;48.JPG [2012.11.02 18:27:41 | 000,038,856 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf [2012.10.30 12:21:19 | 000,000,722 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Weihnachtsfeier für Senioren.sdx [2012.10.26 21:33:25 | 000,324,198 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Video 12.MOV [2012.10.26 18:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe [2012.10.26 17:54:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 17:50:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.25 19:22:22 | 000,755,977 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Schaufelformen.odt [2012.10.24 16:31:45 | 000,026,086 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Dreiecke.PNG [2012.10.22 21:30:54 | 000,038,936 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 24.pdf [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2012.11.14 21:26:07 | 000,000,517 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\bERICHT FLUID.lnk [2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url [2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url [2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url [2012.11.13 17:16:30 | 000,026,015 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Situationsanalyse.odt [2012.11.06 09:37:57 | 000,322,743 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\06-11-2012 09;37;48.JPG [2012.11.02 18:27:41 | 000,038,856 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf [2012.10.30 12:21:19 | 000,000,722 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Weihnachtsfeier für Senioren.sdx [2012.10.26 21:33:01 | 000,324,198 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Video 12.MOV [2012.10.26 21:26:36 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012.10.26 21:26:32 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012.10.26 21:26:24 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012.10.26 21:26:19 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.10.26 21:25:36 | 000,057,856 | ---- | C] () -- C:\Windows\SysNative\drivers\fssfltr.sys [2012.10.26 21:18:27 | 000,002,198 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2012.10.26 17:54:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.25 19:22:19 | 000,755,977 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Schaufelformen.odt [2012.10.24 16:31:43 | 000,026,086 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Dreiecke.PNG [2012.10.22 21:30:53 | 000,038,936 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 24.pdf [2012.10.08 20:43:07 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2012.06.14 10:14:32 | 000,006,656 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.07 14:33:00 | 001,645,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.28 18:58:37 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.28 18:58:36 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.11 21:11:43 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll [2011.01.11 21:11:42 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll [2011.01.11 21:11:42 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll [2011.01.11 21:11:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll [2011.01.11 21:11:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll [2011.01.11 21:11:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcoms.exe [2011.01.11 21:11:42 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll [2011.01.11 21:11:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll [2011.01.11 21:11:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll [2011.01.11 21:11:42 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll [2011.01.11 21:11:42 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll [2011.01.11 21:11:42 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedih.exe [2011.01.11 21:11:42 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll [2011.01.11 21:11:42 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll [2011.01.11 21:11:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll [2011.01.11 21:11:42 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll [2011.01.11 21:11:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll [2011.01.11 21:11:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll [2011.01.11 21:11:42 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll [2011.01.11 21:11:41 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll [2011.01.11 21:11:41 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcfg.exe [2010.12.14 16:18:08 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll [2010.12.14 16:18:07 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll [2010.11.29 23:17:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.29 23:17:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.11.26 17:21:38 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L [2012.10.23 15:40:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U [2012.08.04 23:59:50 | 000,002,048 | -HS- | M] () -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.28 00:14:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Downloaded Installations [2012.11.15 17:58:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox [2011.11.22 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\dvdisaster [2012.07.19 13:03:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoft [2012.06.14 10:33:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.08 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\e-academy Inc [2012.09.24 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\eType [2012.05.28 00:15:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\FileOpen [2011.11.09 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\IObit [2010.12.03 01:40:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Josye [2011.05.12 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Leadertech [2010.12.14 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\mresreg [2012.06.19 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Nitro PDF [2011.01.11 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Online Games Downloader [2012.06.14 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenCandy [2010.12.15 23:51:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenOffice.org [2011.10.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Origin [2010.11.27 22:22:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\PTC [2011.06.20 01:21:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Thunderbird [2012.06.14 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\TuneUp Software [2010.11.28 05:33:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Tysuog [2011.02.24 12:49:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > |
|
17.11.2012, 22:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
18.11.2012, 13:39
| #3 |
| | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Hallo Cosinus, vielen Dank dass du dich meinem Problem angnommen hast.
__________________Grüsse Daniel Hier die beiden Reporte, der von dir empfohlenen installationen: aswMBR-Report: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-18 13:20:57 ----------------------------- 13:20:57.505 OS Version: Windows x64 6.1.7601 Service Pack 1 13:20:57.505 Number of processors: 4 586 0x1E05 13:20:57.505 ComputerName: DANIELPC UserName: 13:20:59.081 Initialze error C0000001 - driver not loaded 13:21:04.322 AVAST engine defs: 12111800 13:21:35.532 Service scanning 13:21:35.877 Service 906d6994eace405d C:\Windows\System32\Drivers\906d6994eace405d.sys **HIDDEN** 13:21:55.019 Modules scanning 13:21:55.019 Disk 0 trace - called modules: 13:21:55.019 13:21:55.019 Scan finished successfully 13:22:24.706 The log file has been saved successfully to "C:\Users\Daniel Graf\Desktop\aswMBR.txt" TDS-Killer: 13:26:20.0651 3648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 13:26:20.0841 3648 ============================================================ 13:26:20.0841 3648 Current date / time: 2012/11/18 13:26:20.0841 13:26:20.0841 3648 SystemInfo: 13:26:20.0841 3648 13:26:20.0841 3648 OS Version: 6.1.7601 ServicePack: 1.0 13:26:20.0841 3648 Product type: Workstation 13:26:20.0841 3648 ComputerName: DANIELPC 13:26:20.0841 3648 UserName: Daniel Graf 13:26:20.0841 3648 Windows directory: C:\Windows 13:26:20.0841 3648 System windows directory: C:\Windows 13:26:20.0841 3648 Running under WOW64 13:26:20.0841 3648 Processor architecture: Intel x64 13:26:20.0841 3648 Number of processors: 4 13:26:20.0841 3648 Page size: 0x1000 13:26:20.0841 3648 Boot type: Normal boot 13:26:20.0841 3648 ============================================================ 13:26:29.0001 3648 !crdlk 13:26:29.0344 3648 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A' 13:26:29.0375 3648 ============================================================ 13:26:29.0375 3648 \Device\Harddisk0\DR0: 13:26:29.0375 3648 MBR partitions: 13:26:29.0375 3648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57542800 13:26:29.0375 3648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57543000, BlocksNum 0x57544000 13:26:29.0375 3648 ============================================================ 13:26:29.0391 3648 C: <-> \Device\Harddisk0\DR0\Partition1 13:26:29.0437 3648 D: <-> \Device\Harddisk0\DR0\Partition2 13:26:29.0453 3648 ============================================================ 13:26:29.0453 3648 Initialize success 13:26:29.0453 3648 ============================================================ 13:26:44.0944 2196 ============================================================ 13:26:44.0944 2196 Scan started 13:26:44.0944 2196 Mode: Manual; SigCheck; TDLFS; 13:26:44.0944 2196 ============================================================ 13:26:45.0084 2196 ================ Scan system memory ======================== 13:26:45.0084 2196 System memory - ok 13:26:45.0084 2196 ================ Scan services ============================= 13:26:45.0349 2196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 13:26:45.0505 2196 1394ohci - ok 13:26:45.0521 2196 Suspicious service (NoAccess): 906d6994eace405d 13:26:45.0568 2196 [ 83527BC288885BBA3E8AFCE5FC0CC7EE ] 906d6994eace405d C:\Windows\System32\Drivers\906d6994eace405d.sys 13:26:45.0568 2196 Suspicious file (NoAccess): C:\Windows\System32\Drivers\906d6994eace405d.sys. md5: 83527BC288885BBA3E8AFCE5FC0CC7EE 13:26:45.0615 2196 906d6994eace405d ( Rootkit.Win32.Necurs.gen ) - infected 13:26:45.0615 2196 906d6994eace405d - detected Rootkit.Win32.Necurs.gen (0) 13:26:45.0661 2196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 13:26:45.0677 2196 ACPI - ok 13:26:45.0708 2196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 13:26:45.0786 2196 AcpiPmi - ok 13:26:45.0895 2196 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:26:45.0911 2196 AdobeFlashPlayerUpdateSvc - ok 13:26:45.0958 2196 [ 132190688D8E51D61F88A150D7DF9FB4 ] adp3132 C:\Windows\system32\DRIVERS\adp3132.sys 13:26:45.0989 2196 adp3132 - ok 13:26:46.0036 2196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 13:26:46.0051 2196 adp94xx - ok 13:26:46.0083 2196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 13:26:46.0083 2196 adpahci - ok 13:26:46.0114 2196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 13:26:46.0129 2196 adpu320 - ok 13:26:46.0176 2196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:26:46.0317 2196 AeLookupSvc - ok 13:26:46.0348 2196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 13:26:46.0457 2196 AFD - ok 13:26:46.0519 2196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:26:46.0519 2196 agp440 - ok 13:26:46.0551 2196 [ EDA7E60B5A47D9E47E0E843CAC624FF3 ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys 13:26:46.0551 2196 ahcix64s - ok 13:26:46.0582 2196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 13:26:46.0629 2196 ALG - ok 13:26:46.0660 2196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 13:26:46.0660 2196 aliide - ok 13:26:46.0691 2196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 13:26:46.0691 2196 amdide - ok 13:26:46.0722 2196 [ D52A2E98C5EEFF88CED28793B6B04D84 ] amdide64 C:\Windows\system32\DRIVERS\amdide64.sys 13:26:46.0738 2196 amdide64 - ok 13:26:46.0753 2196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 13:26:46.0831 2196 AmdK8 - ok 13:26:46.0847 2196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 13:26:46.0894 2196 AmdPPM - ok 13:26:46.0925 2196 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:26:46.0941 2196 amdsata - ok 13:26:46.0956 2196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 13:26:46.0972 2196 amdsbs - ok 13:26:47.0003 2196 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:26:47.0003 2196 amdxata - ok 13:26:47.0034 2196 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys 13:26:47.0050 2196 amd_sata - ok 13:26:47.0065 2196 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys 13:26:47.0065 2196 amd_xata - ok 13:26:47.0221 2196 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 13:26:47.0221 2196 AntiVirSchedulerService - ok 13:26:47.0268 2196 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 13:26:47.0268 2196 AntiVirService - ok 13:26:47.0315 2196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 13:26:47.0440 2196 AppID - ok 13:26:47.0471 2196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:26:47.0549 2196 AppIDSvc - ok 13:26:47.0596 2196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 13:26:47.0658 2196 Appinfo - ok 13:26:47.0736 2196 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:26:47.0752 2196 Apple Mobile Device - ok 13:26:47.0799 2196 [ D73AAD4946051D074909FDFD34D94C7B ] arc C:\Windows\system32\DRIVERS\arc.sys 13:26:47.0799 2196 arc - ok 13:26:47.0830 2196 [ 46E8C3EB03224A1E55C6F0C100A9D2CC ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 13:26:47.0845 2196 arcsas - ok 13:26:47.0970 2196 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:26:48.0048 2196 aspnet_state - ok 13:26:48.0095 2196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:26:48.0157 2196 AsyncMac - ok 13:26:48.0204 2196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 13:26:48.0204 2196 atapi - ok 13:26:48.0313 2196 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys 13:26:48.0438 2196 atikmdag - ok 13:26:48.0501 2196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:26:48.0563 2196 AudioEndpointBuilder - ok 13:26:48.0594 2196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:26:48.0625 2196 AudioSrv - ok 13:26:48.0688 2196 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 13:26:48.0688 2196 avgntflt - ok 13:26:48.0719 2196 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 13:26:48.0735 2196 avipbb - ok 13:26:48.0781 2196 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 13:26:48.0797 2196 avkmgr - ok 13:26:48.0844 2196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:26:48.0922 2196 AxInstSV - ok 13:26:48.0969 2196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 13:26:49.0047 2196 b06bdrv - ok 13:26:49.0078 2196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 13:26:49.0109 2196 b57nd60a - ok 13:26:49.0156 2196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 13:26:49.0249 2196 BDESVC - ok 13:26:49.0265 2196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 13:26:49.0327 2196 Beep - ok 13:26:49.0374 2196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 13:26:49.0437 2196 BITS - ok 13:26:49.0468 2196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 13:26:49.0515 2196 blbdrive - ok 13:26:49.0608 2196 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 13:26:49.0624 2196 Bonjour Service - ok 13:26:49.0655 2196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:26:49.0686 2196 bowser - ok 13:26:49.0702 2196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:26:49.0749 2196 BrFiltLo - ok 13:26:49.0749 2196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:26:49.0764 2196 BrFiltUp - ok 13:26:49.0811 2196 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 13:26:49.0827 2196 Browser - ok 13:26:49.0858 2196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 13:26:49.0920 2196 Brserid - ok 13:26:49.0936 2196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:26:49.0951 2196 BrSerWdm - ok 13:26:49.0967 2196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:26:49.0998 2196 BrUsbMdm - ok 13:26:50.0014 2196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 13:26:50.0014 2196 BrUsbSer - ok 13:26:50.0029 2196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 13:26:50.0061 2196 BTHMODEM - ok 13:26:50.0107 2196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 13:26:50.0139 2196 bthserv - ok 13:26:50.0170 2196 [ 0063578F0E06B07D2EA60635C71746AC ] Bufeap C:\Windows\system32\DRIVERS\bufeap64.sys 13:26:50.0217 2196 Bufeap - ok 13:26:50.0263 2196 [ 6AE9F70F02A6E28E45B643A2834111BE ] BWH32S C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe 13:26:50.0263 2196 BWH32S - ok 13:26:50.0295 2196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:26:50.0295 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A 13:26:50.0295 2196 cdfs ( LockedFile.Multi.Generic ) - warning 13:26:50.0295 2196 cdfs - detected LockedFile.Multi.Generic (1) 13:26:50.0357 2196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:26:50.0357 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416 13:26:50.0373 2196 cdrom ( LockedFile.Multi.Generic ) - warning 13:26:50.0373 2196 cdrom - detected LockedFile.Multi.Generic (1) 13:26:50.0404 2196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 13:26:50.0451 2196 CertPropSvc - ok 13:26:50.0466 2196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 13:26:50.0466 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF 13:26:50.0482 2196 circlass ( LockedFile.Multi.Generic ) - warning 13:26:50.0482 2196 circlass - detected LockedFile.Multi.Generic (1) 13:26:50.0529 2196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 13:26:50.0529 2196 Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206 13:26:50.0529 2196 CLFS ( LockedFile.Multi.Generic ) - warning 13:26:50.0529 2196 CLFS - detected LockedFile.Multi.Generic (1) 13:26:50.0591 2196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:26:50.0607 2196 clr_optimization_v2.0.50727_32 - ok 13:26:50.0669 2196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:26:50.0669 2196 clr_optimization_v2.0.50727_64 - ok 13:26:50.0778 2196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:26:50.0950 2196 clr_optimization_v4.0.30319_32 - ok 13:26:50.0981 2196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:26:51.0043 2196 clr_optimization_v4.0.30319_64 - ok 13:26:51.0075 2196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 13:26:51.0090 2196 CmBatt - ok 13:26:51.0121 2196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:26:51.0121 2196 cmdide - ok 13:26:51.0168 2196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 13:26:51.0168 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 9AC4F97C2D3E93367E2148EA940CD2CD 13:26:51.0168 2196 CNG ( LockedFile.Multi.Generic ) - warning 13:26:51.0168 2196 CNG - detected LockedFile.Multi.Generic (1) 13:26:51.0199 2196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 13:26:51.0199 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14 13:26:51.0215 2196 Compbatt ( LockedFile.Multi.Generic ) - warning 13:26:51.0215 2196 Compbatt - detected LockedFile.Multi.Generic (1) 13:26:51.0246 2196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 13:26:51.0246 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8 13:26:51.0246 2196 CompositeBus ( LockedFile.Multi.Generic ) - warning 13:26:51.0246 2196 CompositeBus - detected LockedFile.Multi.Generic (1) 13:26:51.0262 2196 COMSysApp - ok 13:26:51.0293 2196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 13:26:51.0293 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597 13:26:51.0293 2196 crcdisk ( LockedFile.Multi.Generic ) - warning 13:26:51.0293 2196 crcdisk - detected LockedFile.Multi.Generic (1) 13:26:51.0355 2196 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:26:51.0402 2196 CryptSvc - ok 13:26:51.0465 2196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 13:26:51.0511 2196 DcomLaunch - ok 13:26:51.0558 2196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 13:26:51.0605 2196 defragsvc - ok 13:26:51.0652 2196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:26:51.0652 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4 13:26:51.0652 2196 DfsC ( LockedFile.Multi.Generic ) - warning 13:26:51.0652 2196 DfsC - detected LockedFile.Multi.Generic (1) 13:26:51.0683 2196 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 13:26:51.0683 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ssudbus.sys. md5: 6060106CE00F32F63F1A73160E46E9D2 13:26:51.0699 2196 dg_ssudbus ( LockedFile.Multi.Generic ) - warning 13:26:51.0699 2196 dg_ssudbus - detected LockedFile.Multi.Generic (1) 13:26:51.0730 2196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 13:26:51.0761 2196 Dhcp - ok 13:26:51.0792 2196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 13:26:51.0792 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3 13:26:51.0792 2196 discache ( LockedFile.Multi.Generic ) - warning 13:26:51.0792 2196 discache - detected LockedFile.Multi.Generic (1) 13:26:51.0823 2196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 13:26:51.0823 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C 13:26:51.0823 2196 Disk ( LockedFile.Multi.Generic ) - warning 13:26:51.0823 2196 Disk - detected LockedFile.Multi.Generic (1) 13:26:51.0870 2196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:26:51.0979 2196 Dnscache - ok 13:26:52.0011 2196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 13:26:52.0089 2196 dot3svc - ok 13:26:52.0135 2196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 13:26:52.0167 2196 DPS - ok 13:26:52.0229 2196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:26:52.0229 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754 13:26:52.0229 2196 drmkaud ( LockedFile.Multi.Generic ) - warning 13:26:52.0229 2196 drmkaud - detected LockedFile.Multi.Generic (1) 13:26:52.0276 2196 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:26:52.0276 2196 Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: F5BEE30450E18E6B83A5012C100616FD 13:26:52.0276 2196 DXGKrnl ( LockedFile.Multi.Generic ) - warning 13:26:52.0276 2196 DXGKrnl - detected LockedFile.Multi.Generic (1) 13:26:52.0307 2196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 13:26:52.0369 2196 EapHost - ok 13:26:52.0432 2196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 13:26:52.0432 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F 13:26:52.0447 2196 ebdrv ( LockedFile.Multi.Generic ) - warning 13:26:52.0447 2196 ebdrv - detected LockedFile.Multi.Generic (1) 13:26:52.0479 2196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 13:26:52.0603 2196 EFS - ok 13:26:52.0666 2196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:26:52.0759 2196 ehRecvr - ok 13:26:52.0806 2196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 13:26:52.0915 2196 ehSched - ok 13:26:52.0962 2196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 13:26:52.0962 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184 13:26:52.0962 2196 elxstor ( LockedFile.Multi.Generic ) - warning 13:26:52.0962 2196 elxstor - detected LockedFile.Multi.Generic (1) 13:26:53.0009 2196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:26:53.0009 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B 13:26:53.0009 2196 ErrDev ( LockedFile.Multi.Generic ) - warning 13:26:53.0009 2196 ErrDev - detected LockedFile.Multi.Generic (1) 13:26:53.0071 2196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 13:26:53.0118 2196 EventSystem - ok 13:26:53.0149 2196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 13:26:53.0149 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B 13:26:53.0149 2196 exfat ( LockedFile.Multi.Generic ) - warning 13:26:53.0149 2196 exfat - detected LockedFile.Multi.Generic (1) 13:26:53.0181 2196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:26:53.0181 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D 13:26:53.0181 2196 fastfat ( LockedFile.Multi.Generic ) - warning 13:26:53.0181 2196 fastfat - detected LockedFile.Multi.Generic (1) 13:26:53.0243 2196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 13:26:53.0321 2196 Fax - ok 13:26:53.0337 2196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 13:26:53.0337 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB 13:26:53.0337 2196 fdc ( LockedFile.Multi.Generic ) - warning 13:26:53.0337 2196 fdc - detected LockedFile.Multi.Generic (1) 13:26:53.0368 2196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 13:26:53.0415 2196 fdPHost - ok 13:26:53.0446 2196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 13:26:53.0493 2196 FDResPub - ok 13:26:53.0524 2196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:26:53.0524 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930 13:26:53.0539 2196 FileInfo ( LockedFile.Multi.Generic ) - warning 13:26:53.0539 2196 FileInfo - detected LockedFile.Multi.Generic (1) 13:26:53.0555 2196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:26:53.0555 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47 13:26:53.0555 2196 Filetrace ( LockedFile.Multi.Generic ) - warning 13:26:53.0555 2196 Filetrace - detected LockedFile.Multi.Generic (1) 13:26:53.0571 2196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 13:26:53.0571 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5 13:26:53.0571 2196 flpydisk ( LockedFile.Multi.Generic ) - warning 13:26:53.0571 2196 flpydisk - detected LockedFile.Multi.Generic (1) 13:26:53.0602 2196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:26:53.0602 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741 13:26:53.0617 2196 FltMgr ( LockedFile.Multi.Generic ) - warning 13:26:53.0617 2196 FltMgr - detected LockedFile.Multi.Generic (1) 13:26:53.0680 2196 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 13:26:53.0727 2196 FontCache - ok 13:26:53.0805 2196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:26:53.0805 2196 FontCache3.0.0.0 - ok 13:26:53.0836 2196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:26:53.0836 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC 13:26:53.0851 2196 FsDepends ( LockedFile.Multi.Generic ) - warning 13:26:53.0851 2196 FsDepends - detected LockedFile.Multi.Generic (1) 13:26:53.0914 2196 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 13:26:53.0914 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fssfltr.sys. md5: B16B626996C74B564005BA855C5DEE90 13:26:53.0914 2196 fssfltr ( LockedFile.Multi.Generic ) - warning 13:26:53.0914 2196 fssfltr - detected LockedFile.Multi.Generic (1) 13:26:54.0023 2196 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 13:26:54.0054 2196 fsssvc - ok 13:26:54.0085 2196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:26:54.0085 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B 13:26:54.0085 2196 Fs_Rec ( LockedFile.Multi.Generic ) - warning 13:26:54.0085 2196 Fs_Rec - detected LockedFile.Multi.Generic (1) 13:26:54.0132 2196 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys 13:26:54.0132 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ftdibus.sys. md5: FA169871D8FADCC6539C4E8726610286 13:26:54.0132 2196 FTDIBUS ( LockedFile.Multi.Generic ) - warning 13:26:54.0132 2196 FTDIBUS - detected LockedFile.Multi.Generic (1) 13:26:54.0163 2196 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys 13:26:54.0163 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ftser2k.sys. md5: 24237091348D1EFB5635A1CF9649E311 13:26:54.0179 2196 FTSER2K ( LockedFile.Multi.Generic ) - warning 13:26:54.0179 2196 FTSER2K - detected LockedFile.Multi.Generic (1) 13:26:54.0210 2196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:26:54.0210 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED 13:26:54.0210 2196 fvevol ( LockedFile.Multi.Generic ) - warning 13:26:54.0210 2196 fvevol - detected LockedFile.Multi.Generic (1) 13:26:54.0241 2196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 13:26:54.0241 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6 13:26:54.0241 2196 gagp30kx ( LockedFile.Multi.Generic ) - warning 13:26:54.0241 2196 gagp30kx - detected LockedFile.Multi.Generic (1) 13:26:54.0304 2196 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 13:26:54.0304 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F 13:26:54.0304 2196 GEARAspiWDM ( LockedFile.Multi.Generic ) - warning 13:26:54.0304 2196 GEARAspiWDM - detected LockedFile.Multi.Generic (1) 13:26:54.0366 2196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 13:26:54.0413 2196 gpsvc - ok 13:26:54.0491 2196 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:26:54.0507 2196 gupdate - ok 13:26:54.0538 2196 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:26:54.0553 2196 gupdatem - ok 13:26:54.0600 2196 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 13:26:54.0600 2196 gusvc - ok 13:26:54.0631 2196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:26:54.0631 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0 13:26:54.0631 2196 hcw85cir ( LockedFile.Multi.Generic ) - warning 13:26:54.0631 2196 hcw85cir - detected LockedFile.Multi.Generic (1) 13:26:54.0678 2196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:26:54.0678 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A 13:26:54.0678 2196 HdAudAddService ( LockedFile.Multi.Generic ) - warning 13:26:54.0678 2196 HdAudAddService - detected LockedFile.Multi.Generic (1) 13:26:54.0709 2196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 13:26:54.0709 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB 13:26:54.0725 2196 HDAudBus ( LockedFile.Multi.Generic ) - warning 13:26:54.0725 2196 HDAudBus - detected LockedFile.Multi.Generic (1) 13:26:54.0756 2196 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 13:26:54.0756 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF 13:26:54.0772 2196 HECIx64 ( LockedFile.Multi.Generic ) - warning 13:26:54.0772 2196 HECIx64 - detected LockedFile.Multi.Generic (1) 13:26:54.0787 2196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 13:26:54.0787 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F 13:26:54.0787 2196 HidBatt ( LockedFile.Multi.Generic ) - warning 13:26:54.0787 2196 HidBatt - detected LockedFile.Multi.Generic (1) 13:26:54.0803 2196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 13:26:54.0803 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104 13:26:54.0819 2196 HidBth ( LockedFile.Multi.Generic ) - warning 13:26:54.0819 2196 HidBth - detected LockedFile.Multi.Generic (1) 13:26:54.0819 2196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 13:26:54.0819 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825 13:26:54.0834 2196 HidIr ( LockedFile.Multi.Generic ) - warning 13:26:54.0834 2196 HidIr - detected LockedFile.Multi.Generic (1) 13:26:54.0881 2196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 13:26:54.0928 2196 hidserv - ok 13:26:54.0959 2196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 13:26:54.0959 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536 13:26:54.0959 2196 HidUsb ( LockedFile.Multi.Generic ) - warning 13:26:54.0959 2196 HidUsb - detected LockedFile.Multi.Generic (1) 13:26:55.0006 2196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:26:55.0037 2196 hkmsvc - ok 13:26:55.0084 2196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:26:55.0146 2196 HomeGroupListener - ok 13:26:55.0193 2196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:26:55.0224 2196 HomeGroupProvider - ok 13:26:55.0255 2196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 13:26:55.0255 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC 13:26:55.0255 2196 HpSAMD ( LockedFile.Multi.Generic ) - warning 13:26:55.0255 2196 HpSAMD - detected LockedFile.Multi.Generic (1) 13:26:55.0302 2196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:26:55.0302 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28 13:26:55.0318 2196 HTTP ( LockedFile.Multi.Generic ) - warning 13:26:55.0318 2196 HTTP - detected LockedFile.Multi.Generic (1) 13:26:55.0365 2196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:26:55.0365 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392 13:26:55.0365 2196 hwpolicy ( LockedFile.Multi.Generic ) - warning 13:26:55.0365 2196 hwpolicy - detected LockedFile.Multi.Generic (1) 13:26:55.0411 2196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 13:26:55.0411 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3 13:26:55.0411 2196 i8042prt ( LockedFile.Multi.Generic ) - warning 13:26:55.0411 2196 i8042prt - detected LockedFile.Multi.Generic (1) 13:26:55.0443 2196 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 13:26:55.0443 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iaStor.sys. md5: ABBF174CB394F5C437410A788B7E404A 13:26:55.0458 2196 iaStor ( LockedFile.Multi.Generic ) - warning 13:26:55.0458 2196 iaStor - detected LockedFile.Multi.Generic (1) 13:26:55.0536 2196 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 13:26:55.0536 2196 IAStorDataMgrSvc - ok 13:26:55.0567 2196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:26:55.0567 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366 13:26:55.0583 2196 iaStorV ( LockedFile.Multi.Generic ) - warning 13:26:55.0583 2196 iaStorV - detected LockedFile.Multi.Generic (1) 13:26:55.0645 2196 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 13:26:55.0677 2196 IDriverT ( UnsignedFile.Multi.Generic ) - warning 13:26:55.0677 2196 IDriverT - detected UnsignedFile.Multi.Generic (1) 13:26:55.0739 2196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:26:55.0755 2196 idsvc - ok 13:26:55.0801 2196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 13:26:55.0801 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21 13:26:55.0817 2196 iirsp ( LockedFile.Multi.Generic ) - warning 13:26:55.0817 2196 iirsp - detected LockedFile.Multi.Generic (1) 13:26:55.0848 2196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 13:26:55.0911 2196 IKEEXT - ok 13:26:55.0957 2196 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 13:26:55.0957 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Impcd.sys. md5: DD587A55390ED2295BCE6D36AD567DA9 13:26:55.0957 2196 Impcd ( LockedFile.Multi.Generic ) - warning 13:26:55.0957 2196 Impcd - detected LockedFile.Multi.Generic (1) 13:26:55.0989 2196 IntcAzAudAddService - ok 13:26:56.0004 2196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 13:26:56.0004 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA 13:26:56.0020 2196 intelide ( LockedFile.Multi.Generic ) - warning 13:26:56.0020 2196 intelide - detected LockedFile.Multi.Generic (1) 13:26:56.0035 2196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:26:56.0035 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1 13:26:56.0051 2196 intelppm ( LockedFile.Multi.Generic ) - warning 13:26:56.0051 2196 intelppm - detected LockedFile.Multi.Generic (1) 13:26:56.0098 2196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:26:56.0145 2196 IPBusEnum - ok 13:26:56.0176 2196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:26:56.0176 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6 13:26:56.0191 2196 IpFilterDriver ( LockedFile.Multi.Generic ) - warning 13:26:56.0191 2196 IpFilterDriver - detected LockedFile.Multi.Generic (1) 13:26:56.0207 2196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 13:26:56.0207 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A 13:26:56.0223 2196 IPMIDRV ( LockedFile.Multi.Generic ) - warning 13:26:56.0223 2196 IPMIDRV - detected LockedFile.Multi.Generic (1) 13:26:56.0254 2196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:26:56.0254 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0 13:26:56.0254 2196 IPNAT ( LockedFile.Multi.Generic ) - warning 13:26:56.0254 2196 IPNAT - detected LockedFile.Multi.Generic (1) 13:26:56.0316 2196 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 13:26:56.0332 2196 iPod Service - ok 13:26:56.0363 2196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:26:56.0363 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9 13:26:56.0363 2196 IRENUM ( LockedFile.Multi.Generic ) - warning 13:26:56.0363 2196 IRENUM - detected LockedFile.Multi.Generic (1) 13:26:56.0394 2196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:26:56.0394 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38 13:26:56.0394 2196 isapnp ( LockedFile.Multi.Generic ) - warning 13:26:56.0394 2196 isapnp - detected LockedFile.Multi.Generic (1) 13:26:56.0410 2196 [ AC45D94185CF67267D06BF2F45E9E31E ] ISASerial C:\Windows\system32\DRIVERS\ISASerial.sys 13:26:56.0410 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ISASerial.sys. md5: AC45D94185CF67267D06BF2F45E9E31E 13:26:56.0410 2196 ISASerial ( LockedFile.Multi.Generic ) - warning 13:26:56.0410 2196 ISASerial - detected LockedFile.Multi.Generic (1) 13:26:56.0441 2196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 13:26:56.0441 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD 13:26:56.0457 2196 iScsiPrt ( LockedFile.Multi.Generic ) - warning 13:26:56.0457 2196 iScsiPrt - detected LockedFile.Multi.Generic (1) 13:26:56.0472 2196 [ 50DE7DD7EDB1B512B13666588AEFBF6F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 13:26:56.0472 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\jraid.sys. md5: 50DE7DD7EDB1B512B13666588AEFBF6F 13:26:56.0488 2196 JRAID ( LockedFile.Multi.Generic ) - warning 13:26:56.0488 2196 JRAID - detected LockedFile.Multi.Generic (1) 13:26:56.0519 2196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 13:26:56.0519 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5 13:26:56.0535 2196 kbdclass ( LockedFile.Multi.Generic ) - warning 13:26:56.0535 2196 kbdclass - detected LockedFile.Multi.Generic (1) 13:26:56.0550 2196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 13:26:56.0550 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484 13:26:56.0566 2196 kbdhid ( LockedFile.Multi.Generic ) - warning 13:26:56.0566 2196 kbdhid - detected LockedFile.Multi.Generic (1) 13:26:56.0581 2196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 13:26:56.0597 2196 KeyIso - ok 13:26:56.0628 2196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:26:56.0628 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4 13:26:56.0644 2196 KSecDD ( LockedFile.Multi.Generic ) - warning 13:26:56.0644 2196 KSecDD - detected LockedFile.Multi.Generic (1) 13:26:56.0675 2196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:26:56.0675 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07 13:26:56.0691 2196 KSecPkg ( LockedFile.Multi.Generic ) - warning 13:26:56.0691 2196 KSecPkg - detected LockedFile.Multi.Generic (1) 13:26:56.0706 2196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:26:56.0706 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4 13:26:56.0722 2196 ksthunk ( LockedFile.Multi.Generic ) - warning 13:26:56.0722 2196 ksthunk - detected LockedFile.Multi.Generic (1) 13:26:56.0753 2196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 13:26:56.0800 2196 KtmRm - ok 13:26:56.0862 2196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 13:26:56.0909 2196 LanmanServer - ok 13:26:56.0956 2196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:26:57.0003 2196 LanmanWorkstation - ok 13:26:57.0127 2196 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 13:26:57.0127 2196 LBTServ - ok 13:26:57.0221 2196 [ ADB665AC1313CFE6F106A68ECF97135C ] LexPrintListener C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll 13:26:57.0252 2196 LexPrintListener ( UnsignedFile.Multi.Generic ) - warning 13:26:57.0252 2196 LexPrintListener - detected UnsignedFile.Multi.Generic (1) 13:26:57.0299 2196 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 13:26:57.0299 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\LHidFilt.Sys. md5: 24E09882BA51B9830AE029888A3AAF18 13:26:57.0299 2196 LHidFilt ( LockedFile.Multi.Generic ) - warning 13:26:57.0299 2196 LHidFilt - detected LockedFile.Multi.Generic (1) 13:26:57.0330 2196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:26:57.0330 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827 13:26:57.0330 2196 lltdio ( LockedFile.Multi.Generic ) - warning 13:26:57.0330 2196 lltdio - detected LockedFile.Multi.Generic (1) 13:26:57.0377 2196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:26:57.0424 2196 lltdsvc - ok 13:26:57.0455 2196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:26:57.0486 2196 lmhosts - ok 13:26:57.0517 2196 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 13:26:57.0517 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\LMouFilt.Sys. md5: 2F94325D8C10E2B715F3D753C2422AAC 13:26:57.0517 2196 LMouFilt ( LockedFile.Multi.Generic ) - warning 13:26:57.0517 2196 LMouFilt - detected LockedFile.Multi.Generic (1) 13:26:57.0564 2196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 13:26:57.0564 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6 13:26:57.0580 2196 LSI_FC ( LockedFile.Multi.Generic ) - warning 13:26:57.0580 2196 LSI_FC - detected LockedFile.Multi.Generic (1) 13:26:57.0595 2196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 13:26:57.0595 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810 13:26:57.0611 2196 LSI_SAS ( LockedFile.Multi.Generic ) - warning 13:26:57.0611 2196 LSI_SAS - detected LockedFile.Multi.Generic (1) 13:26:57.0627 2196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:26:57.0627 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93 13:26:57.0642 2196 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning 13:26:57.0642 2196 LSI_SAS2 - detected LockedFile.Multi.Generic (1) 13:26:57.0642 2196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:26:57.0642 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A 13:26:57.0658 2196 LSI_SCSI ( LockedFile.Multi.Generic ) - warning 13:26:57.0658 2196 LSI_SCSI - detected LockedFile.Multi.Generic (1) 13:26:57.0673 2196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 13:26:57.0673 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E 13:26:57.0689 2196 luafv ( LockedFile.Multi.Generic ) - warning 13:26:57.0689 2196 luafv - detected LockedFile.Multi.Generic (1) 13:26:57.0720 2196 [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 13:26:57.0720 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\LUsbFilt.Sys. md5: B8BE35421B9E8DC1AB4B0CB7B9B0328B 13:26:57.0720 2196 LUsbFilt ( LockedFile.Multi.Generic ) - warning 13:26:57.0720 2196 LUsbFilt - detected LockedFile.Multi.Generic (1) 13:26:57.0814 2196 [ D6CDF198518B8428B66AAD8F7BABC3BE ] lxedCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe 13:26:57.0829 2196 lxedCATSCustConnectService - ok 13:26:57.0845 2196 lxed_device - ok 13:26:57.0892 2196 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 13:26:57.0907 2196 MBAMProtector - ok 13:26:57.0954 2196 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 13:26:57.0970 2196 MBAMScheduler - ok 13:26:58.0001 2196 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 13:26:58.0017 2196 MBAMService - ok 13:26:58.0063 2196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:26:58.0095 2196 Mcx2Svc - ok 13:26:58.0126 2196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 13:26:58.0126 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4 13:26:58.0141 2196 megasas ( LockedFile.Multi.Generic ) - warning 13:26:58.0141 2196 megasas - detected LockedFile.Multi.Generic (1) 13:26:58.0173 2196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 13:26:58.0173 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3 13:26:58.0173 2196 MegaSR ( LockedFile.Multi.Generic ) - warning 13:26:58.0173 2196 MegaSR - detected LockedFile.Multi.Generic (1) 13:26:58.0297 2196 Microsoft SharePoint Workspace Audit Service - ok 13:26:58.0344 2196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 13:26:58.0391 2196 MMCSS - ok 13:26:58.0422 2196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 13:26:58.0422 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137 13:26:58.0422 2196 Modem ( LockedFile.Multi.Generic ) - warning 13:26:58.0422 2196 Modem - detected LockedFile.Multi.Generic (1) 13:26:58.0453 2196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:26:58.0453 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA 13:26:58.0469 2196 monitor ( LockedFile.Multi.Generic ) - warning 13:26:58.0469 2196 monitor - detected LockedFile.Multi.Generic (1) 13:26:58.0485 2196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 13:26:58.0485 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99 13:26:58.0485 2196 mouclass ( LockedFile.Multi.Generic ) - warning 13:26:58.0485 2196 mouclass - detected LockedFile.Multi.Generic (1) 13:26:58.0516 2196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:26:58.0516 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6 13:26:58.0516 2196 mouhid ( LockedFile.Multi.Generic ) - warning 13:26:58.0516 2196 mouhid - detected LockedFile.Multi.Generic (1) 13:26:58.0578 2196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:26:58.0578 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA 13:26:58.0578 2196 mountmgr ( LockedFile.Multi.Generic ) - warning 13:26:58.0578 2196 mountmgr - detected LockedFile.Multi.Generic (1) 13:26:58.0656 2196 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:26:58.0656 2196 MozillaMaintenance - ok 13:26:58.0687 2196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 13:26:58.0687 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58 13:26:58.0703 2196 mpio ( LockedFile.Multi.Generic ) - warning 13:26:58.0703 2196 mpio - detected LockedFile.Multi.Generic (1) 13:26:58.0743 2196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:26:58.0743 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F 13:26:58.0743 2196 mpsdrv ( LockedFile.Multi.Generic ) - warning 13:26:58.0743 2196 mpsdrv - detected LockedFile.Multi.Generic (1) 13:26:58.0803 2196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:26:58.0803 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380 13:26:58.0813 2196 MRxDAV ( LockedFile.Multi.Generic ) - warning 13:26:58.0813 2196 MRxDAV - detected LockedFile.Multi.Generic (1) 13:26:58.0853 2196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:26:58.0853 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC 13:26:58.0863 2196 mrxsmb ( LockedFile.Multi.Generic ) - warning 13:26:58.0863 2196 mrxsmb - detected LockedFile.Multi.Generic (1) 13:26:58.0913 2196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:26:58.0913 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163 13:26:58.0913 2196 mrxsmb10 ( LockedFile.Multi.Generic ) - warning 13:26:58.0913 2196 mrxsmb10 - detected LockedFile.Multi.Generic (1) 13:26:58.0963 2196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:26:58.0963 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C 13:26:58.0963 2196 mrxsmb20 ( LockedFile.Multi.Generic ) - warning 13:26:58.0963 2196 mrxsmb20 - detected LockedFile.Multi.Generic (1) 13:26:59.0003 2196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 13:26:59.0003 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796 13:26:59.0003 2196 msahci ( LockedFile.Multi.Generic ) - warning 13:26:59.0003 2196 msahci - detected LockedFile.Multi.Generic (1) 13:26:59.0023 2196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:26:59.0023 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900 13:26:59.0033 2196 msdsm ( LockedFile.Multi.Generic ) - warning 13:26:59.0033 2196 msdsm - detected LockedFile.Multi.Generic (1) 13:26:59.0063 2196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 13:26:59.0083 2196 MSDTC - ok 13:26:59.0123 2196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:26:59.0123 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96 13:26:59.0133 2196 Msfs ( LockedFile.Multi.Generic ) - warning 13:26:59.0133 2196 Msfs - detected LockedFile.Multi.Generic (1) 13:26:59.0163 2196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:26:59.0163 2196 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326 13:26:59.0163 2196 mshidkmdf ( LockedFile.Multi.Generic ) - warning 13:26:59.0163 2196 mshidkmdf - detected LockedFile.Multi.Generic (1) 13:26:59.0193 2196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:26:59.0193 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D 13:26:59.0193 2196 msisadrv ( LockedFile.Multi.Generic ) - warning 13:26:59.0193 2196 msisadrv - detected LockedFile.Multi.Generic (1) 13:26:59.0233 2196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:26:59.0303 2196 MSiSCSI - ok 13:26:59.0313 2196 msiserver - ok 13:26:59.0353 2196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:26:59.0353 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366 13:26:59.0363 2196 MSKSSRV ( LockedFile.Multi.Generic ) - warning 13:26:59.0363 2196 MSKSSRV - detected LockedFile.Multi.Generic (1) 13:26:59.0383 2196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:26:59.0383 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3 13:26:59.0383 2196 MSPCLOCK ( LockedFile.Multi.Generic ) - warning 13:26:59.0383 2196 MSPCLOCK - detected LockedFile.Multi.Generic (1) 13:26:59.0403 2196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:26:59.0403 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0 13:26:59.0403 2196 MSPQM ( LockedFile.Multi.Generic ) - warning 13:26:59.0403 2196 MSPQM - detected LockedFile.Multi.Generic (1) 13:26:59.0443 2196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:26:59.0443 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D 13:26:59.0453 2196 MsRPC ( LockedFile.Multi.Generic ) - warning 13:26:59.0453 2196 MsRPC - detected LockedFile.Multi.Generic (1) 13:26:59.0483 2196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 13:26:59.0483 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288 13:26:59.0493 2196 mssmbios ( LockedFile.Multi.Generic ) - warning 13:26:59.0493 2196 mssmbios - detected LockedFile.Multi.Generic (1) 13:26:59.0553 2196 MSSQL$SQLEXPRESS - ok 13:26:59.0593 2196 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe 13:26:59.0603 2196 MSSQLServerADHelper - ok 13:26:59.0623 2196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:26:59.0623 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779 13:26:59.0623 2196 MSTEE ( LockedFile.Multi.Generic ) - warning 13:26:59.0623 2196 MSTEE - detected LockedFile.Multi.Generic (1) 13:26:59.0773 2196 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe 13:26:59.0843 2196 msvsmon90 - ok 13:26:59.0873 2196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 13:26:59.0873 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD 13:26:59.0873 2196 MTConfig ( LockedFile.Multi.Generic ) - warning 13:26:59.0873 2196 MTConfig - detected LockedFile.Multi.Generic (1) 13:26:59.0893 2196 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 13:26:59.0893 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 19B006B181E3875FD254F7B67ACF1E7C 13:26:59.0903 2196 MTsensor ( LockedFile.Multi.Generic ) - warning 13:26:59.0903 2196 MTsensor - detected LockedFile.Multi.Generic (1) 13:26:59.0943 2196 [ 07AD6825D5C658595CAB7F8F5849401C ] MtsHID C:\Windows\system32\drivers\MtsHID.sys 13:26:59.0943 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MtsHID.sys. md5: 07AD6825D5C658595CAB7F8F5849401C 13:26:59.0943 2196 MtsHID ( LockedFile.Multi.Generic ) - warning 13:26:59.0943 2196 MtsHID - detected LockedFile.Multi.Generic (1) 13:26:59.0963 2196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 13:26:59.0963 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8 13:26:59.0973 2196 Mup ( LockedFile.Multi.Generic ) - warning 13:26:59.0973 2196 Mup - detected LockedFile.Multi.Generic (1) 13:27:00.0013 2196 [ C752AB67A50F921622FE65725D1F6856 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys 13:27:00.0013 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mv91xx.sys. md5: C752AB67A50F921622FE65725D1F6856 13:27:00.0023 2196 mv91xx ( LockedFile.Multi.Generic ) - warning 13:27:00.0023 2196 mv91xx - detected LockedFile.Multi.Generic (1) 13:27:00.0073 2196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 13:27:00.0123 2196 napagent - ok 13:27:00.0153 2196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:27:00.0153 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33 13:27:00.0183 2196 NativeWifiP ( LockedFile.Multi.Generic ) - warning 13:27:00.0183 2196 NativeWifiP - detected LockedFile.Multi.Generic (1) 13:27:00.0223 2196 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 13:27:00.0223 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C 13:27:00.0243 2196 NDIS ( LockedFile.Multi.Generic ) - warning 13:27:00.0243 2196 NDIS - detected LockedFile.Multi.Generic (1) 13:27:00.0263 2196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:27:00.0263 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC 13:27:00.0273 2196 NdisCap ( LockedFile.Multi.Generic ) - warning 13:27:00.0273 2196 NdisCap - detected LockedFile.Multi.Generic (1) 13:27:00.0293 2196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:27:00.0293 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5 13:27:00.0303 2196 NdisTapi ( LockedFile.Multi.Generic ) - warning 13:27:00.0303 2196 NdisTapi - detected LockedFile.Multi.Generic (1) 13:27:00.0343 2196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:27:00.0343 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356 13:27:00.0363 2196 Ndisuio ( LockedFile.Multi.Generic ) - warning 13:27:00.0363 2196 Ndisuio - detected LockedFile.Multi.Generic (1) 13:27:00.0393 2196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:27:00.0393 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11 13:27:00.0403 2196 NdisWan ( LockedFile.Multi.Generic ) - warning 13:27:00.0403 2196 NdisWan - detected LockedFile.Multi.Generic (1) 13:27:00.0433 2196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:27:00.0433 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879 13:27:00.0443 2196 NDProxy ( LockedFile.Multi.Generic ) - warning 13:27:00.0443 2196 NDProxy - detected LockedFile.Multi.Generic (1) 13:27:00.0463 2196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:27:00.0463 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4 13:27:00.0473 2196 NetBIOS ( LockedFile.Multi.Generic ) - warning 13:27:00.0473 2196 NetBIOS - detected LockedFile.Multi.Generic (1) 13:27:00.0493 2196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:27:00.0493 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068 13:27:00.0513 2196 NetBT ( LockedFile.Multi.Generic ) - warning 13:27:00.0513 2196 NetBT - detected LockedFile.Multi.Generic (1) 13:27:00.0533 2196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 13:27:00.0543 2196 Netlogon - ok 13:27:00.0583 2196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 13:27:00.0643 2196 Netman - ok 13:27:00.0693 2196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:27:00.0733 2196 NetMsmqActivator - ok 13:27:00.0749 2196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:27:00.0749 2196 NetPipeActivator - ok 13:27:00.0780 2196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 13:27:00.0827 2196 netprofm - ok 13:27:00.0842 2196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:27:00.0842 2196 NetTcpActivator - ok 13:27:00.0873 2196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:27:00.0889 2196 NetTcpPortSharing - ok 13:27:00.0920 2196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 13:27:00.0920 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92 13:27:00.0920 2196 nfrd960 ( LockedFile.Multi.Generic ) - warning 13:27:00.0920 2196 nfrd960 - detected LockedFile.Multi.Generic (1) 13:27:01.0014 2196 [ CEBCEBF19AF17489E60804F440F5CBFE ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe 13:27:01.0029 2196 NitroReaderDriverReadSpool2 - ok 13:27:01.0076 2196 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 13:27:01.0123 2196 NlaSvc - ok 13:27:01.0139 2196 NmPar - ok 13:27:01.0154 2196 nmserial - ok 13:27:01.0185 2196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:27:01.0185 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7 13:27:01.0185 2196 Npfs ( LockedFile.Multi.Generic ) - warning 13:27:01.0185 2196 Npfs - detected LockedFile.Multi.Generic (1) 13:27:01.0232 2196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 13:27:01.0279 2196 nsi - ok 13:27:01.0310 2196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:27:01.0310 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001 13:27:01.0310 2196 nsiproxy ( LockedFile.Multi.Generic ) - warning 13:27:01.0310 2196 nsiproxy - detected LockedFile.Multi.Generic (1) 13:27:01.0388 2196 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:27:01.0388 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: A2F74975097F52A00745F9637451FDD8 13:27:01.0388 2196 Ntfs ( LockedFile.Multi.Generic ) - warning 13:27:01.0388 2196 Ntfs - detected LockedFile.Multi.Generic (1) 13:27:01.0419 2196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 13:27:01.0419 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1 13:27:01.0435 2196 Null ( LockedFile.Multi.Generic ) - warning 13:27:01.0435 2196 Null - detected LockedFile.Multi.Generic (1) 13:27:01.0451 2196 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 13:27:01.0451 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nusb3hub.sys. md5: 285ACEC1B13A15BA520AAE06BACB9CFF 13:27:01.0466 2196 nusb3hub ( LockedFile.Multi.Generic ) - warning 13:27:01.0466 2196 nusb3hub - detected LockedFile.Multi.Generic (1) 13:27:01.0513 2196 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 13:27:01.0513 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nusb3xhc.sys. md5: F6D625FF7B56BB6EA063F0D3A5BBC996 13:27:01.0529 2196 nusb3xhc ( LockedFile.Multi.Generic ) - warning 13:27:01.0529 2196 nusb3xhc - detected LockedFile.Multi.Generic (1) 13:27:01.0544 2196 [ 7FD5C060CB907489A5702F628226F54A ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys 13:27:01.0544 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NVAMACPI.sys. md5: 7FD5C060CB907489A5702F628226F54A 13:27:01.0560 2196 nvamacpi ( LockedFile.Multi.Generic ) - warning 13:27:01.0560 2196 nvamacpi - detected LockedFile.Multi.Generic (1) 13:27:01.0607 2196 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 13:27:01.0607 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvhda64v.sys. md5: 102806B360D0E6BC6E55BF47EF655D43 13:27:01.0622 2196 NVHDA ( LockedFile.Multi.Generic ) - warning 13:27:01.0622 2196 NVHDA - detected LockedFile.Multi.Generic (1) 13:27:01.0841 2196 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:27:01.0841 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: BA0B4889C40380A01ECDF84C227A89C9 13:27:01.0872 2196 nvlddmkm ( LockedFile.Multi.Generic ) - warning 13:27:01.0872 2196 nvlddmkm - detected LockedFile.Multi.Generic (1) 13:27:01.0919 2196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:27:01.0919 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD 13:27:01.0934 2196 nvraid ( LockedFile.Multi.Generic ) - warning 13:27:01.0934 2196 nvraid - detected LockedFile.Multi.Generic (1) 13:27:01.0950 2196 [ 694F5E9D9D624D47F432F5B2E66A0528 ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys 13:27:01.0950 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvrd64.sys. md5: 694F5E9D9D624D47F432F5B2E66A0528 13:27:01.0965 2196 nvrd64 ( LockedFile.Multi.Generic ) - warning 13:27:01.0965 2196 nvrd64 - detected LockedFile.Multi.Generic (1) 13:27:01.0981 2196 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys 13:27:01.0981 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvsmu.sys. md5: E58D81FB8616D0CB55C1E36AA0B213C9 13:27:01.0997 2196 nvsmu ( LockedFile.Multi.Generic ) - warning 13:27:01.0997 2196 nvsmu - detected LockedFile.Multi.Generic (1) 13:27:02.0012 2196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:27:02.0012 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A 13:27:02.0028 2196 nvstor ( LockedFile.Multi.Generic ) - warning 13:27:02.0028 2196 nvstor - detected LockedFile.Multi.Generic (1) 13:27:02.0059 2196 [ 05DE5DC43AFE6CAB78F9C7CA044CBCBE ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 13:27:02.0059 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvstor64.sys. md5: 05DE5DC43AFE6CAB78F9C7CA044CBCBE 13:27:02.0059 2196 nvstor64 ( LockedFile.Multi.Generic ) - warning 13:27:02.0059 2196 nvstor64 - detected LockedFile.Multi.Generic (1) 13:27:02.0106 2196 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe 13:27:02.0121 2196 nvsvc - ok 13:27:02.0215 2196 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 13:27:02.0246 2196 nvUpdatusService - ok 13:27:02.0309 2196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:27:02.0309 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05 13:27:02.0309 2196 nv_agp ( LockedFile.Multi.Generic ) - warning 13:27:02.0309 2196 nv_agp - detected LockedFile.Multi.Generic (1) 13:27:02.0324 2196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:27:02.0324 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0 13:27:02.0340 2196 ohci1394 ( LockedFile.Multi.Generic ) - warning 13:27:02.0340 2196 ohci1394 - detected LockedFile.Multi.Generic (1) 13:27:02.0418 2196 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:27:02.0418 2196 ose - ok 13:27:02.0558 2196 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 13:27:02.0636 2196 osppsvc - ok 13:27:02.0699 2196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:27:02.0777 2196 p2pimsvc - ok 13:27:02.0808 2196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 13:27:02.0823 2196 p2psvc - ok 13:27:02.0886 2196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 13:27:02.0886 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887 13:27:02.0886 2196 Parport ( LockedFile.Multi.Generic ) - warning 13:27:02.0886 2196 Parport - detected LockedFile.Multi.Generic (1) 13:27:02.0933 2196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:27:02.0933 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C 13:27:02.0933 2196 partmgr ( LockedFile.Multi.Generic ) - warning 13:27:02.0933 2196 partmgr - detected LockedFile.Multi.Generic (1) 13:27:02.0964 2196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:27:03.0057 2196 PcaSvc - ok 13:27:03.0104 2196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 13:27:03.0104 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3 13:27:03.0104 2196 pci ( LockedFile.Multi.Generic ) - warning 13:27:03.0120 2196 pci - detected LockedFile.Multi.Generic (1) 13:27:03.0135 2196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 13:27:03.0135 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA 13:27:03.0151 2196 pciide ( LockedFile.Multi.Generic ) - warning 13:27:03.0151 2196 pciide - detected LockedFile.Multi.Generic (1) 13:27:03.0198 2196 [ D7C203015E2C2A2EAC8DACEF156D8DC3 ] PciIsaSerial C:\Windows\system32\DRIVERS\PciIsaSerial.sys 13:27:03.0198 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\PciIsaSerial.sys. md5: D7C203015E2C2A2EAC8DACEF156D8DC3 13:27:03.0198 2196 PciIsaSerial ( LockedFile.Multi.Generic ) - warning 13:27:03.0198 2196 PciIsaSerial - detected LockedFile.Multi.Generic (1) 13:27:03.0213 2196 [ 088B509B2F35A3CEE00AC0E0BC4C5BED ] PciPPorts C:\Windows\system32\DRIVERS\PciPPorts.sys 13:27:03.0213 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\PciPPorts.sys. md5: 088B509B2F35A3CEE00AC0E0BC4C5BED 13:27:03.0229 2196 PciPPorts ( LockedFile.Multi.Generic ) - warning 13:27:03.0229 2196 PciPPorts - detected LockedFile.Multi.Generic (1) 13:27:03.0229 2196 [ 7F97CDD5E91FC73DA2B01344957AA058 ] PciSPorts C:\Windows\system32\DRIVERS\PciSPorts.sys 13:27:03.0229 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\PciSPorts.sys. md5: 7F97CDD5E91FC73DA2B01344957AA058 13:27:03.0245 2196 PciSPorts ( LockedFile.Multi.Generic ) - warning 13:27:03.0245 2196 PciSPorts - detected LockedFile.Multi.Generic (1) 13:27:03.0260 2196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 13:27:03.0260 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F 13:27:03.0276 2196 pcmcia ( LockedFile.Multi.Generic ) - warning 13:27:03.0276 2196 pcmcia - detected LockedFile.Multi.Generic (1) 13:27:03.0291 2196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 13:27:03.0291 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603 13:27:03.0307 2196 pcw ( LockedFile.Multi.Generic ) - warning 13:27:03.0307 2196 pcw - detected LockedFile.Multi.Generic (1) 13:27:03.0338 2196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:27:03.0338 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E 13:27:03.0338 2196 PEAUTH ( LockedFile.Multi.Generic ) - warning 13:27:03.0338 2196 PEAUTH - detected LockedFile.Multi.Generic (1) 13:27:03.0447 2196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:27:03.0479 2196 PerfHost - ok 13:27:03.0541 2196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 13:27:03.0603 2196 pla - ok 13:27:03.0666 2196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:27:03.0744 2196 PlugPlay - ok 13:27:03.0775 2196 PnkBstrA - ok 13:27:03.0822 2196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:27:03.0837 2196 PNRPAutoReg - ok 13:27:03.0884 2196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:27:03.0884 2196 PNRPsvc - ok 13:27:03.0947 2196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:27:03.0993 2196 PolicyAgent - ok 13:27:04.0040 2196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 13:27:04.0087 2196 Power - ok 13:27:04.0118 2196 [ 14C04684A25C221EBE2105D169B4B6FF ] PPorts C:\Windows\system32\DRIVERS\PPorts.sys 13:27:04.0118 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\PPorts.sys. md5: 14C04684A25C221EBE2105D169B4B6FF 13:27:04.0118 2196 PPorts ( LockedFile.Multi.Generic ) - warning 13:27:04.0118 2196 PPorts - detected LockedFile.Multi.Generic (1) 13:27:04.0165 2196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:27:04.0165 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9 13:27:04.0165 2196 PptpMiniport ( LockedFile.Multi.Generic ) - warning 13:27:04.0165 2196 PptpMiniport - detected LockedFile.Multi.Generic (1) 13:27:04.0212 2196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 13:27:04.0212 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF 13:27:04.0212 2196 Processor ( LockedFile.Multi.Generic ) - warning 13:27:04.0212 2196 Processor - detected LockedFile.Multi.Generic (1) 13:27:04.0259 2196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 13:27:04.0337 2196 ProfSvc - ok 13:27:04.0352 2196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:27:04.0368 2196 ProtectedStorage - ok 13:27:04.0399 2196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:27:04.0399 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D 13:27:04.0415 2196 Psched ( LockedFile.Multi.Generic ) - warning 13:27:04.0415 2196 Psched - detected LockedFile.Multi.Generic (1) 13:27:04.0446 2196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 13:27:04.0461 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0 13:27:04.0461 2196 ql2300 ( LockedFile.Multi.Generic ) - warning 13:27:04.0461 2196 ql2300 - detected LockedFile.Multi.Generic (1) 13:27:04.0493 2196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 13:27:04.0493 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8 13:27:04.0493 2196 ql40xx ( LockedFile.Multi.Generic ) - warning 13:27:04.0493 2196 ql40xx - detected LockedFile.Multi.Generic (1) 13:27:04.0539 2196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 13:27:04.0555 2196 QWAVE - ok 13:27:04.0586 2196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:27:04.0586 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C 13:27:04.0586 2196 QWAVEdrv ( LockedFile.Multi.Generic ) - warning 13:27:04.0586 2196 QWAVEdrv - detected LockedFile.Multi.Generic (1) 13:27:04.0617 2196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:27:04.0617 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704 13:27:04.0617 2196 RasAcd ( LockedFile.Multi.Generic ) - warning 13:27:04.0617 2196 RasAcd - detected LockedFile.Multi.Generic (1) 13:27:04.0649 2196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:27:04.0649 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90 13:27:04.0664 2196 RasAgileVpn ( LockedFile.Multi.Generic ) - warning 13:27:04.0664 2196 RasAgileVpn - detected LockedFile.Multi.Generic (1) 13:27:04.0680 2196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 13:27:04.0711 2196 RasAuto - ok 13:27:04.0727 2196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:27:04.0727 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA 13:27:04.0742 2196 Rasl2tp ( LockedFile.Multi.Generic ) - warning 13:27:04.0742 2196 Rasl2tp - detected LockedFile.Multi.Generic (1) 13:27:04.0773 2196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 13:27:04.0836 2196 RasMan - ok 13:27:04.0867 2196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:27:04.0867 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25 13:27:04.0867 2196 RasPppoe ( LockedFile.Multi.Generic ) - warning 13:27:04.0867 2196 RasPppoe - detected LockedFile.Multi.Generic (1) 13:27:04.0898 2196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:27:04.0898 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB 13:27:04.0898 2196 RasSstp ( LockedFile.Multi.Generic ) - warning 13:27:04.0898 2196 RasSstp - detected LockedFile.Multi.Generic (1) 13:27:04.0929 2196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:27:04.0929 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F 13:27:04.0929 2196 rdbss ( LockedFile.Multi.Generic ) - warning 13:27:04.0929 2196 rdbss - detected LockedFile.Multi.Generic (1) 13:27:04.0961 2196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 13:27:04.0961 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D 13:27:04.0961 2196 rdpbus ( LockedFile.Multi.Generic ) - warning 13:27:04.0961 2196 rdpbus - detected LockedFile.Multi.Generic (1) 13:27:04.0992 2196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:27:04.0992 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24 13:27:05.0007 2196 RDPCDD ( LockedFile.Multi.Generic ) - warning 13:27:05.0007 2196 RDPCDD - detected LockedFile.Multi.Generic (1) 13:27:05.0039 2196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:27:05.0039 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365 13:27:05.0039 2196 RDPENCDD ( LockedFile.Multi.Generic ) - warning 13:27:05.0039 2196 RDPENCDD - detected LockedFile.Multi.Generic (1) 13:27:05.0070 2196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:27:05.0070 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A 13:27:05.0085 2196 RDPREFMP ( LockedFile.Multi.Generic ) - warning 13:27:05.0085 2196 RDPREFMP - detected LockedFile.Multi.Generic (1) 13:27:05.0132 2196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:27:05.0132 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A 13:27:05.0132 2196 RDPWD ( LockedFile.Multi.Generic ) - warning 13:27:05.0132 2196 RDPWD - detected LockedFile.Multi.Generic (1) 13:27:05.0179 2196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:27:05.0179 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520 13:27:05.0210 2196 rdyboost ( LockedFile.Multi.Generic ) - warning 13:27:05.0210 2196 rdyboost - detected LockedFile.Multi.Generic (1) 13:27:05.0288 2196 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe 13:27:05.0319 2196 Realtek11nSU ( UnsignedFile.Multi.Generic ) - warning 13:27:05.0319 2196 Realtek11nSU - detected UnsignedFile.Multi.Generic (1) 13:27:05.0366 2196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:27:05.0413 2196 RemoteAccess - ok 13:27:05.0444 2196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:27:05.0507 2196 RemoteRegistry - ok 13:27:05.0538 2196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:27:05.0569 2196 RpcEptMapper - ok 13:27:05.0616 2196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 13:27:05.0631 2196 RpcLocator - ok 13:27:05.0678 2196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 13:27:05.0709 2196 RpcSs - ok 13:27:05.0725 2196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:27:05.0725 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF 13:27:05.0741 2196 rspndr ( LockedFile.Multi.Generic ) - warning 13:27:05.0741 2196 rspndr - detected LockedFile.Multi.Generic (1) 13:27:05.0787 2196 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 13:27:05.0787 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: B15C021C2C9BB217A799D9532E8F04D4 13:27:05.0787 2196 RTL8167 ( LockedFile.Multi.Generic ) - warning 13:27:05.0787 2196 RTL8167 - detected LockedFile.Multi.Generic (1) 13:27:05.0834 2196 [ 4629C5C4772D223B0ECD1EA8BA7A2A33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 13:27:05.0834 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RTL8192su.sys. md5: 4629C5C4772D223B0ECD1EA8BA7A2A33 13:27:05.0834 2196 RTL8192su ( LockedFile.Multi.Generic ) - warning 13:27:05.0834 2196 RTL8192su - detected LockedFile.Multi.Generic (1) 13:27:05.0865 2196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 13:27:05.0881 2196 SamSs - ok 13:27:05.0928 2196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:27:05.0928 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B 13:27:05.0928 2196 sbp2port ( LockedFile.Multi.Generic ) - warning 13:27:05.0928 2196 sbp2port - detected LockedFile.Multi.Generic (1) 13:27:05.0975 2196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:27:06.0006 2196 SCardSvr - ok 13:27:06.0037 2196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:27:06.0037 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B 13:27:06.0053 2196 scfilter ( LockedFile.Multi.Generic ) - warning 13:27:06.0053 2196 scfilter - detected LockedFile.Multi.Generic (1) 13:27:06.0115 2196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 13:27:06.0177 2196 Schedule - ok 13:27:06.0224 2196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 13:27:06.0255 2196 SCPolicySvc - ok 13:27:06.0302 2196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:27:06.0349 2196 SDRSVC - ok 13:27:06.0365 2196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:27:06.0365 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186 13:27:06.0380 2196 secdrv ( LockedFile.Multi.Generic ) - warning 13:27:06.0380 2196 secdrv - detected LockedFile.Multi.Generic (1) 13:27:06.0396 2196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 13:27:06.0443 2196 seclogon - ok 13:27:06.0489 2196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 13:27:06.0536 2196 SENS - ok 13:27:06.0567 2196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:27:06.0614 2196 SensrSvc - ok 13:27:06.0661 2196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 13:27:06.0661 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B 13:27:06.0661 2196 Serenum ( LockedFile.Multi.Generic ) - warning 13:27:06.0661 2196 Serenum - detected LockedFile.Multi.Generic (1) 13:27:06.0677 2196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 13:27:06.0677 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 13:27:06.0692 2196 Serial ( LockedFile.Multi.Generic ) - warning 13:27:06.0692 2196 Serial - detected LockedFile.Multi.Generic (1) 13:27:06.0723 2196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 13:27:06.0723 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3 13:27:06.0723 2196 sermouse ( LockedFile.Multi.Generic ) - warning 13:27:06.0723 2196 sermouse - detected LockedFile.Multi.Generic (1) 13:27:06.0786 2196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 13:27:06.0817 2196 SessionEnv - ok 13:27:06.0848 2196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:27:06.0848 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF 13:27:06.0864 2196 sffdisk ( LockedFile.Multi.Generic ) - warning 13:27:06.0864 2196 sffdisk - detected LockedFile.Multi.Generic (1) 13:27:06.0879 2196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:27:06.0879 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF 13:27:06.0895 2196 sffp_mmc ( LockedFile.Multi.Generic ) - warning 13:27:06.0895 2196 sffp_mmc - detected LockedFile.Multi.Generic (1) 13:27:06.0895 2196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:27:06.0895 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C 13:27:06.0911 2196 sffp_sd ( LockedFile.Multi.Generic ) - warning 13:27:06.0911 2196 sffp_sd - detected LockedFile.Multi.Generic (1) 13:27:06.0942 2196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 13:27:06.0942 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4 13:27:06.0942 2196 sfloppy ( LockedFile.Multi.Generic ) - warning 13:27:06.0942 2196 sfloppy - detected LockedFile.Multi.Generic (1) 13:27:07.0004 2196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:27:07.0035 2196 ShellHWDetection - ok 13:27:07.0082 2196 [ DA492C8305434EC6F9BDD60C8B83B10E ] Si3124r5 C:\Windows\system32\DRIVERS\Si3124r5.sys 13:27:07.0082 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Si3124r5.sys. md5: DA492C8305434EC6F9BDD60C8B83B10E 13:27:07.0098 2196 Si3124r5 ( LockedFile.Multi.Generic ) - warning 13:27:07.0098 2196 Si3124r5 - detected LockedFile.Multi.Generic (1) 13:27:07.0113 2196 [ 8D10887A1699CF61E74467694B929B09 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys 13:27:07.0113 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiWinAcc.sys. md5: 8D10887A1699CF61E74467694B929B09 13:27:07.0129 2196 SiFilter ( LockedFile.Multi.Generic ) - warning 13:27:07.0129 2196 SiFilter - detected LockedFile.Multi.Generic (1) 13:27:07.0145 2196 [ 94E1EDA9A0B305A67EE1BBD0A68CE21A ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys 13:27:07.0145 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiRemFil.sys. md5: 94E1EDA9A0B305A67EE1BBD0A68CE21A 13:27:07.0145 2196 SiRemFil ( LockedFile.Multi.Generic ) - warning 13:27:07.0145 2196 SiRemFil - detected LockedFile.Multi.Generic (1) 13:27:07.0176 2196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:27:07.0176 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1 13:27:07.0191 2196 SiSRaid2 ( LockedFile.Multi.Generic ) - warning 13:27:07.0191 2196 SiSRaid2 - detected LockedFile.Multi.Generic (1) 13:27:07.0207 2196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 13:27:07.0207 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4 13:27:07.0223 2196 SiSRaid4 ( LockedFile.Multi.Generic ) - warning 13:27:07.0223 2196 SiSRaid4 - detected LockedFile.Multi.Generic (1) 13:27:07.0238 2196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:27:07.0238 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4 13:27:07.0254 2196 Smb ( LockedFile.Multi.Generic ) - warning 13:27:07.0254 2196 Smb - detected LockedFile.Multi.Generic (1) 13:27:07.0301 2196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:27:07.0332 2196 SNMPTRAP - ok 13:27:07.0363 2196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 13:27:07.0363 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9 13:27:07.0379 2196 spldr ( LockedFile.Multi.Generic ) - warning 13:27:07.0379 2196 spldr - detected LockedFile.Multi.Generic (1) 13:27:07.0410 2196 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 13:27:07.0441 2196 Spooler - ok 13:27:07.0457 2196 [ 739C2571867F351167D1D958990E9D84 ] SPorts C:\Windows\system32\DRIVERS\SPorts.sys 13:27:07.0457 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SPorts.sys. md5: 739C2571867F351167D1D958990E9D84 13:27:07.0472 2196 SPorts ( LockedFile.Multi.Generic ) - warning 13:27:07.0472 2196 SPorts - detected LockedFile.Multi.Generic (1) 13:27:07.0550 2196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 13:27:07.0644 2196 sppsvc - ok 13:27:07.0691 2196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:27:07.0737 2196 sppuinotify - ok 13:27:07.0800 2196 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 13:27:07.0815 2196 SQLBrowser - ok 13:27:07.0878 2196 [ 582F8B13E1042C49A4A5A7BB52F518E4 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 13:27:07.0893 2196 SQLWriter - ok 13:27:07.0925 2196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 13:27:07.0925 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B 13:27:07.0940 2196 srv ( LockedFile.Multi.Generic ) - warning 13:27:07.0940 2196 srv - detected LockedFile.Multi.Generic (1) 13:27:07.0971 2196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:27:07.0971 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28 13:27:07.0987 2196 srv2 ( LockedFile.Multi.Generic ) - warning 13:27:07.0987 2196 srv2 - detected LockedFile.Multi.Generic (1) 13:27:08.0034 2196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:27:08.0034 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3 13:27:08.0034 2196 srvnet ( LockedFile.Multi.Generic ) - warning 13:27:08.0034 2196 srvnet - detected LockedFile.Multi.Generic (1) 13:27:08.0065 2196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:27:08.0112 2196 SSDPSRV - ok 13:27:08.0143 2196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:27:08.0190 2196 SstpSvc - ok 13:27:08.0237 2196 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 13:27:08.0237 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ssudmdm.sys. md5: 855335BF5792E56164F98C012E3D92DD 13:27:08.0237 2196 ssudmdm ( LockedFile.Multi.Generic ) - warning 13:27:08.0237 2196 ssudmdm - detected LockedFile.Multi.Generic (1) 13:27:08.0268 2196 Steam Client Service - ok 13:27:08.0361 2196 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 13:27:08.0377 2196 Stereo Service - ok 13:27:08.0424 2196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 13:27:08.0424 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A 13:27:08.0439 2196 stexstor ( LockedFile.Multi.Generic ) - warning 13:27:08.0439 2196 stexstor - detected LockedFile.Multi.Generic (1) 13:27:08.0486 2196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 13:27:08.0502 2196 stisvc - ok 13:27:08.0533 2196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 13:27:08.0533 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90 13:27:08.0549 2196 swenum ( LockedFile.Multi.Generic ) - warning 13:27:08.0549 2196 swenum - detected LockedFile.Multi.Generic (1) 13:27:08.0595 2196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 13:27:08.0627 2196 swprv - ok 13:27:08.0705 2196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 13:27:08.0751 2196 SysMain - ok 13:27:08.0798 2196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:27:08.0814 2196 TabletInputService - ok 13:27:08.0845 2196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:27:08.0892 2196 TapiSrv - ok 13:27:08.0923 2196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 13:27:08.0954 2196 TBS - ok 13:27:09.0017 2196 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:27:09.0017 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9 13:27:09.0048 2196 Tcpip ( LockedFile.Multi.Generic ) - warning 13:27:09.0048 2196 Tcpip - detected LockedFile.Multi.Generic (1) 13:27:09.0079 2196 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:27:09.0079 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9 13:27:09.0095 2196 TCPIP6 ( LockedFile.Multi.Generic ) - warning 13:27:09.0095 2196 TCPIP6 - detected LockedFile.Multi.Generic (1) 13:27:09.0157 2196 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:27:09.0157 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519 13:27:09.0157 2196 tcpipreg ( LockedFile.Multi.Generic ) - warning 13:27:09.0157 2196 tcpipreg - detected LockedFile.Multi.Generic (1) 13:27:09.0188 2196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:27:09.0188 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C 13:27:09.0204 2196 TDPIPE ( LockedFile.Multi.Generic ) - warning 13:27:09.0204 2196 TDPIPE - detected LockedFile.Multi.Generic (1) 13:27:09.0235 2196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:27:09.0235 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8 13:27:09.0251 2196 TDTCP ( LockedFile.Multi.Generic ) - warning 13:27:09.0251 2196 TDTCP - detected LockedFile.Multi.Generic (1) 13:27:09.0297 2196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:27:09.0297 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806 13:27:09.0297 2196 tdx ( LockedFile.Multi.Generic ) - warning 13:27:09.0297 2196 tdx - detected LockedFile.Multi.Generic (1) 13:27:09.0344 2196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 13:27:09.0344 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5 13:27:09.0344 2196 TermDD ( LockedFile.Multi.Generic ) - warning 13:27:09.0344 2196 TermDD - detected LockedFile.Multi.Generic (1) 13:27:09.0391 2196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 13:27:09.0453 2196 TermService - ok 13:27:09.0500 2196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 13:27:09.0531 2196 Themes - ok 13:27:09.0578 2196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 13:27:09.0609 2196 THREADORDER - ok 13:27:09.0641 2196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 13:27:09.0687 2196 TrkWks - ok 13:27:09.0765 2196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:27:09.0812 2196 TrustedInstaller - ok 13:27:09.0859 2196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:27:09.0859 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30 13:27:09.0859 2196 tssecsrv ( LockedFile.Multi.Generic ) - warning 13:27:09.0859 2196 tssecsrv - detected LockedFile.Multi.Generic (1) 13:27:09.0906 2196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 13:27:09.0906 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9 13:27:09.0906 2196 TsUsbFlt ( LockedFile.Multi.Generic ) - warning 13:27:09.0906 2196 TsUsbFlt - detected LockedFile.Multi.Generic (1) 13:27:09.0953 2196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:27:09.0953 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894 13:27:09.0968 2196 tunnel ( LockedFile.Multi.Generic ) - warning 13:27:09.0968 2196 tunnel - detected LockedFile.Multi.Generic (1) 13:27:10.0015 2196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 13:27:10.0015 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67 13:27:10.0015 2196 uagp35 ( LockedFile.Multi.Generic ) - warning 13:27:10.0015 2196 uagp35 - detected LockedFile.Multi.Generic (1) 13:27:10.0062 2196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:27:10.0062 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593 13:27:10.0062 2196 udfs ( LockedFile.Multi.Generic ) - warning 13:27:10.0062 2196 udfs - detected LockedFile.Multi.Generic (1) 13:27:10.0093 2196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:27:10.0109 2196 UI0Detect - ok 13:27:10.0140 2196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:27:10.0140 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320 13:27:10.0140 2196 uliagpkx ( LockedFile.Multi.Generic ) - warning 13:27:10.0140 2196 uliagpkx - detected LockedFile.Multi.Generic (1) 13:27:10.0171 2196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:27:10.0171 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561 13:27:10.0187 2196 umbus ( LockedFile.Multi.Generic ) - warning 13:27:10.0187 2196 umbus - detected LockedFile.Multi.Generic (1) 13:27:10.0218 2196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 13:27:10.0218 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D 13:27:10.0218 2196 UmPass ( LockedFile.Multi.Generic ) - warning 13:27:10.0218 2196 UmPass - detected LockedFile.Multi.Generic (1) 13:27:10.0249 2196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 13:27:10.0280 2196 upnphost - ok 13:27:10.0358 2196 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 13:27:10.0358 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbaapl64.sys. md5: AF1B9474D67897D0C2CFF58E0ACEACCC 13:27:10.0358 2196 USBAAPL64 ( LockedFile.Multi.Generic ) - warning 13:27:10.0358 2196 USBAAPL64 - detected LockedFile.Multi.Generic (1) 13:27:10.0405 2196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:27:10.0405 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C 13:27:10.0405 2196 usbccgp ( LockedFile.Multi.Generic ) - warning 13:27:10.0405 2196 usbccgp - detected LockedFile.Multi.Generic (1) 13:27:10.0436 2196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:27:10.0436 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7 13:27:10.0452 2196 usbcir ( LockedFile.Multi.Generic ) - warning 13:27:10.0452 2196 usbcir - detected LockedFile.Multi.Generic (1) 13:27:10.0483 2196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 13:27:10.0483 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B 13:27:10.0483 2196 usbehci ( LockedFile.Multi.Generic ) - warning 13:27:10.0483 2196 usbehci - detected LockedFile.Multi.Generic (1) 13:27:10.0530 2196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:27:10.0545 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24 13:27:10.0561 2196 usbhub ( LockedFile.Multi.Generic ) - warning 13:27:10.0561 2196 usbhub - detected LockedFile.Multi.Generic (1) 13:27:10.0608 2196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:27:10.0608 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31 13:27:10.0608 2196 usbohci ( LockedFile.Multi.Generic ) - warning 13:27:10.0608 2196 usbohci - detected LockedFile.Multi.Generic (1) 13:27:10.0639 2196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:27:10.0639 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D 13:27:10.0639 2196 usbprint ( LockedFile.Multi.Generic ) - warning 13:27:10.0639 2196 usbprint - detected LockedFile.Multi.Generic (1) 13:27:10.0686 2196 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 13:27:10.0686 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0 13:27:10.0686 2196 usbscan ( LockedFile.Multi.Generic ) - warning 13:27:10.0686 2196 usbscan - detected LockedFile.Multi.Generic (1) 13:27:10.0733 2196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:27:10.0733 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6 13:27:10.0733 2196 USBSTOR ( LockedFile.Multi.Generic ) - warning 13:27:10.0733 2196 USBSTOR - detected LockedFile.Multi.Generic (1) 13:27:10.0748 2196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 13:27:10.0748 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD 13:27:10.0748 2196 usbuhci ( LockedFile.Multi.Generic ) - warning 13:27:10.0748 2196 usbuhci - detected LockedFile.Multi.Generic (1) 13:27:10.0795 2196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 13:27:10.0811 2196 UxSms - ok 13:27:10.0826 2196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 13:27:10.0842 2196 VaultSvc - ok 13:27:10.0857 2196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 13:27:10.0857 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD 13:27:10.0873 2196 vdrvroot ( LockedFile.Multi.Generic ) - warning 13:27:10.0873 2196 vdrvroot - detected LockedFile.Multi.Generic (1) 13:27:10.0935 2196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 13:27:10.0982 2196 vds - ok 13:27:10.0998 2196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:27:10.0998 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD 13:27:10.0998 2196 vga ( LockedFile.Multi.Generic ) - warning 13:27:10.0998 2196 vga - detected LockedFile.Multi.Generic (1) 13:27:11.0013 2196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 13:27:11.0013 2196 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC 13:27:11.0013 2196 VgaSave ( LockedFile.Multi.Generic ) - warning 13:27:11.0013 2196 VgaSave - detected LockedFile.Multi.Generic (1) 13:27:11.0060 2196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 13:27:11.0060 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB 13:27:11.0076 2196 vhdmp ( LockedFile.Multi.Generic ) - warning 13:27:11.0076 2196 vhdmp - detected LockedFile.Multi.Generic (1) 13:27:11.0107 2196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 13:27:11.0107 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54 13:27:11.0107 2196 viaide ( LockedFile.Multi.Generic ) - warning 13:27:11.0107 2196 viaide - detected LockedFile.Multi.Generic (1) 13:27:11.0138 2196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:27:11.0138 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0 13:27:11.0138 2196 volmgr ( LockedFile.Multi.Generic ) - warning 13:27:11.0138 2196 volmgr - detected LockedFile.Multi.Generic (1) 13:27:11.0185 2196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:27:11.0185 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B 13:27:11.0201 2196 volmgrx ( LockedFile.Multi.Generic ) - warning 13:27:11.0201 2196 volmgrx - detected LockedFile.Multi.Generic (1) 13:27:11.0216 2196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:27:11.0216 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639 13:27:11.0232 2196 volsnap ( LockedFile.Multi.Generic ) - warning 13:27:11.0232 2196 volsnap - detected LockedFile.Multi.Generic (1) 13:27:11.0263 2196 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys 13:27:11.0263 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: B4A73CA4EF9A02B9738CEA9AD5FE5917 13:27:11.0263 2196 vpcbus ( LockedFile.Multi.Generic ) - warning 13:27:11.0263 2196 vpcbus - detected LockedFile.Multi.Generic (1) 13:27:11.0341 2196 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys 13:27:11.0341 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: E675FB2B48C54F09895482E2253B289C 13:27:11.0357 2196 vpcnfltr ( LockedFile.Multi.Generic ) - warning 13:27:11.0357 2196 vpcnfltr - detected LockedFile.Multi.Generic (1) 13:27:11.0372 2196 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys 13:27:11.0372 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 5FB42082B0D19A0268705F1DD343DF20 13:27:11.0388 2196 vpcusb ( LockedFile.Multi.Generic ) - warning 13:27:11.0388 2196 vpcusb - detected LockedFile.Multi.Generic (1) 13:27:11.0450 2196 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys 13:27:11.0450 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\vpcvmm.sys. md5: 207B6539799CC1C112661A9B620DD233 13:27:11.0450 2196 vpcvmm ( LockedFile.Multi.Generic ) - warning 13:27:11.0450 2196 vpcvmm - detected LockedFile.Multi.Generic (1) 13:27:11.0497 2196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid |
|
18.11.2012, 13:40
| #4 |
| | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Hallo Cosinus, hier der zweite Teil des Reports des TDS.Killers, hatte wohl zu viel Zeicjen für einen post. C:\Windows\system32\DRIVERS\vsmraid.sys 13:27:11.0497 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997 13:27:11.0513 2196 vsmraid ( LockedFile.Multi.Generic ) - warning 13:27:11.0513 2196 vsmraid - detected LockedFile.Multi.Generic (1) 13:27:11.0559 2196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 13:27:11.0606 2196 VSS - ok 13:27:11.0622 2196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 13:27:11.0622 2196 Suspicious file (NoAccess): C:\Windows\System32\drivers\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1 13:27:11.0637 2196 vwifibus ( LockedFile.Multi.Generic ) - warning 13:27:11.0637 2196 vwifibus - detected LockedFile.Multi.Generic (1) 13:27:11.0684 2196 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 13:27:11.0684 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F 13:27:11.0684 2196 vwififlt ( LockedFile.Multi.Generic ) - warning 13:27:11.0684 2196 vwififlt - detected LockedFile.Multi.Generic (1) 13:27:11.0731 2196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 13:27:11.0778 2196 W32Time - ok 13:27:11.0825 2196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 13:27:11.0825 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E 13:27:11.0825 2196 WacomPen ( LockedFile.Multi.Generic ) - warning 13:27:11.0825 2196 WacomPen - detected LockedFile.Multi.Generic (1) 13:27:11.0871 2196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:27:11.0871 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C 13:27:11.0871 2196 WANARP ( LockedFile.Multi.Generic ) - warning 13:27:11.0871 2196 WANARP - detected LockedFile.Multi.Generic (1) 13:27:11.0887 2196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:27:11.0887 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C 13:27:11.0903 2196 Wanarpv6 ( LockedFile.Multi.Generic ) - warning 13:27:11.0903 2196 Wanarpv6 - detected LockedFile.Multi.Generic (1) 13:27:11.0949 2196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 13:27:12.0027 2196 wbengine - ok 13:27:12.0074 2196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:27:12.0090 2196 WbioSrvc - ok 13:27:12.0121 2196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:27:12.0168 2196 wcncsvc - ok 13:27:12.0199 2196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:27:12.0230 2196 WcsPlugInService - ok 13:27:12.0246 2196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 13:27:12.0246 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC 13:27:12.0246 2196 Wd ( LockedFile.Multi.Generic ) - warning 13:27:12.0246 2196 Wd - detected LockedFile.Multi.Generic (1) 13:27:12.0293 2196 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:27:12.0293 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250 13:27:12.0293 2196 Wdf01000 ( LockedFile.Multi.Generic ) - warning 13:27:12.0293 2196 Wdf01000 - detected LockedFile.Multi.Generic (1) 13:27:12.0324 2196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:27:12.0402 2196 WdiServiceHost - ok 13:27:12.0417 2196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:27:12.0433 2196 WdiSystemHost - ok 13:27:12.0480 2196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 13:27:12.0495 2196 WebClient - ok 13:27:12.0527 2196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:27:12.0573 2196 Wecsvc - ok 13:27:12.0620 2196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:27:12.0667 2196 wercplsupport - ok 13:27:12.0714 2196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 13:27:12.0745 2196 WerSvc - ok 13:27:12.0776 2196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:27:12.0776 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725 13:27:12.0792 2196 WfpLwf ( LockedFile.Multi.Generic ) - warning 13:27:12.0792 2196 WfpLwf - detected LockedFile.Multi.Generic (1) 13:27:12.0807 2196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:27:12.0807 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC 13:27:12.0823 2196 WIMMount ( LockedFile.Multi.Generic ) - warning 13:27:12.0823 2196 WIMMount - detected LockedFile.Multi.Generic (1) 13:27:12.0854 2196 WinHttpAutoProxySvc - ok 13:27:12.0932 2196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:27:12.0979 2196 Winmgmt - ok 13:27:13.0041 2196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 13:27:13.0088 2196 WinRM - ok 13:27:13.0166 2196 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 13:27:13.0166 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D 13:27:13.0166 2196 WinUsb ( LockedFile.Multi.Generic ) - warning 13:27:13.0166 2196 WinUsb - detected LockedFile.Multi.Generic (1) 13:27:13.0213 2196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 13:27:13.0229 2196 Wlansvc - ok 13:27:13.0353 2196 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:27:13.0400 2196 wlidsvc - ok 13:27:13.0447 2196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 13:27:13.0447 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778 13:27:13.0463 2196 WmiAcpi ( LockedFile.Multi.Generic ) - warning 13:27:13.0463 2196 WmiAcpi - detected LockedFile.Multi.Generic (1) 13:27:13.0494 2196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:27:13.0525 2196 wmiApSrv - ok 13:27:13.0572 2196 WMPNetworkSvc - ok 13:27:13.0603 2196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:27:13.0665 2196 WPCSvc - ok 13:27:13.0712 2196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:27:13.0759 2196 WPDBusEnum - ok 13:27:13.0790 2196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:27:13.0790 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52 13:27:13.0806 2196 ws2ifsl ( LockedFile.Multi.Generic ) - warning 13:27:13.0806 2196 ws2ifsl - detected LockedFile.Multi.Generic (1) 13:27:13.0821 2196 WSearch - ok 13:27:13.0884 2196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 13:27:13.0931 2196 wuauserv - ok 13:27:13.0977 2196 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:27:13.0977 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C 13:27:13.0993 2196 WudfPf ( LockedFile.Multi.Generic ) - warning 13:27:13.0993 2196 WudfPf - detected LockedFile.Multi.Generic (1) 13:27:14.0009 2196 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:27:14.0009 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682 13:27:14.0009 2196 WUDFRd ( LockedFile.Multi.Generic ) - warning 13:27:14.0009 2196 WUDFRd - detected LockedFile.Multi.Generic (1) 13:27:14.0055 2196 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:27:14.0071 2196 wudfsvc - ok 13:27:14.0102 2196 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 13:27:14.0133 2196 WwanSvc - ok 13:27:14.0180 2196 ================ Scan global =============================== 13:27:14.0211 2196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 13:27:14.0243 2196 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 13:27:14.0258 2196 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 13:27:14.0274 2196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 13:27:14.0305 2196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 13:27:14.0305 2196 [Global] - ok 13:27:14.0305 2196 ================ Scan MBR ================================== 13:27:14.0305 2196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 13:27:14.0664 2196 \Device\Harddisk0\DR0 - ok 13:27:14.0664 2196 ================ Scan VBR ================================== 13:27:14.0664 2196 [ 9164699B07EA2665E5B79683035A3A20 ] \Device\Harddisk0\DR0\Partition1 13:27:14.0664 2196 \Device\Harddisk0\DR0\Partition1 - ok 13:27:14.0679 2196 [ A93860736A9C9218535825594CA99AF3 ] \Device\Harddisk0\DR0\Partition2 13:27:14.0695 2196 \Device\Harddisk0\DR0\Partition2 - ok 13:27:14.0695 2196 ============================================================ 13:27:14.0695 2196 Scan finished 13:27:14.0695 2196 ============================================================ 13:27:14.0695 2208 Detected object count: 239 13:27:14.0695 2208 Actual detected object count: 239 13:27:49.0670 2208 906d6994eace405d ( Rootkit.Win32.Necurs.gen ) - skipped by user 13:27:49.0670 2208 906d6994eace405d ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 13:27:49.0670 2208 cdfs ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0670 2208 cdrom ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0670 2208 circlass ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 circlass ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0670 2208 CLFS ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 CLFS ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0670 2208 CNG ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 CNG ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0670 2208 Compbatt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0670 2208 CompositeBus ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0670 2208 crcdisk ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0670 2208 DfsC ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0670 2208 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 dg_ssudbus ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 dg_ssudbus ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 discache ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 discache ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 Disk ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 Disk ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 drmkaud ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 ebdrv ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 elxstor ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 ErrDev ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 exfat ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 exfat ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 fastfat ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 fdc ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 fdc ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 FileInfo ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 Filetrace ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 flpydisk ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 FltMgr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 FsDepends ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 fssfltr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 fssfltr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 FTDIBUS ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 FTDIBUS ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0686 2208 FTSER2K ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0686 2208 FTSER2K ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 fvevol ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 GEARAspiWDM ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 GEARAspiWDM ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HECIx64 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HECIx64 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HidBatt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HidBth ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HidIr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HidUsb ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 HTTP ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 i8042prt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 iaStor ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 iaStor ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0701 2208 iaStorV ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0701 2208 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 iirsp ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 Impcd ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 Impcd ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 intelide ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 intelide ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 intelppm ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 IPNAT ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 IRENUM ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 isapnp ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 ISASerial ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 ISASerial ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 JRAID ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 JRAID ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 kbdclass ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 kbdhid ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 KSecDD ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0717 2208 ksthunk ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0717 2208 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 LexPrintListener ( UnsignedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 LexPrintListener ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 LHidFilt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 LHidFilt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 lltdio ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 LMouFilt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 LMouFilt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 luafv ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 luafv ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 LUsbFilt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 LUsbFilt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 megasas ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 megasas ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 MegaSR ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 Modem ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 Modem ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 monitor ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 monitor ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 mouclass ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 mouhid ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 mountmgr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 mpio ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 mpio ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0733 2208 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0733 2208 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 msahci ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 msahci ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 msdsm ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 Msfs ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 msisadrv ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MSPQM ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MsRPC ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 mssmbios ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MSTEE ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MTConfig ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MTsensor ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0748 2208 MtsHID ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0748 2208 MtsHID ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 Mup ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 Mup ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 mv91xx ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 mv91xx ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NDIS ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NdisCap ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NdisWan ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NDProxy ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NetBT ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 Npfs ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 Ntfs ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 Null ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 Null ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 nusb3hub ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 nusb3hub ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 nusb3xhc ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 nusb3xhc ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 nvamacpi ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 nvamacpi ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0764 2208 NVHDA ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0764 2208 NVHDA ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 nvlddmkm ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 nvlddmkm ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 nvraid ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 nvrd64 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 nvrd64 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 nvsmu ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 nvsmu ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 nvstor ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 nvstor64 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 nvstor64 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 nv_agp ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 Parport ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 Parport ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 partmgr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 pci ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 pci ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 pciide ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 pciide ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 PciIsaSerial ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 PciIsaSerial ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 PciPPorts ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 PciPPorts ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 PciSPorts ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 PciSPorts ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 pcmcia ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 pcw ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 pcw ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0779 2208 PPorts ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0779 2208 PPorts ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 Processor ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 Processor ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 Psched ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 Psched ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 ql2300 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 ql40xx ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 RasAcd ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 RasSstp ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 rdbss ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 rdpbus ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 RDPWD ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 rdyboost ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0795 2208 Realtek11nSU ( UnsignedFile.Multi.Generic ) - skipped by user 13:27:49.0795 2208 Realtek11nSU ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 rspndr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 RTL8192su ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 RTL8192su ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 sbp2port ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 scfilter ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 secdrv ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 Serenum ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 Serial ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 Serial ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 sermouse ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 sffdisk ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 sfloppy ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 Si3124r5 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 Si3124r5 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 SiFilter ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 SiFilter ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 SiRemFil ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 SiRemFil ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0811 2208 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0811 2208 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 Smb ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 Smb ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 spldr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 spldr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 SPorts ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 SPorts ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 srv ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 srv ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 srv2 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 srvnet ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 ssudmdm ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 ssudmdm ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 stexstor ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 swenum ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 swenum ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 Tcpip ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 TDTCP ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 tdx ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 tdx ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 TermDD ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0826 2208 tunnel ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0826 2208 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 uagp35 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 udfs ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 udfs ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 umbus ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 umbus ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 UmPass ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 USBAAPL64 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 USBAAPL64 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 usbccgp ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 usbcir ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 usbehci ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 usbhub ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 usbohci ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 usbprint ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 usbscan ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 usbuhci ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 vga ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 vga ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0842 2208 VgaSave ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0842 2208 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 vhdmp ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 viaide ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 viaide ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 volmgr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 volmgrx ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 volsnap ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 vpcbus ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 vpcbus ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 vpcnfltr ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 vpcnfltr ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 vpcusb ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 vpcusb ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 vpcvmm ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 vpcvmm ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 vsmraid ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 vwifibus ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 vwififlt ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 WacomPen ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 WANARP ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 Wd ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 Wd ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0857 2208 WIMMount ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0857 2208 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0873 2208 WinUsb ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0873 2208 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0873 2208 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0873 2208 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0873 2208 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0873 2208 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0873 2208 WudfPf ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0873 2208 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 13:27:49.0873 2208 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user 13:27:49.0873 2208 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip |
|
18.11.2012, 22:00
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Die Logs sollst du doch in CODE-Tags posten! Ich hab dich gebeten alles gut durchzulesen und das war schon im ersten Hinweisposting! Außerdem ist das Log vom TDSS-Killer unvollständig Das TDSS-Killer-Log kannst du gezippt in den Anhang legen, aber ansonsten die Logs bitte NICHT anhängen!! Sie müssen nur dann in den Anhang (als eine ZIP-Datei mit allen Logdateien), wenn sie zu groß sind um direkt gepostet zu werden! Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher, übersichtlicher und man spart sich ne Menge Rumklickerei! Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.11.2012, 23:27
| #6 |
| | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Hallo cosinus; Danke für die rasche Antwort! hier nochmal die logfiles als code-Tag bzw. Anhang: hoffe ich habe das mit dem Code-Tag richtig verstanden. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 22:45:27
-----------------------------
22:45:27.721 OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:27.721 Number of processors: 4 586 0x1E05
22:45:27.721 ComputerName: DANIELPC UserName:
22:45:29.255 Initialze error C0000001 - driver not loaded
22:45:35.022 AVAST engine defs: 12111800
22:45:41.240 Service scanning
22:45:41.550 Service 1394ohci C:\Windows\system32\drivers\1394ohci.sys **LOCKED** 5
22:45:41.553 Service 906d6994eace405d C:\Windows\System32\Drivers\906d6994eace405d.sys **HIDDEN**
22:45:41.556 Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 5
22:45:41.562 Service AcpiPmi C:\Windows\system32\drivers\acpipmi.sys **LOCKED** 5
22:45:41.640 Service adp3132 C:\Windows\system32\DRIVERS\adp3132.sys **LOCKED** 5
22:45:41.651 Service adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys **LOCKED** 5
22:45:41.657 Service adpahci C:\Windows\system32\DRIVERS\adpahci.sys **LOCKED** 5
22:45:41.664 Service adpu320 C:\Windows\system32\DRIVERS\adpu320.sys **LOCKED** 5
22:45:41.700 Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 5
22:45:41.712 Service agp440 C:\Windows\system32\drivers\agp440.sys **LOCKED** 5
22:45:41.721 Service ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys **LOCKED** 5
22:45:41.758 Service aliide C:\Windows\system32\drivers\aliide.sys **LOCKED** 5
22:45:41.777 Service amdide C:\Windows\system32\drivers\amdide.sys **LOCKED** 5
22:45:41.804 Service amdide64 C:\Windows\system32\DRIVERS\amdide64.sys **LOCKED** 5
22:45:41.816 Service AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys **LOCKED** 5
22:45:41.832 Service AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys **LOCKED** 5
22:45:41.848 Service amdsata C:\Windows\system32\drivers\amdsata.sys **LOCKED** 5
22:45:41.864 Service amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys **LOCKED** 5
22:45:41.879 Service amdxata C:\Windows\system32\drivers\amdxata.sys **LOCKED** 5
22:45:41.895 Service amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys **LOCKED** 5
22:45:41.912 Service amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys **LOCKED** 5
22:45:42.032 Service AppID C:\Windows\system32\drivers\appid.sys **LOCKED** 5
22:45:42.174 Service arc C:\Windows\system32\DRIVERS\arc.sys **LOCKED** 5
22:45:42.188 Service arcsas C:\Windows\system32\DRIVERS\arcsas.sys **LOCKED** 5
22:45:42.319 Service AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys **LOCKED** 5
22:45:42.333 Service atapi C:\Windows\system32\drivers\atapi.sys **LOCKED** 5
22:45:42.342 Service atikmdag C:\Windows\system32\drivers\atikmdag.sys **LOCKED** 5
22:45:42.492 Service avipbb C:\Windows\system32\DRIVERS\avipbb.sys **LOCKED** 5
22:45:42.506 Service avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys **LOCKED** 5
22:45:42.551 Service b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys **LOCKED** 5
22:45:42.565 Service b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys **LOCKED** 5
22:45:42.607 Service Beep C:\Windows\System32\Drivers\Beep.sys **LOCKED** 5
22:45:42.670 Service blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys **LOCKED** 5
22:45:42.767 Service BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys **LOCKED** 5
22:45:42.780 Service BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys **LOCKED** 5
22:45:42.827 Service Brserid C:\Windows\System32\Drivers\Brserid.sys **LOCKED** 5
22:45:42.842 Service BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys **LOCKED** 5
22:45:42.852 Service BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys **LOCKED** 5
22:45:42.862 Service BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys **LOCKED** 5
22:45:42.873 Service BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys **LOCKED** 5
22:45:42.907 Service Bufeap C:\Windows\system32\DRIVERS\bufeap64.sys **LOCKED** 5
22:45:42.987 Service cdrom C:\Windows\system32\DRIVERS\cdrom.sys **LOCKED** 5
22:45:43.022 Service circlass C:\Windows\system32\DRIVERS\circlass.sys **LOCKED** 5
22:45:43.037 Service CLFS C:\Windows\System32\CLFS.sys **LOCKED** 5
22:45:43.261 Service CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys **LOCKED** 5
22:45:43.275 Service cmdide C:\Windows\system32\drivers\cmdide.sys **LOCKED** 5
22:45:43.286 Service CNG C:\Windows\System32\Drivers\cng.sys **LOCKED** 5
22:45:43.296 Service Compbatt C:\Windows\system32\DRIVERS\compbatt.sys **LOCKED** 5
22:45:43.307 Service CompositeBus C:\Windows\system32\drivers\CompositeBus.sys **LOCKED** 5
22:45:43.339 Service crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys **LOCKED** 5
22:45:43.469 Service dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys **LOCKED** 5
22:45:43.534 Service discache C:\Windows\System32\drivers\discache.sys **LOCKED** 5
22:45:43.549 Service Disk C:\Windows\system32\DRIVERS\disk.sys **LOCKED** 5
22:45:43.648 Service drmkaud C:\Windows\system32\drivers\drmkaud.sys **LOCKED** 5
22:45:43.663 Service DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys **LOCKED** 5
22:45:43.696 Service ebdrv C:\Windows\system32\DRIVERS\evbda.sys **LOCKED** 5
22:45:43.833 Service elxstor C:\Windows\system32\DRIVERS\elxstor.sys **LOCKED** 5
22:45:43.848 Service ErrDev C:\Windows\system32\drivers\errdev.sys **LOCKED** 5
22:45:44.029 Service fdc C:\Windows\system32\DRIVERS\fdc.sys **LOCKED** 5
22:45:44.090 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **LOCKED** 5
22:45:44.216 Service fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys **LOCKED** 5
22:45:44.396 Service Fs_Rec C:\Windows\System32\Drivers\Fs_Rec.sys **LOCKED** 5
22:45:44.411 Service FTDIBUS C:\Windows\system32\drivers\ftdibus.sys **LOCKED** 5
22:45:44.421 Service FTSER2K C:\Windows\system32\drivers\ftser2k.sys **LOCKED** 5
22:45:44.431 Service fvevol C:\Windows\System32\DRIVERS\fvevol.sys **LOCKED** 5
22:45:44.442 Service gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys **LOCKED** 5
22:45:44.452 Service GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys **LOCKED** 5
22:45:44.694 Service hcw85cir C:\Windows\system32\drivers\hcw85cir.sys **LOCKED** 5
22:45:44.710 Service HdAudAddService C:\Windows\system32\drivers\HdAudio.sys **LOCKED** 5
22:45:44.720 Service HDAudBus C:\Windows\system32\drivers\HDAudBus.sys **LOCKED** 5
22:45:44.730 Service HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys **LOCKED** 5
22:45:44.741 Service HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys **LOCKED** 5
22:45:44.751 Service HidBth C:\Windows\system32\DRIVERS\hidbth.sys **LOCKED** 5
22:45:44.761 Service HidIr C:\Windows\system32\DRIVERS\hidir.sys **LOCKED** 5
22:45:44.806 Service HidUsb C:\Windows\system32\drivers\hidusb.sys **LOCKED** 5
22:45:44.910 Service HpSAMD C:\Windows\system32\drivers\HpSAMD.sys **LOCKED** 5
22:45:44.924 Service HTTP C:\Windows\system32\drivers\HTTP.sys **LOCKED** 5
22:45:44.935 Service hwpolicy C:\Windows\System32\drivers\hwpolicy.sys **LOCKED** 5
22:45:44.945 Service i8042prt C:\Windows\system32\drivers\i8042prt.sys **LOCKED** 5
22:45:44.956 Service iaStor C:\Windows\system32\DRIVERS\iaStor.sys **LOCKED** 5
22:45:45.030 Service iaStorV C:\Windows\system32\drivers\iaStorV.sys **LOCKED** 5
22:45:45.229 Service iirsp C:\Windows\system32\DRIVERS\iirsp.sys **LOCKED** 5
22:45:45.300 Service Impcd C:\Windows\system32\DRIVERS\Impcd.sys **LOCKED** 5
22:45:45.315 Service intelide C:\Windows\system32\drivers\intelide.sys **LOCKED** 5
22:45:45.328 Service intelppm C:\Windows\system32\DRIVERS\intelppm.sys **LOCKED** 5
22:45:45.375 Service IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys **LOCKED** 5
22:45:45.390 Service IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys **LOCKED** 5
22:45:45.400 Service IPNAT C:\Windows\System32\drivers\ipnat.sys **LOCKED** 5
22:45:45.496 Service IRENUM C:\Windows\system32\drivers\irenum.sys **LOCKED** 5
22:45:45.510 Service isapnp C:\Windows\system32\drivers\isapnp.sys **LOCKED** 5
22:45:45.521 Service ISASerial C:\Windows\system32\DRIVERS\ISASerial.sys **LOCKED** 5
22:45:45.532 Service iScsiPrt C:\Windows\system32\drivers\msiscsi.sys **LOCKED** 5
22:45:45.542 Service JRAID C:\Windows\system32\DRIVERS\jraid.sys **LOCKED** 5
22:45:45.552 Service kbdclass C:\Windows\system32\drivers\kbdclass.sys **LOCKED** 5
22:45:45.562 Service kbdhid C:\Windows\system32\drivers\kbdhid.sys **LOCKED** 5
22:45:45.586 Service KSecDD C:\Windows\System32\Drivers\ksecdd.sys **LOCKED** 5
22:45:45.600 Service KSecPkg C:\Windows\System32\Drivers\ksecpkg.sys **LOCKED** 5
22:45:45.610 Service ksthunk C:\Windows\system32\drivers\ksthunk.sys **LOCKED** 5
22:45:45.919 Service LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys **LOCKED** 5
22:45:45.934 Service lltdio C:\Windows\system32\DRIVERS\lltdio.sys **LOCKED** 5
22:45:45.996 Service LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys **LOCKED** 5
22:45:46.011 Service LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys **LOCKED** 5
22:45:46.021 Service LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys **LOCKED** 5
22:45:46.031 Service LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys **LOCKED** 5
22:45:46.042 Service LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys **LOCKED** 5
22:45:46.052 Service LUsbFilt C:\Windows\System32\Drivers\LUsbFilt.Sys **LOCKED** 5
22:45:46.368 Service megasas C:\Windows\system32\DRIVERS\megasas.sys **LOCKED** 5
22:45:46.383 Service MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys **LOCKED** 5
22:45:48.033 Service Modem C:\Windows\system32\drivers\modem.sys **LOCKED** 5
22:45:48.048 Service monitor C:\Windows\system32\DRIVERS\monitor.sys **LOCKED** 5
22:45:48.058 Service mouclass C:\Windows\system32\drivers\mouclass.sys **LOCKED** 5
22:45:48.069 Service mouhid C:\Windows\system32\DRIVERS\mouhid.sys **LOCKED** 5
22:45:48.080 Service mountmgr C:\Windows\System32\drivers\mountmgr.sys **LOCKED** 5
22:45:48.148 Service mpio C:\Windows\system32\drivers\mpio.sys **LOCKED** 5
22:45:48.163 Service mpsdrv C:\Windows\System32\drivers\mpsdrv.sys **LOCKED** 5
22:45:48.184 Service msahci C:\Windows\system32\drivers\msahci.sys **LOCKED** 5
22:45:48.197 Service msdsm C:\Windows\system32\drivers\msdsm.sys **LOCKED** 5
22:45:48.234 Service mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys **LOCKED** 5
22:45:48.247 Service msisadrv C:\Windows\system32\drivers\msisadrv.sys **LOCKED** 5
22:45:48.333 Service MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys **LOCKED** 5
22:45:48.348 Service MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys **LOCKED** 5
22:45:48.358 Service MSPQM C:\Windows\system32\drivers\MSPQM.sys **LOCKED** 5
22:45:48.370 Service MsRPC C:\Windows\System32\Drivers\MsRPC.sys **LOCKED** 5
22:45:48.380 Service mssmbios C:\Windows\system32\drivers\mssmbios.sys **LOCKED** 5
22:45:50.044 Service MSTEE C:\Windows\system32\drivers\MSTEE.sys **LOCKED** 5
22:45:50.282 Service MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys **LOCKED** 5
22:45:50.296 Service MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys **LOCKED** 5
22:45:50.307 Service MtsHID C:\Windows\system32\drivers\MtsHID.sys **LOCKED** 5
22:45:50.317 Service mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys **LOCKED** 5
22:45:50.426 Service NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys **LOCKED** 5
22:45:50.442 Service NDIS C:\Windows\system32\drivers\ndis.sys **LOCKED** 5
22:45:50.452 Service NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys **LOCKED** 5
22:45:50.462 Service NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys **LOCKED** 5
22:45:50.473 Service Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys **LOCKED** 5
22:45:50.483 Service NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys **LOCKED** 5
22:45:50.493 Service NDProxy C:\Windows\System32\Drivers\NDProxy.sys **LOCKED** 5
22:45:50.504 Service NetBT C:\Windows\System32\DRIVERS\netbt.sys **LOCKED** 5
22:45:50.737 Service nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys **LOCKED** 5
22:45:50.888 Service nsiproxy C:\Windows\system32\drivers\nsiproxy.sys **LOCKED** 5
22:45:50.904 Service Null C:\Windows\System32\Drivers\Null.sys **LOCKED** 5
22:45:50.918 Service nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys **LOCKED** 5
22:45:50.928 Service nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys **LOCKED** 5
22:45:50.938 Service nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys **LOCKED** 5
22:45:50.949 Service NVHDA C:\Windows\system32\drivers\nvhda64v.sys **LOCKED** 5
22:45:50.960 Service nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys **LOCKED** 5
22:45:50.970 Service nvraid C:\Windows\system32\drivers\nvraid.sys **LOCKED** 5
22:45:50.980 Service nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys **LOCKED** 5
22:45:50.991 Service nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys **LOCKED** 5
22:45:51.001 Service nvstor C:\Windows\system32\drivers\nvstor.sys **LOCKED** 5
22:45:51.012 Service nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys **LOCKED** 5
22:45:51.209 Service nv_agp C:\Windows\system32\drivers\nv_agp.sys **LOCKED** 5
22:45:51.223 Service ohci1394 C:\Windows\system32\drivers\ohci1394.sys **LOCKED** 5
22:45:51.663 Service Parport C:\Windows\system32\DRIVERS\parport.sys **LOCKED** 5
22:45:51.678 Service partmgr C:\Windows\System32\drivers\partmgr.sys **LOCKED** 5
22:45:51.713 Service pci C:\Windows\system32\drivers\pci.sys **LOCKED** 5
22:45:51.728 Service pciide C:\Windows\system32\drivers\pciide.sys **LOCKED** 5
22:45:51.739 Service PciIsaSerial C:\Windows\system32\DRIVERS\PciIsaSerial.sys **LOCKED** 5
22:45:51.749 Service PciPPorts C:\Windows\system32\DRIVERS\PciPPorts.sys **LOCKED** 5
22:45:51.760 Service PciSPorts C:\Windows\system32\DRIVERS\PciSPorts.sys **LOCKED** 5
22:45:51.770 Service pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys **LOCKED** 5
22:45:51.781 Service pcw C:\Windows\System32\drivers\pcw.sys **LOCKED** 5
22:45:51.791 Service PEAUTH C:\Windows\system32\drivers\peauth.sys **LOCKED** 5
22:45:52.097 Service PPorts C:\Windows\system32\DRIVERS\PPorts.sys **LOCKED** 5
22:45:52.112 Service PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys **LOCKED** 5
22:45:52.123 Service Processor C:\Windows\system32\DRIVERS\processr.sys **LOCKED** 5
22:45:52.213 Service Psched C:\Windows\system32\DRIVERS\pacer.sys **LOCKED** 5
22:45:52.228 Service ql2300 C:\Windows\system32\DRIVERS\ql2300.sys **LOCKED** 5
22:45:52.239 Service ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys **LOCKED** 5
22:45:52.278 Service QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys **LOCKED** 5
22:45:52.293 Service RasAcd C:\Windows\System32\DRIVERS\rasacd.sys **LOCKED** 5
22:45:52.303 Service RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys **LOCKED** 5
22:45:52.322 Service Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys **LOCKED** 5
22:45:52.377 Service RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys **LOCKED** 5
22:45:52.393 Service RasSstp C:\Windows\system32\DRIVERS\rassstp.sys **LOCKED** 5
22:45:52.403 Service rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys **LOCKED** 5
22:45:52.416 Service RDPCDD C:\Windows\System32\DRIVERS\RDPCDD.sys **LOCKED** 5
22:45:52.427 Service RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys **LOCKED** 5
22:45:52.438 Service RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys **LOCKED** 5
22:45:52.448 Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 5
22:45:52.458 Service rdyboost C:\Windows\System32\drivers\rdyboost.sys **LOCKED** 5
22:45:52.660 Service rspndr C:\Windows\system32\DRIVERS\rspndr.sys **LOCKED** 5
22:45:52.674 Service RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys **LOCKED** 5
22:45:52.685 Service RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys **LOCKED** 5
22:45:52.701 Service sbp2port C:\Windows\system32\drivers\sbp2port.sys **LOCKED** 5
22:45:52.737 Service scfilter C:\Windows\System32\DRIVERS\scfilter.sys **LOCKED** 5
22:45:52.918 Service secdrv C:\Windows\System32\Drivers\secdrv.sys **LOCKED** 5
22:45:52.975 Service Serenum C:\Windows\system32\DRIVERS\serenum.sys **LOCKED** 5
22:45:52.990 Service Serial C:\Windows\system32\DRIVERS\serial.sys **LOCKED** 5
22:45:53.001 Service sermouse C:\Windows\system32\DRIVERS\sermouse.sys **LOCKED** 5
22:45:53.034 Service sffdisk C:\Windows\system32\drivers\sffdisk.sys **LOCKED** 5
22:45:53.049 Service sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys **LOCKED** 5
22:45:53.060 Service sffp_sd C:\Windows\system32\drivers\sffp_sd.sys **LOCKED** 5
22:45:53.070 Service sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys **LOCKED** 5
22:45:53.130 Service Si3124r5 C:\Windows\system32\DRIVERS\Si3124r5.sys **LOCKED** 5
22:45:53.145 Service SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys **LOCKED** 5
22:45:53.155 Service SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys **LOCKED** 5
22:45:53.166 Service SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys **LOCKED** 5
22:45:53.177 Service SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys **LOCKED** 5
22:45:53.187 Service Smb C:\Windows\system32\DRIVERS\smb.sys **LOCKED** 5
22:45:53.212 Service spldr C:\Windows\System32\Drivers\spldr.sys **LOCKED** 5
22:45:53.261 Service SPorts C:\Windows\system32\DRIVERS\SPorts.sys **LOCKED** 5
22:45:53.646 Service ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys **LOCKED** 5
22:45:53.801 Service stexstor C:\Windows\system32\DRIVERS\stexstor.sys **LOCKED** 5
22:45:53.876 Service swenum C:\Windows\system32\drivers\swenum.sys **LOCKED** 5
22:45:54.074 Service Tcpip C:\Windows\System32\drivers\tcpip.sys **LOCKED** 5
22:45:54.087 Service TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys **LOCKED** 5
22:45:54.098 Service tcpipreg C:\Windows\System32\drivers\tcpipreg.sys **LOCKED** 5
22:45:54.108 Service TDPIPE C:\Windows\system32\drivers\tdpipe.sys **LOCKED** 5
22:45:54.119 Service TDTCP C:\Windows\system32\drivers\tdtcp.sys **LOCKED** 5
22:45:54.129 Service tdx C:\Windows\system32\DRIVERS\tdx.sys **LOCKED** 5
22:45:54.139 Service TermDD C:\Windows\system32\drivers\termdd.sys **LOCKED** 5
22:45:54.324 Service tssecsrv C:\Windows\System32\DRIVERS\tssecsrv.sys **LOCKED** 5
22:45:54.340 Service TsUsbFlt C:\Windows\System32\drivers\tsusbflt.sys **LOCKED** 5
22:45:54.350 Service tunnel C:\Windows\system32\DRIVERS\tunnel.sys **LOCKED** 5
22:45:54.361 Service uagp35 C:\Windows\system32\DRIVERS\uagp35.sys **LOCKED** 5
22:45:54.392 Service uliagpkx C:\Windows\system32\drivers\uliagpkx.sys **LOCKED** 5
22:45:54.407 Service umbus C:\Windows\system32\DRIVERS\umbus.sys **LOCKED** 5
22:45:54.417 Service UmPass C:\Windows\system32\DRIVERS\umpass.sys **LOCKED** 5
22:45:54.457 Service USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys **LOCKED** 5
22:45:54.471 Service usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys **LOCKED** 5
22:45:54.482 Service usbcir C:\Windows\system32\drivers\usbcir.sys **LOCKED** 5
22:45:54.492 Service usbehci C:\Windows\system32\drivers\usbehci.sys **LOCKED** 5
22:45:54.503 Service usbhub C:\Windows\system32\DRIVERS\usbhub.sys **LOCKED** 5
22:45:54.513 Service usbohci C:\Windows\system32\drivers\usbohci.sys **LOCKED** 5
22:45:54.524 Service usbprint C:\Windows\system32\DRIVERS\usbprint.sys **LOCKED** 5
22:45:54.534 Service usbscan C:\Windows\system32\DRIVERS\usbscan.sys **LOCKED** 5
22:45:54.545 Service USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS **LOCKED** 5
22:45:54.555 Service usbuhci C:\Windows\system32\drivers\usbuhci.sys **LOCKED** 5
22:45:54.624 Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED** 5
22:45:54.682 Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED** 5
22:45:54.697 Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED** 5
22:45:54.708 Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED** 5
22:45:54.718 Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED** 5
22:45:54.729 Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED** 5
22:45:54.739 Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED** 5
22:45:54.749 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 5
22:45:54.760 Service vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys **LOCKED** 5
22:45:54.770 Service vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys **LOCKED** 5
22:45:54.781 Service vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys **LOCKED** 5
22:45:54.792 Service vpcvmm C:\Windows\system32\drivers\vpcvmm.sys **LOCKED** 5
22:45:54.802 Service vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys **LOCKED** 5
22:45:54.905 Service vwifibus C:\Windows\System32\drivers\vwifibus.sys **LOCKED** 5
22:45:54.921 Service vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys **LOCKED** 5
22:45:54.956 Service WacomPen C:\Windows\system32\DRIVERS\wacompen.sys **LOCKED** 5
22:45:54.971 Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 5
22:45:54.983 Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 5
22:45:55.151 Service Wd C:\Windows\system32\DRIVERS\wd.sys **LOCKED** 5
22:45:55.166 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 5
22:45:55.277 Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED** 5
22:45:55.470 Service WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys **LOCKED** 5
22:45:55.754 Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED** 5
22:45:55.861 Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED** 5
22:45:56.058 Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED** 5
22:45:56.073 Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED** 5
22:45:56.630 Modules scanning
22:45:56.638 Disk 0 trace - called modules:
22:45:56.641
22:45:56.647 Scan finished successfully
22:46:07.986 The log file has been saved successfully to "C:\Users\Daniel Graf\Desktop\aswMBR.txt"
|
|
20.11.2012, 10:27
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 12:15
| #8 |
| | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Hallo Cosinus, hier das LOG von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-11-20.01 - Daniel Graf 20.11.2012 11:45:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.2926 [GMT 1:00]
ausgeführt von:: c:\users\Daniel Graf\Desktop\ComboFix.exe
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\SPL164D.tmp
c:\programdata\SPL251C.tmp
c:\programdata\SPL4C2D.tmp
c:\programdata\SPL5425.tmp
c:\programdata\SPL5908.tmp
c:\programdata\SPLA2C3.tmp
c:\programdata\SPLA6B9.tmp
c:\programdata\SPLD6D0.tmp
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-20 bis 2012-11-20 ))))))))))))))))))))))))))))))
.
.
2012-11-18 12:35 . 2012-11-18 12:35 -------- d-----w- c:\program files (x86)\7-Zip
2012-10-30 11:29 . 2012-10-30 15:05 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-10-30 10:16 . 2012-10-30 10:16 -------- d-----w- c:\programdata\EA Logs
2012-10-29 11:53 . 2012-10-29 11:53 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-26 20:32 . 2012-10-26 20:32 -------- d-----w- c:\users\Daniel Graf\Tracing
2012-10-26 20:27 . 2012-10-26 20:27 -------- d-----w- c:\windows\de
2012-10-26 20:25 . 2012-09-12 13:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-10-26 20:25 . 2012-10-26 20:25 -------- d-----w- c:\program files\Windows Live
2012-10-26 20:24 . 2012-10-26 20:26 -------- d-----w- c:\program files (x86)\Windows Live
2012-10-26 20:18 . 2012-10-26 20:18 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-10-26 20:18 . 2012-10-26 20:16 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bc29cd961cdb3b603\skydrivesetup.exe
2012-10-26 20:18 . 2012-10-26 20:18 -------- d-----r- c:\users\Daniel Graf\SkyDrive
2012-10-26 20:18 . 2012-10-26 20:18 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-10-26 20:16 . 2012-10-26 20:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c2b334f71cdb3b604\DSETUP.dll
2012-10-26 20:16 . 2012-10-26 20:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c2b334f71cdb3b604\DXSETUP.exe
2012-10-26 20:16 . 2012-10-26 20:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c2b334f71cdb3b604\dsetup32.dll
2012-10-26 20:16 . 2012-10-26 20:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\babffc6c1cdb3b602\DSETUP.dll
2012-10-26 20:16 . 2012-10-26 20:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\babffc6c1cdb3b602\DXSETUP.exe
2012-10-26 20:16 . 2012-10-26 20:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\babffc6c1cdb3b602\dsetup32.dll
2012-10-26 20:16 . 2012-10-26 20:16 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b7481b261cdb3b601\DSETUP.dll
2012-10-26 20:16 . 2012-10-26 20:16 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b7481b261cdb3b601\DXSETUP.exe
2012-10-26 20:16 . 2012-10-26 20:16 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b7481b261cdb3b601\dsetup32.dll
2012-10-26 16:54 . 2012-10-26 16:54 -------- d-----w- c:\users\Daniel Graf\AppData\Roaming\Malwarebytes
2012-10-26 16:54 . 2012-10-26 16:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-26 16:54 . 2012-10-26 16:54 -------- d-----w- c:\programdata\Malwarebytes
2012-10-26 16:54 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 16:26 . 2012-04-15 13:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-13 16:26 . 2011-06-18 11:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 19:57 . 2012-09-30 19:57 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 19:57 . 2012-05-13 08:58 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 19:57 . 2010-12-15 22:47 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 14:07 . 2012-09-12 14:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-09-12 13:57 . 2012-09-12 13:57 322048 ----a-w- c:\windows\WLXPGSS.SCR
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-26 20:18 220632 ----a-w- c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-26 20:18 220632 ----a-w- c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-26 20:18 220632 ----a-w- c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-09-06 162408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [2010-04-14 45736]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 adp3132;adp3132;c:\windows\system32\DRIVERS\adp3132.sys [2010-01-28 385072]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-04-08 232464]
R3 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
R3 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2007-10-12 10632]
R3 Bufeap;BUFFALO EAP Driver;c:\windows\system32\DRIVERS\bufeap64.sys [2007-08-17 18432]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\DRIVERS\ISASerial.sys [2008-02-20 72192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [2009-07-15 27664]
R3 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-07-01 293416]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-07-16 28192]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\DRIVERS\PciIsaSerial.sys [2008-05-22 72192]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [2008-05-22 95744]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys [2008-05-22 126464]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\DRIVERS\PPorts.sys [2008-02-20 95744]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si3124r5.sys [2010-04-13 340008]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\DRIVERS\SPorts.sys [2008-02-20 124416]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-11 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S2 BWH32S;BWH32S;c:\program files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe [2009-07-09 126328]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LexPrintListener;LexPrint Listener;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-04-14 1052328]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-05-16 216080]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - 906d6994eace405d
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LexPrintListener REG_MULTI_SZ LexPrintListener
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:26]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-27 23:37]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-27 23:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-26 20:18 244696 ----a-w- c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-26 20:18 244696 ----a-w- c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-26 20:18 244696 ----a-w- c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxedmon.exe"="c:\program files (x86)\Lexmark S600 Series\lxedmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark S600 Series\ezprint.exe" [2011-01-23 148280]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bild.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to DVD Converter - c:\users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\Daniel Graf\AppData\Roaming\Mozilla\Firefox\Profiles\bguaee61.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bild.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\906d6994eace405d]
"ImagePath"="\SystemRoot\System32\Drivers\906d6994eace405d.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1861507059-4191554130-2990585910-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\SITECOM\300N USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-20 12:00:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-20 11:00
.
Vor Suchlauf: 9 Verzeichnis(se), 566.661.062.656 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 566.387.064.832 Bytes frei
.
- - End Of File - - 0EE49FDE092ED1BE95C0F2EB8E4EFE77
Hallo Cosinus, nachdem ich nun Combofix ausgeführt habe und nun den PC wieder normal nutze ist dieser schon 2x abgestürzt. Windows wurde herunter gefahren um vor Schäden zu schützen, stand im blauen Bildschirm. Einmal ist es beim Versuch den Echtzeit-scanner (dieser lässt sich immer noch nicht aktivieren) von Antivirus zu aktivieren aufgetreten und ein zweites mal während dem Spiel COD BO 2. |
|
20.11.2012, 14:23
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Mach bitte ein neues Log mit dem TDSS-Killer
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 14:40
| #10 |
| | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Hallo Cosinus, hier das TDS-LOG als zip angehängt. |
|
20.11.2012, 14:50
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!Code:
ATTFilter 14:29:38.0895 4212 906d6994eace405d ( Rootkit.Win32.Necurs.gen ) - skipped by user
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag! Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 15:05
| #12 |
| | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!Code:
ATTFilter 14:59:14.0025 3700 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:59:14.0509 3700 ============================================================
14:59:14.0509 3700 Current date / time: 2012/11/20 14:59:14.0509
14:59:14.0509 3700 SystemInfo:
14:59:14.0509 3700
14:59:14.0509 3700 OS Version: 6.1.7601 ServicePack: 1.0
14:59:14.0509 3700 Product type: Workstation
14:59:14.0509 3700 ComputerName: DANIELPC
14:59:14.0509 3700 UserName: Daniel Graf
14:59:14.0509 3700 Windows directory: C:\Windows
14:59:14.0509 3700 System windows directory: C:\Windows
14:59:14.0509 3700 Running under WOW64
14:59:14.0509 3700 Processor architecture: Intel x64
14:59:14.0509 3700 Number of processors: 4
14:59:14.0509 3700 Page size: 0x1000
14:59:14.0509 3700 Boot type: Normal boot
14:59:14.0509 3700 ============================================================
14:59:15.0710 3700 BG loaded
14:59:16.0225 3700 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:59:16.0256 3700 ============================================================
14:59:16.0256 3700 \Device\Harddisk0\DR0:
14:59:16.0271 3700 MBR partitions:
14:59:16.0271 3700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57542800
14:59:16.0271 3700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57543000, BlocksNum 0x57544000
14:59:16.0271 3700 ============================================================
14:59:16.0318 3700 C: <-> \Device\Harddisk0\DR0\Partition1
14:59:16.0396 3700 D: <-> \Device\Harddisk0\DR0\Partition2
14:59:16.0396 3700 ============================================================
14:59:16.0396 3700 Initialize success
14:59:16.0396 3700 ============================================================
14:59:38.0144 4680 ============================================================
14:59:38.0144 4680 Scan started
14:59:38.0144 4680 Mode: Manual; SigCheck; TDLFS;
14:59:38.0144 4680 ============================================================
14:59:40.0390 4680 ================ Scan system memory ========================
14:59:40.0390 4680 System memory - ok
14:59:40.0390 4680 ================ Scan services =============================
14:59:42.0387 4680 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:59:46.0209 4680 1394ohci - ok
14:59:46.0318 4680 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:59:46.0506 4680 ACPI - ok
14:59:46.0615 4680 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:59:46.0911 4680 AcpiPmi - ok
14:59:48.0003 4680 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:59:48.0752 4680 AdobeFlashPlayerUpdateSvc - ok
14:59:48.0830 4680 [ 132190688D8E51D61F88A150D7DF9FB4 ] adp3132 C:\Windows\system32\DRIVERS\adp3132.sys
14:59:49.0080 4680 adp3132 - ok
14:59:49.0173 4680 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:59:49.0438 4680 adp94xx - ok
14:59:49.0548 4680 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:59:49.0750 4680 adpahci - ok
14:59:49.0813 4680 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:59:50.0016 4680 adpu320 - ok
14:59:50.0109 4680 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:59:51.0732 4680 AeLookupSvc - ok
14:59:51.0903 4680 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:59:52.0340 4680 AFD - ok
14:59:52.0418 4680 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:59:52.0574 4680 agp440 - ok
14:59:52.0668 4680 [ EDA7E60B5A47D9E47E0E843CAC624FF3 ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys
14:59:53.0042 4680 ahcix64s - ok
14:59:53.0104 4680 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:59:53.0416 4680 ALG - ok
14:59:53.0463 4680 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:59:53.0713 4680 aliide - ok
14:59:53.0760 4680 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:59:54.0181 4680 amdide - ok
14:59:54.0243 4680 [ D52A2E98C5EEFF88CED28793B6B04D84 ] amdide64 C:\Windows\system32\DRIVERS\amdide64.sys
14:59:54.0368 4680 amdide64 - ok
14:59:54.0462 4680 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:59:54.0945 4680 AmdK8 - ok
14:59:54.0976 4680 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:59:55.0257 4680 AmdPPM - ok
14:59:55.0335 4680 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:59:55.0429 4680 amdsata - ok
14:59:55.0522 4680 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:59:55.0694 4680 amdsbs - ok
14:59:55.0788 4680 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:59:55.0850 4680 amdxata - ok
14:59:55.0928 4680 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
14:59:55.0990 4680 amd_sata - ok
14:59:56.0037 4680 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
14:59:56.0084 4680 amd_xata - ok
14:59:57.0160 4680 [ 50AF3AD6EDE5CD341AAA2E795F6E4135 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:59:57.0223 4680 AntiVirSchedulerService - ok
14:59:57.0582 4680 [ 7AF2A53FC0CF1D8AF3C013DECFCB0099 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:59:57.0628 4680 AntiVirService - ok
14:59:57.0722 4680 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:59:59.0906 4680 AppID - ok
14:59:59.0968 4680 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:00:00.0062 4680 AppIDSvc - ok
15:00:00.0156 4680 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:00:00.0327 4680 Appinfo - ok
15:00:00.0608 4680 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:00:00.0655 4680 Apple Mobile Device - ok
15:00:00.0889 4680 [ D73AAD4946051D074909FDFD34D94C7B ] arc C:\Windows\system32\DRIVERS\arc.sys
15:00:00.0936 4680 arc - ok
15:00:00.0967 4680 [ 46E8C3EB03224A1E55C6F0C100A9D2CC ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:00:01.0014 4680 arcsas - ok
15:00:01.0731 4680 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:00:02.0277 4680 aspnet_state - ok
15:00:02.0355 4680 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:02.0620 4680 AsyncMac - ok
15:00:02.0698 4680 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:00:02.0761 4680 atapi - ok
15:00:04.0071 4680 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
15:00:04.0960 4680 atikmdag - ok
15:00:05.0101 4680 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:05.0257 4680 AudioEndpointBuilder - ok
15:00:05.0272 4680 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:00:05.0319 4680 AudioSrv - ok
15:00:05.0506 4680 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:00:05.0538 4680 avgntflt - ok
15:00:05.0678 4680 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:00:05.0694 4680 avipbb - ok
15:00:05.0803 4680 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:00:05.0834 4680 avkmgr - ok
15:00:05.0912 4680 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:00:06.0645 4680 AxInstSV - ok
15:00:06.0942 4680 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:00:07.0176 4680 b06bdrv - ok
15:00:07.0254 4680 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:07.0644 4680 b57nd60a - ok
15:00:07.0878 4680 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:00:08.0252 4680 BDESVC - ok
15:00:08.0392 4680 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:00:08.0736 4680 Beep - ok
15:00:08.0829 4680 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:00:08.0892 4680 BFE - ok
15:00:09.0110 4680 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:00:09.0204 4680 BITS - ok
15:00:09.0282 4680 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:09.0375 4680 blbdrive - ok
15:00:09.0843 4680 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:00:09.0906 4680 Bonjour Service - ok
15:00:09.0952 4680 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:00:10.0093 4680 bowser - ok
15:00:10.0140 4680 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:10.0701 4680 BrFiltLo - ok
15:00:10.0717 4680 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:10.0795 4680 BrFiltUp - ok
15:00:10.0966 4680 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:00:11.0809 4680 BridgeMP - ok
15:00:12.0199 4680 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
15:00:12.0308 4680 Browser - ok
15:00:12.0386 4680 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:00:12.0823 4680 Brserid - ok
15:00:12.0870 4680 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:13.0026 4680 BrSerWdm - ok
15:00:13.0135 4680 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:13.0806 4680 BrUsbMdm - ok
15:00:13.0962 4680 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:14.0086 4680 BrUsbSer - ok
15:00:14.0133 4680 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:14.0352 4680 BTHMODEM - ok
15:00:14.0430 4680 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:00:14.0804 4680 bthserv - ok
15:00:15.0132 4680 [ 0063578F0E06B07D2EA60635C71746AC ] Bufeap C:\Windows\system32\DRIVERS\bufeap64.sys
15:00:15.0428 4680 Bufeap - ok
15:00:15.0553 4680 [ 6AE9F70F02A6E28E45B643A2834111BE ] BWH32S C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
15:00:15.0693 4680 BWH32S - ok
15:00:15.0896 4680 catchme - ok
15:00:15.0943 4680 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:00:16.0068 4680 cdfs - ok
15:00:16.0192 4680 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:00:16.0302 4680 cdrom - ok
15:00:16.0442 4680 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:00:16.0614 4680 CertPropSvc - ok
15:00:16.0692 4680 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:00:16.0801 4680 circlass - ok
15:00:16.0894 4680 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:00:17.0004 4680 CLFS - ok
15:00:17.0331 4680 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:17.0456 4680 clr_optimization_v2.0.50727_32 - ok
15:00:17.0612 4680 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:17.0784 4680 clr_optimization_v2.0.50727_64 - ok
15:00:18.0298 4680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:19.0609 4680 clr_optimization_v4.0.30319_32 - ok
15:00:19.0687 4680 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:20.0638 4680 clr_optimization_v4.0.30319_64 - ok
15:00:20.0685 4680 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:20.0919 4680 CmBatt - ok
15:00:20.0966 4680 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:00:21.0013 4680 cmdide - ok
15:00:21.0169 4680 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:00:21.0294 4680 CNG - ok
15:00:21.0325 4680 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:00:21.0387 4680 Compbatt - ok
15:00:21.0496 4680 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:00:21.0574 4680 CompositeBus - ok
15:00:21.0606 4680 COMSysApp - ok
15:00:21.0652 4680 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:21.0730 4680 crcdisk - ok
15:00:21.0871 4680 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:00:21.0964 4680 CryptSvc - ok
15:00:22.0120 4680 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:00:22.0230 4680 DcomLaunch - ok
15:00:22.0370 4680 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:00:22.0510 4680 defragsvc - ok
15:00:22.0588 4680 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:00:22.0698 4680 DfsC - ok
15:00:22.0760 4680 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
15:00:22.0807 4680 dg_ssudbus - ok
15:00:22.0994 4680 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:00:23.0072 4680 Dhcp - ok
15:00:23.0166 4680 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:00:23.0322 4680 discache - ok
15:00:23.0384 4680 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:00:23.0431 4680 Disk - ok
15:00:23.0556 4680 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:00:23.0774 4680 Dnscache - ok
15:00:23.0852 4680 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:00:24.0024 4680 dot3svc - ok
15:00:24.0086 4680 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:00:24.0258 4680 DPS - ok
15:00:24.0336 4680 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:00:24.0492 4680 drmkaud - ok
15:00:24.0726 4680 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:00:24.0741 4680 DXGKrnl - ok
15:00:24.0866 4680 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:00:24.0944 4680 EapHost - ok
15:00:25.0677 4680 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:00:25.0864 4680 ebdrv - ok
15:00:25.0942 4680 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:00:26.0036 4680 EFS - ok
15:00:26.0488 4680 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:00:26.0769 4680 ehRecvr - ok
15:00:26.0863 4680 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:00:27.0019 4680 ehSched - ok
15:00:27.0190 4680 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:00:27.0284 4680 elxstor - ok
15:00:27.0346 4680 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:00:27.0456 4680 ErrDev - ok
15:00:27.0580 4680 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:00:27.0814 4680 EventSystem - ok
15:00:27.0924 4680 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:00:27.0986 4680 exfat - ok
15:00:28.0048 4680 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:00:28.0158 4680 fastfat - ok
15:00:28.0360 4680 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:00:28.0563 4680 Fax - ok
15:00:28.0579 4680 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:00:28.0626 4680 fdc - ok
15:00:28.0719 4680 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:00:28.0797 4680 fdPHost - ok
15:00:28.0828 4680 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:00:28.0891 4680 FDResPub - ok
15:00:28.0969 4680 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:00:29.0000 4680 FileInfo - ok
15:00:29.0016 4680 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:00:29.0094 4680 Filetrace - ok
15:00:29.0109 4680 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:29.0156 4680 flpydisk - ok
15:00:29.0250 4680 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:00:29.0265 4680 FltMgr - ok
15:00:29.0546 4680 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:00:29.0811 4680 FontCache - ok
15:00:29.0920 4680 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:29.0952 4680 FontCache3.0.0.0 - ok
15:00:29.0983 4680 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:00:30.0061 4680 FsDepends - ok
15:00:30.0279 4680 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:00:30.0388 4680 fssfltr - ok
15:00:30.0732 4680 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:00:30.0903 4680 fsssvc - ok
15:00:30.0981 4680 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:00:31.0028 4680 Fs_Rec - ok
15:00:31.0246 4680 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
15:00:31.0340 4680 FTDIBUS - ok
15:00:31.0465 4680 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
15:00:31.0636 4680 FTSER2K - ok
15:00:31.0714 4680 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:00:31.0886 4680 fvevol - ok
15:00:31.0933 4680 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:31.0995 4680 gagp30kx - ok
15:00:32.0089 4680 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:00:32.0120 4680 GEARAspiWDM - ok
15:00:32.0307 4680 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:00:32.0791 4680 gpsvc - ok
15:00:32.0853 4680 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:32.0900 4680 gupdate - ok
15:00:32.0994 4680 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:33.0025 4680 gupdatem - ok
15:00:33.0134 4680 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:00:33.0306 4680 gusvc - ok
15:00:33.0352 4680 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:00:34.0335 4680 hcw85cir - ok
15:00:34.0819 4680 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:00:34.0881 4680 HdAudAddService - ok
15:00:34.0975 4680 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:00:35.0037 4680 HDAudBus - ok
15:00:35.0100 4680 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:00:35.0162 4680 HECIx64 - ok
15:00:35.0209 4680 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:35.0318 4680 HidBatt - ok
15:00:35.0349 4680 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:00:35.0458 4680 HidBth - ok
15:00:35.0521 4680 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:00:35.0755 4680 HidIr - ok
15:00:35.0802 4680 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:00:35.0989 4680 hidserv - ok
15:00:36.0067 4680 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:00:36.0098 4680 HidUsb - ok
15:00:36.0192 4680 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:00:36.0675 4680 hkmsvc - ok
15:00:36.0769 4680 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:36.0972 4680 HomeGroupListener - ok
15:00:37.0065 4680 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:37.0268 4680 HomeGroupProvider - ok
15:00:37.0315 4680 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:00:37.0377 4680 HpSAMD - ok
15:00:37.0564 4680 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:00:37.0689 4680 HTTP - ok
15:00:37.0720 4680 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:00:37.0767 4680 hwpolicy - ok
15:00:37.0861 4680 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:00:37.0923 4680 i8042prt - ok
15:00:38.0095 4680 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:00:38.0126 4680 iaStor - ok
15:00:38.0298 4680 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:00:38.0391 4680 IAStorDataMgrSvc - ok
15:00:38.0516 4680 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:00:38.0594 4680 iaStorV - ok
15:00:38.0859 4680 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:00:39.0124 4680 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:00:39.0124 4680 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:00:39.0452 4680 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:39.0967 4680 idsvc - ok
15:00:40.0029 4680 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:00:40.0170 4680 iirsp - ok
15:00:40.0279 4680 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:00:40.0326 4680 IKEEXT - ok
15:00:40.0357 4680 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
15:00:40.0435 4680 Impcd - ok
15:00:40.0450 4680 IntcAzAudAddService - ok
15:00:40.0497 4680 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:00:40.0544 4680 intelide - ok
15:00:40.0575 4680 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:00:40.0606 4680 intelppm - ok
15:00:40.0747 4680 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:00:40.0825 4680 IPBusEnum - ok
15:00:40.0872 4680 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:40.0918 4680 IpFilterDriver - ok
15:00:41.0012 4680 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:00:41.0059 4680 iphlpsvc - ok
15:00:41.0074 4680 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:00:41.0184 4680 IPMIDRV - ok
15:00:41.0277 4680 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:00:41.0340 4680 IPNAT - ok
15:00:41.0683 4680 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:00:41.0698 4680 iPod Service - ok
15:00:41.0745 4680 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:00:42.0088 4680 IRENUM - ok
15:00:42.0120 4680 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:00:42.0151 4680 isapnp - ok
15:00:42.0166 4680 [ AC45D94185CF67267D06BF2F45E9E31E ] ISASerial C:\Windows\system32\DRIVERS\ISASerial.sys
15:00:42.0291 4680 ISASerial - ok
15:00:42.0338 4680 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:00:42.0494 4680 iScsiPrt - ok
15:00:42.0525 4680 [ 50DE7DD7EDB1B512B13666588AEFBF6F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
15:00:42.0588 4680 JRAID - ok
15:00:42.0634 4680 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:00:42.0666 4680 kbdclass - ok
15:00:42.0712 4680 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:00:42.0775 4680 kbdhid - ok
15:00:42.0853 4680 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:00:42.0884 4680 KeyIso - ok
15:00:42.0931 4680 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:00:43.0009 4680 KSecDD - ok
15:00:43.0071 4680 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:00:43.0118 4680 KSecPkg - ok
15:00:43.0165 4680 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:00:43.0243 4680 ksthunk - ok
15:00:43.0383 4680 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:00:43.0586 4680 KtmRm - ok
15:00:43.0680 4680 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:00:43.0742 4680 LanmanServer - ok
15:00:43.0789 4680 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:43.0882 4680 LanmanWorkstation - ok
15:00:44.0210 4680 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:00:44.0460 4680 LBTServ - ok
15:00:44.0647 4680 [ ADB665AC1313CFE6F106A68ECF97135C ] LexPrintListener C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll
15:00:44.0756 4680 LexPrintListener ( UnsignedFile.Multi.Generic ) - warning
15:00:44.0756 4680 LexPrintListener - detected UnsignedFile.Multi.Generic (1)
15:00:44.0834 4680 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:00:44.0881 4680 LHidFilt - ok
15:00:44.0959 4680 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:00:45.0037 4680 lltdio - ok
15:00:45.0146 4680 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:00:45.0333 4680 lltdsvc - ok
15:00:45.0427 4680 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:00:45.0474 4680 lmhosts - ok
15:00:45.0505 4680 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:00:45.0614 4680 LMouFilt - ok
15:00:45.0786 4680 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:45.0879 4680 LSI_FC - ok
15:00:45.0910 4680 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:46.0004 4680 LSI_SAS - ok
15:00:46.0051 4680 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:46.0098 4680 LSI_SAS2 - ok
15:00:46.0144 4680 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:46.0207 4680 LSI_SCSI - ok
15:00:46.0269 4680 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:00:46.0363 4680 luafv - ok
15:00:46.0519 4680 [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
15:00:46.0550 4680 LUsbFilt - ok
15:00:46.0924 4680 [ D6CDF198518B8428B66AAD8F7BABC3BE ] lxedCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe
15:00:47.0065 4680 lxedCATSCustConnectService - ok
15:00:47.0158 4680 lxed_device - ok
15:00:47.0268 4680 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:00:47.0314 4680 MBAMProtector - ok
15:00:47.0502 4680 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:00:47.0564 4680 MBAMScheduler - ok
15:00:47.0673 4680 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:00:47.0689 4680 MBAMService - ok
15:00:47.0782 4680 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:00:47.0860 4680 Mcx2Svc - ok
15:00:47.0892 4680 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:00:47.0954 4680 megasas - ok
15:00:48.0032 4680 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:48.0110 4680 MegaSR - ok
15:00:48.0562 4680 Microsoft SharePoint Workspace Audit Service - ok
15:00:48.0625 4680 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:00:48.0703 4680 MMCSS - ok
15:00:48.0750 4680 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:00:48.0812 4680 Modem - ok
15:00:48.0874 4680 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:00:48.0952 4680 monitor - ok
15:00:48.0999 4680 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:00:49.0046 4680 mouclass - ok
15:00:49.0062 4680 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:00:49.0155 4680 mouhid - ok
15:00:49.0249 4680 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:00:49.0311 4680 mountmgr - ok
15:00:49.0514 4680 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:00:49.0608 4680 MozillaMaintenance - ok
15:00:49.0623 4680 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:00:49.0701 4680 mpio - ok
15:00:49.0764 4680 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:00:49.0826 4680 mpsdrv - ok
15:00:50.0091 4680 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:00:50.0169 4680 MpsSvc - ok
15:00:50.0247 4680 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:00:50.0388 4680 MRxDAV - ok
15:00:50.0434 4680 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:50.0559 4680 mrxsmb - ok
15:00:50.0746 4680 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:50.0934 4680 mrxsmb10 - ok
15:00:50.0996 4680 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:51.0121 4680 mrxsmb20 - ok
15:00:51.0183 4680 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:00:51.0246 4680 msahci - ok
15:00:51.0339 4680 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:00:51.0402 4680 msdsm - ok
15:00:51.0526 4680 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:00:51.0667 4680 MSDTC - ok
15:00:51.0729 4680 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:00:51.0776 4680 Msfs - ok
15:00:51.0854 4680 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:00:51.0932 4680 mshidkmdf - ok
15:00:51.0948 4680 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:00:52.0026 4680 msisadrv - ok
15:00:52.0104 4680 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:00:52.0213 4680 MSiSCSI - ok
15:00:52.0213 4680 msiserver - ok
15:00:52.0275 4680 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:00:52.0416 4680 MSKSSRV - ok
15:00:52.0462 4680 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:52.0572 4680 MSPCLOCK - ok
15:00:52.0774 4680 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:00:52.0868 4680 MSPQM - ok
15:00:52.0915 4680 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:00:52.0977 4680 MsRPC - ok
15:00:53.0040 4680 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:00:53.0055 4680 mssmbios - ok
15:00:53.0289 4680 MSSQL$SQLEXPRESS - ok
15:00:53.0367 4680 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:00:53.0508 4680 MSSQLServerADHelper - ok
15:00:53.0586 4680 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:00:53.0788 4680 MSTEE - ok
15:00:54.0163 4680 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
15:00:54.0631 4680 msvsmon90 - ok
15:00:54.0646 4680 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:54.0771 4680 MTConfig - ok
15:00:54.0787 4680 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:00:54.0849 4680 MTsensor - ok
15:00:54.0912 4680 [ 07AD6825D5C658595CAB7F8F5849401C ] MtsHID C:\Windows\system32\drivers\MtsHID.sys
15:00:54.0974 4680 MtsHID - ok
15:00:55.0052 4680 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:00:55.0130 4680 Mup - ok
15:00:55.0177 4680 [ C752AB67A50F921622FE65725D1F6856 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
15:00:55.0317 4680 mv91xx - ok
15:00:55.0426 4680 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:00:55.0520 4680 napagent - ok
15:00:55.0645 4680 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:00:55.0707 4680 NativeWifiP - ok
15:00:56.0128 4680 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:00:56.0175 4680 NDIS - ok
15:00:56.0206 4680 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:56.0284 4680 NdisCap - ok
15:00:56.0331 4680 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:56.0440 4680 NdisTapi - ok
15:00:56.0487 4680 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:56.0737 4680 Ndisuio - ok
15:00:56.0799 4680 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:56.0924 4680 NdisWan - ok
15:00:56.0986 4680 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:00:57.0064 4680 NDProxy - ok
15:00:57.0111 4680 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:00:57.0220 4680 NetBIOS - ok
15:00:57.0314 4680 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:00:57.0392 4680 NetBT - ok
15:00:57.0439 4680 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:00:57.0470 4680 Netlogon - ok
15:00:57.0595 4680 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:00:57.0657 4680 Netman - ok
15:00:57.0907 4680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:58.0094 4680 NetMsmqActivator - ok
15:00:58.0156 4680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:58.0203 4680 NetPipeActivator - ok
15:00:58.0250 4680 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:00:58.0328 4680 netprofm - ok
15:00:58.0406 4680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:58.0437 4680 NetTcpActivator - ok
15:00:58.0453 4680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:58.0484 4680 NetTcpPortSharing - ok
15:00:58.0515 4680 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:58.0562 4680 nfrd960 - ok
15:00:58.0718 4680 [ CEBCEBF19AF17489E60804F440F5CBFE ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
15:00:58.0749 4680 NitroReaderDriverReadSpool2 - ok
15:00:58.0874 4680 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:00:59.0046 4680 NlaSvc - ok
15:00:59.0077 4680 NmPar - ok
15:00:59.0077 4680 nmserial - ok
15:00:59.0124 4680 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:00:59.0202 4680 Npfs - ok
15:00:59.0233 4680 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:00:59.0295 4680 nsi - ok
15:00:59.0326 4680 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:00:59.0389 4680 nsiproxy - ok
15:00:59.0514 4680 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:00:59.0779 4680 Ntfs - ok
15:00:59.0888 4680 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:00:59.0935 4680 Null - ok
15:01:00.0028 4680 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:01:00.0138 4680 nusb3hub - ok
15:01:00.0153 4680 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:01:00.0184 4680 nusb3xhc - ok
15:01:00.0231 4680 [ 7FD5C060CB907489A5702F628226F54A ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys
15:01:00.0294 4680 nvamacpi - ok
15:01:00.0574 4680 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:01:00.0652 4680 NVHDA - ok
15:01:01.0635 4680 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:01:01.0791 4680 nvlddmkm - ok
15:01:01.0900 4680 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:01:01.0963 4680 nvraid - ok
15:01:02.0088 4680 [ 694F5E9D9D624D47F432F5B2E66A0528 ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
15:01:02.0150 4680 nvrd64 - ok
15:01:02.0212 4680 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
15:01:02.0290 4680 nvsmu - ok
15:01:02.0368 4680 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:01:02.0446 4680 nvstor - ok
15:01:02.0478 4680 [ 05DE5DC43AFE6CAB78F9C7CA044CBCBE ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
15:01:02.0587 4680 nvstor64 - ok
15:01:02.0961 4680 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:01:02.0977 4680 nvsvc - ok
15:01:03.0211 4680 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:01:03.0382 4680 nvUpdatusService - ok
15:01:03.0460 4680 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:01:03.0538 4680 nv_agp - ok
15:01:03.0554 4680 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:01:03.0632 4680 ohci1394 - ok
15:01:03.0944 4680 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:01:03.0960 4680 ose - ok
15:01:05.0254 4680 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:01:05.0348 4680 osppsvc - ok
15:01:05.0395 4680 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:01:05.0442 4680 p2pimsvc - ok
15:01:05.0473 4680 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:01:05.0488 4680 p2psvc - ok
15:01:05.0551 4680 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:01:05.0566 4680 Parport - ok
15:01:05.0613 4680 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:01:05.0629 4680 partmgr - ok
15:01:05.0691 4680 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:01:05.0754 4680 PcaSvc - ok
15:01:05.0832 4680 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:01:05.0910 4680 pci - ok
15:01:05.0956 4680 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:01:05.0988 4680 pciide - ok
15:01:06.0034 4680 [ D7C203015E2C2A2EAC8DACEF156D8DC3 ] PciIsaSerial C:\Windows\system32\DRIVERS\PciIsaSerial.sys
15:01:06.0097 4680 PciIsaSerial - ok
15:01:06.0128 4680 [ 088B509B2F35A3CEE00AC0E0BC4C5BED ] PciPPorts C:\Windows\system32\DRIVERS\PciPPorts.sys
15:01:06.0159 4680 PciPPorts - ok
15:01:06.0190 4680 [ 7F97CDD5E91FC73DA2B01344957AA058 ] PciSPorts C:\Windows\system32\DRIVERS\PciSPorts.sys
15:01:06.0206 4680 PciSPorts - ok
15:01:06.0237 4680 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:01:06.0253 4680 pcmcia - ok
15:01:06.0268 4680 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:01:06.0300 4680 pcw - ok
15:01:06.0393 4680 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:01:06.0471 4680 PEAUTH - ok
15:01:06.0861 4680 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:01:06.0908 4680 PerfHost - ok
15:01:07.0033 4680 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:01:07.0095 4680 pla - ok
15:01:07.0251 4680 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:01:07.0282 4680 PlugPlay - ok
15:01:07.0360 4680 PnkBstrA - ok
15:01:07.0392 4680 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:01:07.0438 4680 PNRPAutoReg - ok
15:01:07.0454 4680 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:01:07.0470 4680 PNRPsvc - ok
15:01:07.0563 4680 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:01:07.0672 4680 PolicyAgent - ok
15:01:07.0704 4680 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:01:07.0766 4680 Power - ok
15:01:07.0782 4680 [ 14C04684A25C221EBE2105D169B4B6FF ] PPorts C:\Windows\system32\DRIVERS\PPorts.sys
15:01:07.0797 4680 PPorts - ok
15:01:07.0860 4680 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:01:07.0875 4680 PptpMiniport - ok
15:01:07.0906 4680 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:01:07.0984 4680 Processor - ok
15:01:08.0062 4680 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:01:08.0140 4680 ProfSvc - ok
15:01:08.0156 4680 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:01:08.0156 4680 ProtectedStorage - ok
15:01:08.0218 4680 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:01:08.0265 4680 Psched - ok
15:01:08.0312 4680 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:01:08.0421 4680 ql2300 - ok
15:01:08.0468 4680 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:01:08.0499 4680 ql40xx - ok
15:01:08.0577 4680 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:01:08.0608 4680 QWAVE - ok
15:01:08.0796 4680 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:01:08.0874 4680 QWAVEdrv - ok
15:01:08.0889 4680 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:01:08.0936 4680 RasAcd - ok
15:01:08.0967 4680 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:01:08.0998 4680 RasAgileVpn - ok
15:01:09.0014 4680 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:01:09.0076 4680 RasAuto - ok
15:01:09.0108 4680 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:01:09.0186 4680 Rasl2tp - ok
15:01:09.0217 4680 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:01:09.0264 4680 RasMan - ok
15:01:09.0279 4680 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:01:09.0357 4680 RasPppoe - ok
15:01:09.0388 4680 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:01:09.0420 4680 RasSstp - ok
15:01:09.0466 4680 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:01:09.0498 4680 rdbss - ok
15:01:09.0513 4680 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:01:09.0544 4680 rdpbus - ok
15:01:09.0591 4680 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:01:09.0622 4680 RDPCDD - ok
15:01:09.0654 4680 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:01:09.0700 4680 RDPENCDD - ok
15:01:09.0716 4680 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:01:09.0747 4680 RDPREFMP - ok
15:01:09.0778 4680 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:01:09.0841 4680 RDPWD - ok
15:01:09.0903 4680 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:01:09.0919 4680 rdyboost - ok
15:01:09.0997 4680 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
15:01:10.0012 4680 Realtek11nSU ( UnsignedFile.Multi.Generic ) - warning
15:01:10.0012 4680 Realtek11nSU - detected UnsignedFile.Multi.Generic (1)
15:01:10.0059 4680 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:01:10.0106 4680 RemoteAccess - ok
15:01:10.0122 4680 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:01:10.0184 4680 RemoteRegistry - ok
15:01:10.0215 4680 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:01:10.0278 4680 RpcEptMapper - ok
15:01:10.0340 4680 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:01:10.0402 4680 RpcLocator - ok
15:01:10.0418 4680 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:01:10.0449 4680 RpcSs - ok
15:01:10.0480 4680 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:01:10.0527 4680 rspndr - ok
15:01:10.0574 4680 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:01:10.0590 4680 RTL8167 - ok
15:01:10.0636 4680 [ 4629C5C4772D223B0ECD1EA8BA7A2A33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
15:01:10.0668 4680 RTL8192su - ok
15:01:10.0714 4680 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:01:10.0730 4680 SamSs - ok
15:01:10.0761 4680 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:01:10.0777 4680 sbp2port - ok
15:01:10.0792 4680 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:01:10.0855 4680 SCardSvr - ok
15:01:10.0886 4680 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:01:10.0933 4680 scfilter - ok
15:01:10.0964 4680 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:01:11.0011 4680 Schedule - ok
15:01:11.0042 4680 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:01:11.0073 4680 SCPolicySvc - ok
15:01:11.0104 4680 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:01:11.0167 4680 SDRSVC - ok
15:01:11.0229 4680 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:01:11.0276 4680 secdrv - ok
15:01:11.0292 4680 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:01:11.0354 4680 seclogon - ok
15:01:11.0385 4680 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:01:11.0448 4680 SENS - ok
15:01:11.0479 4680 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:01:11.0526 4680 SensrSvc - ok
15:01:11.0572 4680 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:01:11.0588 4680 Serenum - ok
15:01:11.0604 4680 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:01:11.0650 4680 Serial - ok
15:01:11.0713 4680 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:01:11.0728 4680 sermouse - ok
15:01:11.0775 4680 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:01:11.0822 4680 SessionEnv - ok
15:01:11.0853 4680 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:01:11.0900 4680 sffdisk - ok
15:01:11.0916 4680 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:01:11.0947 4680 sffp_mmc - ok
15:01:11.0947 4680 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:01:12.0009 4680 sffp_sd - ok
15:01:12.0025 4680 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:01:12.0056 4680 sfloppy - ok
15:01:12.0118 4680 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:01:12.0181 4680 SharedAccess - ok
15:01:12.0212 4680 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:01:12.0243 4680 ShellHWDetection - ok
15:01:12.0290 4680 [ DA492C8305434EC6F9BDD60C8B83B10E ] Si3124r5 C:\Windows\system32\DRIVERS\Si3124r5.sys
15:01:12.0306 4680 Si3124r5 - ok
15:01:12.0321 4680 [ 8D10887A1699CF61E74467694B929B09 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
15:01:12.0337 4680 SiFilter - ok
15:01:12.0368 4680 [ 94E1EDA9A0B305A67EE1BBD0A68CE21A ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
15:01:12.0384 4680 SiRemFil - ok
15:01:12.0430 4680 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:01:12.0446 4680 SiSRaid2 - ok
15:01:12.0477 4680 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:01:12.0493 4680 SiSRaid4 - ok
15:01:12.0508 4680 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:01:12.0571 4680 Smb - ok
15:01:12.0618 4680 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:01:12.0633 4680 SNMPTRAP - ok
15:01:12.0649 4680 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:01:12.0649 4680 spldr - ok
15:01:12.0696 4680 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
15:01:12.0727 4680 Spooler - ok
15:01:12.0742 4680 [ 739C2571867F351167D1D958990E9D84 ] SPorts C:\Windows\system32\DRIVERS\SPorts.sys
15:01:12.0758 4680 SPorts - ok
15:01:12.0836 4680 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:01:12.0883 4680 sppsvc - ok
15:01:12.0914 4680 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:01:12.0976 4680 sppuinotify - ok
15:01:13.0023 4680 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:01:13.0039 4680 SQLBrowser - ok
15:01:13.0117 4680 [ 582F8B13E1042C49A4A5A7BB52F518E4 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:01:13.0132 4680 SQLWriter - ok
15:01:13.0164 4680 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:01:13.0242 4680 srv - ok
15:01:13.0351 4680 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:01:13.0366 4680 srv2 - ok
15:01:13.0398 4680 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:01:13.0429 4680 srvnet - ok
15:01:13.0491 4680 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:01:13.0522 4680 SSDPSRV - ok
15:01:13.0554 4680 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:01:13.0585 4680 SstpSvc - ok
15:01:13.0632 4680 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
15:01:13.0647 4680 ssudmdm - ok
15:01:13.0710 4680 Steam Client Service - ok
15:01:13.0788 4680 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:01:13.0803 4680 Stereo Service - ok
15:01:13.0819 4680 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:01:13.0834 4680 stexstor - ok
15:01:13.0897 4680 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:01:13.0912 4680 stisvc - ok
15:01:13.0959 4680 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:01:13.0975 4680 swenum - ok
15:01:14.0022 4680 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:01:14.0100 4680 swprv - ok
15:01:14.0146 4680 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:01:14.0224 4680 SysMain - ok
15:01:14.0240 4680 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:01:14.0256 4680 TabletInputService - ok
15:01:14.0287 4680 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:01:14.0334 4680 TapiSrv - ok
15:01:14.0365 4680 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:01:14.0380 4680 TBS - ok
15:01:14.0458 4680 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:01:14.0505 4680 Tcpip - ok
15:01:14.0536 4680 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:01:14.0568 4680 TCPIP6 - ok
15:01:14.0599 4680 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:01:14.0630 4680 tcpipreg - ok
15:01:14.0661 4680 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:01:14.0708 4680 TDPIPE - ok
15:01:14.0724 4680 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:01:14.0755 4680 TDTCP - ok
15:01:14.0786 4680 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:01:14.0817 4680 tdx - ok
15:01:14.0864 4680 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:01:14.0880 4680 TermDD - ok
15:01:14.0926 4680 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:01:14.0989 4680 TermService - ok
15:01:15.0020 4680 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:01:15.0051 4680 Themes - ok
15:01:15.0082 4680 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:01:15.0114 4680 THREADORDER - ok
15:01:15.0145 4680 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:01:15.0192 4680 TrkWks - ok
15:01:15.0270 4680 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:01:15.0332 4680 TrustedInstaller - ok
15:01:15.0379 4680 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:01:15.0426 4680 tssecsrv - ok
15:01:15.0488 4680 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:01:15.0519 4680 TsUsbFlt - ok
15:01:15.0597 4680 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:01:15.0644 4680 tunnel - ok
15:01:15.0660 4680 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:01:15.0675 4680 uagp35 - ok
15:01:15.0706 4680 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:01:15.0738 4680 udfs - ok
15:01:15.0769 4680 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:01:15.0784 4680 UI0Detect - ok
15:01:15.0800 4680 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:01:15.0816 4680 uliagpkx - ok
15:01:15.0862 4680 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:01:15.0878 4680 umbus - ok
15:01:15.0925 4680 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:01:15.0956 4680 UmPass - ok
15:01:15.0987 4680 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:01:16.0018 4680 upnphost - ok
15:01:16.0096 4680 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:01:16.0143 4680 USBAAPL64 - ok
15:01:16.0174 4680 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:01:16.0237 4680 usbccgp - ok
15:01:16.0284 4680 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:01:16.0299 4680 usbcir - ok
15:01:16.0330 4680 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:01:16.0393 4680 usbehci - ok
15:01:16.0408 4680 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:01:16.0424 4680 usbhub - ok
15:01:16.0471 4680 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:01:16.0518 4680 usbohci - ok
15:01:16.0564 4680 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:01:16.0596 4680 usbprint - ok
15:01:16.0627 4680 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:01:16.0642 4680 usbscan - ok
15:01:16.0689 4680 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:01:16.0720 4680 USBSTOR - ok
15:01:16.0767 4680 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:01:16.0798 4680 usbuhci - ok
15:01:16.0845 4680 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:01:16.0861 4680 UxSms - ok
15:01:16.0908 4680 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:01:16.0908 4680 VaultSvc - ok
15:01:16.0939 4680 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:01:16.0939 4680 vdrvroot - ok
15:01:16.0986 4680 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:01:17.0064 4680 vds - ok
15:01:17.0095 4680 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:01:17.0110 4680 vga - ok
15:01:17.0142 4680 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:01:17.0157 4680 VgaSave - ok
15:01:17.0204 4680 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:01:17.0220 4680 vhdmp - ok
15:01:17.0282 4680 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:01:17.0282 4680 viaide - ok
15:01:17.0313 4680 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:01:17.0329 4680 volmgr - ok
15:01:17.0438 4680 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:01:17.0469 4680 volmgrx - ok
15:01:17.0485 4680 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:01:17.0500 4680 volsnap - ok
15:01:17.0547 4680 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
15:01:17.0563 4680 vpcbus - ok
15:01:17.0656 4680 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:01:17.0719 4680 vpcnfltr - ok
15:01:17.0734 4680 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
15:01:17.0750 4680 vpcusb - ok
15:01:17.0812 4680 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
15:01:17.0828 4680 vpcvmm - ok
15:01:17.0859 4680 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:01:17.0875 4680 vsmraid - ok
15:01:17.0953 4680 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:01:18.0000 4680 VSS - ok
15:01:18.0031 4680 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:01:18.0062 4680 vwifibus - ok
15:01:18.0093 4680 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:01:18.0124 4680 vwififlt - ok
15:01:18.0156 4680 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:01:18.0202 4680 W32Time - ok
15:01:18.0218 4680 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:01:18.0234 4680 WacomPen - ok
15:01:18.0265 4680 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:01:18.0296 4680 WANARP - ok
15:01:18.0296 4680 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:01:18.0327 4680 Wanarpv6 - ok
15:01:18.0374 4680 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:01:18.0436 4680 wbengine - ok
15:01:18.0452 4680 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:01:18.0468 4680 WbioSrvc - ok
15:01:18.0499 4680 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:01:18.0546 4680 wcncsvc - ok
15:01:18.0561 4680 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:01:18.0592 4680 WcsPlugInService - ok
15:01:18.0592 4680 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:01:18.0608 4680 Wd - ok
15:01:18.0639 4680 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:01:18.0670 4680 Wdf01000 - ok
15:01:18.0686 4680 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:01:18.0780 4680 WdiServiceHost - ok
15:01:18.0780 4680 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:01:18.0795 4680 WdiSystemHost - ok
15:01:18.0811 4680 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:01:18.0842 4680 WebClient - ok
15:01:18.0842 4680 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:01:18.0889 4680 Wecsvc - ok
15:01:18.0920 4680 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:01:18.0967 4680 wercplsupport - ok
15:01:18.0982 4680 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:01:19.0045 4680 WerSvc - ok
15:01:19.0076 4680 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:01:19.0092 4680 WfpLwf - ok
15:01:19.0123 4680 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:01:19.0123 4680 WIMMount - ok
15:01:19.0154 4680 WinDefend - ok
15:01:19.0154 4680 WinHttpAutoProxySvc - ok
15:01:19.0185 4680 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:01:19.0248 4680 Winmgmt - ok
15:01:19.0294 4680 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:01:19.0357 4680 WinRM - ok
15:01:19.0404 4680 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:01:19.0435 4680 WinUsb - ok
15:01:19.0482 4680 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:01:19.0497 4680 Wlansvc - ok
15:01:19.0606 4680 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:01:19.0638 4680 wlidsvc - ok
15:01:19.0684 4680 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:01:19.0700 4680 WmiAcpi - ok
15:01:19.0716 4680 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:01:19.0762 4680 wmiApSrv - ok
15:01:19.0809 4680 WMPNetworkSvc - ok
15:01:19.0825 4680 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:01:19.0840 4680 WPCSvc - ok
15:01:19.0887 4680 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:01:19.0887 4680 WPDBusEnum - ok
15:01:19.0918 4680 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:01:19.0950 4680 ws2ifsl - ok
15:01:19.0996 4680 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:01:20.0028 4680 wscsvc - ok
15:01:20.0028 4680 WSearch - ok
15:01:20.0090 4680 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:01:20.0121 4680 wuauserv - ok
15:01:20.0137 4680 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:01:20.0184 4680 WudfPf - ok
15:01:20.0215 4680 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:20.0262 4680 WUDFRd - ok
15:01:20.0277 4680 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:01:20.0308 4680 wudfsvc - ok
15:01:20.0324 4680 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:01:20.0355 4680 WwanSvc - ok
15:01:20.0371 4680 ================ Scan global ===============================
15:01:20.0402 4680 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:01:20.0449 4680 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:01:20.0449 4680 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:01:20.0480 4680 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:01:20.0496 4680 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:01:20.0511 4680 [Global] - ok
15:01:20.0511 4680 ================ Scan MBR ==================================
15:01:20.0511 4680 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:01:21.0307 4680 \Device\Harddisk0\DR0 - ok
15:01:21.0307 4680 ================ Scan VBR ==================================
15:01:21.0307 4680 [ 9164699B07EA2665E5B79683035A3A20 ] \Device\Harddisk0\DR0\Partition1
15:01:21.0307 4680 \Device\Harddisk0\DR0\Partition1 - ok
15:01:21.0322 4680 [ A93860736A9C9218535825594CA99AF3 ] \Device\Harddisk0\DR0\Partition2
15:01:21.0322 4680 \Device\Harddisk0\DR0\Partition2 - ok
15:01:21.0322 4680 ============================================================
15:01:21.0322 4680 Scan finished
15:01:21.0322 4680 ============================================================
15:01:21.0322 4672 Detected object count: 3
15:01:21.0322 4672 Actual detected object count: 3
15:01:27.0094 4672 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:27.0094 4672 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:01:27.0094 4672 LexPrintListener ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:27.0094 4672 LexPrintListener ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:01:27.0094 4672 Realtek11nSU ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:27.0094 4672 Realtek11nSU ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:01:32.0789 3428 Deinitialize success
|
|
20.11.2012, 17:51
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Mach bitte einen CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2012, 20:42
| #14 |
| | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Hallo Cosinus, hier der OTL-Report: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.11.2012 20:29:28 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel Graf\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,29% Memory free 7,98 Gb Paging File | 6,17 Gb Available in Paging File | 77,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,63 Gb Total Space | 520,14 Gb Free Space | 74,45% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 120,99 Gb Free Space | 17,32% Space Free | Partition Type: NTFS Drive E: | 5,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: DANIELPC | User Name: Daniel Graf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.21 20:25:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe PRC - [2012.11.06 18:29:54 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.29 17:56:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011.10.28 18:58:36 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.01.23 18:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe PRC - [2011.01.23 18:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.07.09 02:18:24 | 000,126,328 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe ========== Modules (No Company Name) ========== MOD - [2012.10.29 17:56:20 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2011.01.23 18:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe MOD - [2011.01.23 18:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Epwizard.DLL MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\customui.dll MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Epfunct.DLL MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Eputil.DLL MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Imagutil.DLL MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedDRS.dll MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\EPOEMDll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\EPWizRes.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll MOD - [2009.05.27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcats.dll MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\iptk.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsm.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.04.14 15:01:15 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxedcoms.exe -- (lxed_device) SRV:64bit: - [2010.04.14 15:01:07 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService) SRV:64bit: - [2007.11.08 00:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2012.11.13 17:26:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 12:29:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.24 12:09:57 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.16 20:11:42 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2011.10.28 18:58:36 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2010.04.14 15:01:07 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService) SRV - [2010.04.14 15:00:56 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxedcoms.exe -- (lxed_device) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.11 14:19:01 | 000,204,800 | ---- | M] ( ) [Auto | Running] -- C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll -- (LexPrintListener) SRV - [2009.07.09 02:18:24 | 000,126,328 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.20 18:24:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.20 18:24:39 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.11 06:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.05.11 06:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.07 09:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.09.03 13:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.07.01 10:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.04.13 14:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:64bit: - [2010.04.13 14:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:64bit: - [2010.04.13 14:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.06 15:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2010.01.28 11:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132) DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.15 11:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.08 14:44:58 | 000,232,464 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008.05.22 17:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV:64bit: - [2008.05.22 17:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2008.05.22 17:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.02.20 16:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts) DRV:64bit: - [2008.02.20 16:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts) DRV:64bit: - [2008.02.20 16:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial) DRV:64bit: - [2007.10.12 02:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64) DRV:64bit: - [2007.08.17 06:48:40 | 000,018,432 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/ IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 FD 1D 8C 86 8D CB 01 [binary data] IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{1086A097-7D1E-41F1-850C-A1A6C5BC8C4B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms} IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_deDE407 IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel Graf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:56:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions [2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.21 10:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions [2012.09.19 10:04:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions\ich@maltegoetz.de [2012.11.21 10:38:27 | 000,035,785 | ---- | M] () (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\firefox\profiles\bguaee61.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.02.20 01:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 17:56:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 10:26:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 16:50:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.22 10:26:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.08 01:21:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.06.22 10:26:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 10:26:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 10:26:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://start.facemoods.com/?a=ddrnw O1 HOSTS File: ([2012.11.20 11:56:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3:64bit: - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133CCE8A-AE40-43EB-9C99-EB0E31A09208}: DhcpNameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.25 07:27:21 | 000,000,133 | R--- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ClientManagerV.lnk - C:\PROGRA~2\BUFFALO\CLIENT~1\bin\cmvMain.exe - (BUFFALO INC.) MsConfig:64bit - StartUpFolder: C:^Users^Daniel Graf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozilla Thunderbird.lnk - C:\PROGRA~2\MOZILL~1\THUNDE~1.EXE - (Mozilla Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Daniel Graf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpFolder: C:^Users^Daniel Graf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () MsConfig:64bit - StartUpReg: facemoods - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: 07787057.sys - Driver SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: 07787057.sys - Driver SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: 07787057.sys - Driver SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 07787057.sys - Driver SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 20:25:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe [2012.11.21 03:23:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.21 03:10:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.11.21 03:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.21 03:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.20 14:55:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.20 12:19:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\AppData\Roaming\Avira [2012.11.20 12:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.20 12:19:23 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.20 12:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.20 12:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.20 12:09:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Virenprogramme [2012.11.20 11:56:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.20 11:43:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.20 11:43:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.20 11:43:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.20 11:27:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.20 11:27:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.18 13:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.18 13:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.30 12:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.10.30 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.10.26 21:32:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Tracing [2012.10.26 21:27:01 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.10.26 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.10.26 21:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.10.26 21:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2012.10.26 21:18:27 | 000,000,000 | R--D | C] -- C:\Users\Daniel Graf\SkyDrive [2012.10.26 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2012.10.26 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\AppData\Roaming\Malwarebytes [2012.10.26 17:54:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.26 11:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2012.11.21 20:25:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe [2012.11.21 20:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.21 20:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.21 17:12:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.21 15:12:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 15:12:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 15:11:26 | 000,756,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.21 15:11:26 | 000,700,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.21 15:11:26 | 000,173,058 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.21 15:11:26 | 000,139,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.21 15:11:25 | 001,763,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.21 15:05:36 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.11.21 15:04:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.21 15:01:15 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys [2012.11.21 03:55:22 | 000,446,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.21 03:31:38 | 001,645,318 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.20 18:24:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.20 18:24:39 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.20 17:20:23 | 486,964,904 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.20 11:56:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.19 22:57:47 | 000,000,980 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\7-Zip File Manager.lnk [2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url [2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url [2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.02 18:27:41 | 000,038,856 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf [2012.10.22 21:30:54 | 000,038,936 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 24.pdf ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2012.11.21 03:27:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.21 03:16:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.20 12:32:32 | 486,964,904 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.20 11:43:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.20 11:43:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.20 11:43:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.20 11:43:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.20 11:43:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.19 22:57:47 | 000,000,980 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\7-Zip File Manager.lnk [2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url [2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url [2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url [2012.11.02 18:27:41 | 000,038,856 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf [2012.10.26 21:26:36 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012.10.26 21:26:32 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012.10.26 21:26:24 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012.10.26 21:26:19 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.10.26 21:18:27 | 000,002,198 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2012.10.22 21:30:53 | 000,038,936 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 24.pdf [2012.10.08 20:43:07 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2012.06.14 10:14:32 | 000,006,656 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.07 14:33:00 | 001,645,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.28 18:58:37 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.28 18:58:36 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.11 21:11:43 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll [2011.01.11 21:11:42 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll [2011.01.11 21:11:42 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll [2011.01.11 21:11:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll [2011.01.11 21:11:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll [2011.01.11 21:11:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcoms.exe [2011.01.11 21:11:42 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll [2011.01.11 21:11:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll [2011.01.11 21:11:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll [2011.01.11 21:11:42 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll [2011.01.11 21:11:42 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll [2011.01.11 21:11:42 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedih.exe [2011.01.11 21:11:42 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll [2011.01.11 21:11:42 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll [2011.01.11 21:11:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll [2011.01.11 21:11:42 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll [2011.01.11 21:11:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll [2011.01.11 21:11:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll [2011.01.11 21:11:42 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll [2011.01.11 21:11:41 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll [2011.01.11 21:11:41 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcfg.exe [2010.12.14 16:18:08 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll [2010.12.14 16:18:07 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll [2010.11.29 23:17:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.29 23:17:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.11.26 17:21:38 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L [2012.10.23 15:40:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U [2012.08.04 23:59:50 | 000,002,048 | -HS- | M] () -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.28 00:14:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Downloaded Installations [2012.11.21 19:52:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox [2011.11.22 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\dvdisaster [2012.07.19 13:03:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoft [2012.06.14 10:33:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.08 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\e-academy Inc [2012.09.24 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\eType [2012.05.28 00:15:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\FileOpen [2011.11.09 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\IObit [2012.11.16 12:14:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Josye [2011.05.12 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Leadertech [2010.12.14 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\mresreg [2012.06.19 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Nitro PDF [2011.01.11 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Online Games Downloader [2012.06.14 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenCandy [2010.12.15 23:51:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenOffice.org [2011.10.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Origin [2010.11.27 22:22:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\PTC [2011.06.20 01:21:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Thunderbird [2012.06.14 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\TuneUp Software [2010.11.28 05:33:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Tysuog [2011.02.24 12:49:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Uniblue ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.20 11:56:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.06.16 15:07:01 | 000,000,000 | ---D | M] -- C:\Boot [2012.11.21 03:51:25 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.11.26 15:26:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.11.26 15:28:40 | 000,000,000 | ---D | M] -- C:\Intel [2012.03.03 20:57:52 | 000,000,000 | R--D | M] -- C:\MSOCache [2010.11.26 15:29:28 | 000,000,000 | ---D | M] -- C:\msofficesetup2k10 [2011.06.13 01:42:21 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.26 21:25:25 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.21 03:10:38 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.20 12:19:22 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.11.26 15:26:54 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.20 12:01:01 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.11.26 15:26:54 | 000,000,000 | ---D | M] -- C:\Recovery [2012.11.21 20:30:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.20 14:55:02 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2011.06.13 01:50:30 | 000,000,000 | R--D | M] -- C:\Users [2012.11.21 03:56:09 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.11.29 18:27:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Adobe [2012.11.02 23:12:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Apple Computer [2012.11.20 12:19:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Avira [2012.03.03 20:50:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Download Manager [2012.05.28 00:14:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Downloaded Installations [2012.11.21 19:52:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox [2012.01.08 00:48:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\dvdcss [2011.11.22 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\dvdisaster [2012.07.19 13:03:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoft [2012.06.14 10:33:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.08 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\e-academy Inc [2012.09.24 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\eType [2012.05.28 00:15:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\FileOpen [2010.11.29 18:30:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Google [2010.11.26 15:29:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Identities [2010.11.26 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Intel Corporation [2011.11.09 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\IObit [2012.11.16 12:14:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Josye [2011.05.12 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Leadertech [2011.05.12 20:56:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Logishrd [2011.05.12 20:58:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Logitech [2010.11.26 17:25:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Macromedia [2012.10.26 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Media Center Programs [2012.11.14 17:59:27 | 000,000,000 | --SD | M] -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft [2012.02.16 23:26:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Mozilla [2010.12.14 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\mresreg [2012.06.19 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Nitro PDF [2012.03.30 18:12:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\NVIDIA [2011.01.11 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Online Games Downloader [2012.06.14 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenCandy [2010.12.15 23:51:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenOffice.org [2011.10.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Origin [2010.11.27 22:22:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\PTC [2012.11.21 03:10:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Skype [2011.06.20 01:21:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Thunderbird [2012.06.14 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\TuneUp Software [2010.11.28 05:33:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Tysuog [2011.02.24 12:49:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Uniblue [2012.01.08 00:57:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\vlc [2011.06.21 14:26:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.07.25 14:14:26 | 000,300,440 | ---- | M] (DMI) -- C:\Users\Daniel Graf\AppData\Roaming\eType\eTypeUninstall.exe [2012.02.16 17:18:12 | 000,017,776 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\eType\Launchx64.exe [2010.09.19 13:13:22 | 000,083,968 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\eType\lzma.exe [2011.05.12 20:58:53 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012.10.08 19:16:19 | 000,009,662 | R--- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_112D608FD02CD87FDC7735.exe [2012.10.08 19:16:19 | 000,009,662 | R--- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_30C8F0A9D59F1A9A11FFC4.exe [2012.10.08 19:16:19 | 000,009,662 | R--- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe [2012.05.17 00:13:10 | 027,567,008 | ---- | M] (TuneUp Software) -- C:\Users\Daniel Graf\AppData\Roaming\OpenCandy\F0251C317E6247008C53DACB721B4E28\TuneUpUtilities2012_de-DE_1002174.exe [2010.11.28 05:33:42 | 000,426,456 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Tysuog\fafozy.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > < End of report > |
|
21.11.2012, 23:15
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!) Code:
ATTFilter :Files
C:\Users\Daniel Graf\AppData\Roaming\Tysuog
C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}
C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! |
| adobe, adware, adware/installcore.gen, autorun, avg, avira, bho, black, bonjour, desktop, error, firefox, flash player, google, home, icreinstall, launch, logfile, mozilla, mp3, nvidia update, online games, plug-in, programm, realtek, registry, senden, server, software, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, visual studio, warnung |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
