Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TrojWare.Win32.Buzus.carj@283207124

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.12.2012, 18:57   #1
nonarthur
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hallo!

Ich habe vor kurzem die Comodo Freeware installiert, und sie hat den genannten Trojaner an drei Stellen entdeckt und in Quarantäne gesteckt:
C:\Windows\Temp\restart.exe
C:\Windows\Temp\Hinfo.exe
C:\Windows\Temp\status.exe
Ich habe den / die Trojaner in Comodo-Quarantäne gelassen, dort steckt er immer noch, und mit der aktualisierten Malwarebytes-Freeware das komplette System durchsucht, ohne Befund.

Was muss ich jetzt weiter tun? Freue mich über fachkundige Hinweise und Anleitungen. Danke schon mal im Voraus!

Alt 27.12.2012, 19:04   #2
markusg
/// Malware-holic
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hi
öffne Malwarebytes, Logdateien, poste, falls vorhanden, alle Berichte mit Funden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 27.12.2012, 19:42   #3
nonarthur
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hallo markusg,

danke für die schnelle Antwort! Hier ist schon mal die logfile von malwarebytes. Die weiteren Punkte in Deiner Antwort arbeite ich heute oder morgen ab. LG

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.27.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sssssssssssssss :: sssssssssssssss-PC [Administrator]

Schutz: Aktiviert

27.12.2012 17:02:35
mbam-log-2012-12-27 (17-02-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 352492
Laufzeit: 47 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
__________________

Alt 27.12.2012, 21:02   #4
markusg
/// Malware-holic
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hi
ich hatte nach Logs mit Funden gefragt, gibts da welche?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 21:48   #5
nonarthur
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hallo,
nein, gibt keine. Wie gesagt, ich hab zuerst mit Comodo gescannt.

Das Programm OTL hat nur eine textdatei erstellt, kann das sein? Ich wunder mich selbst, denn gestern, mit anderen Sucheinstellungen, hatte ich auch die Extras-Datei. Hier ist das jetzige Resultat.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.12.2012 20:23:47 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\wwwwwwwwwwwww\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,73 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 77,44% Memory free
15,46 Gb Paging File | 13,65 Gb Available in Paging File | 88,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,75 Gb Total Space | 821,17 Gb Free Space | 89,09% Space Free | Partition Type: NTFS
Drive K: | 111,75 Gb Total Space | 97,06 Gb Free Space | 86,86% Space Free | Partition Type: FAT32
 
Computer Name: wwwwwwwwwwwww-PC | User Name: wwwwwwwwwwwww | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\wwwwwwwwwwwww\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\wwwwwwwwwwwww\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 1A 00 DD F0 40 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.innehalten.org/"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.21 12:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.02 19:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.21 12:09:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.02 19:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\mozilla\Extensions
[2012.11.23 18:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\mozilla\Firefox\Profiles\ndcaucj4.default\extensions
[2012.11.23 18:25:07 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\mozilla\firefox\profiles\ndcaucj4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.21 12:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.21 12:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.21 12:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.21 12:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.21 12:09:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.13 21:34:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 23:33:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.13 21:34:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.13 21:34:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.13 21:34:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.13 21:34:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [MAGIXautostart] D:\install\program\setup.exe File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SJelite3Launch] C:\Users\wwwwwwwwwwwww\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe ()
O4 - HKCU..\RunOnce: [Carry it Easy cleanup] C:\Users\wwwwwwwwwwwww\AppData\Local\Temp\SJelite3\appStop.exe File not found
O4 - Startup: C:\Users\wwwwwwwwwwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\wwwwwwwwwwwww\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\wwwwwwwwwwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Users\wwwwwwwwwwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.21 12:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.21 11:46:03 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012.12.21 09:34:44 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Malwarebytes
[2012.12.21 09:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.21 09:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.21 09:34:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.21 09:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.20 20:33:54 | 000,050,952 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2012.12.20 20:33:54 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2012.12.18 23:35:19 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Spyware Terminator
[2012.12.18 23:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.12.18 23:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.12.18 23:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.12.15 23:11:45 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\PCToolsFirewallPlus
[2012.12.15 23:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.15 23:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012.12.15 23:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Firewall Plus
[2012.12.15 22:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.12.15 21:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012.12.15 21:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012.12.15 21:23:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.12.15 21:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.12.15 21:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.12.15 21:19:31 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\Comodo
[2012.12.15 21:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012.12.15 21:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012.12.14 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\Desktop\Ulrike
[2012.12.06 23:45:13 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{09CAEE7A-ACD7-404D-9F3E-83B4FAF958CE}
[2012.12.06 12:01:05 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{17439180-46FA-4140-9079-4B324B98606B}
[2012.12.06 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{DA572D8A-213B-4A48-91A4-E5B16F4E1680}
[2012.12.04 14:26:47 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{27CB550E-A161-44B6-BCDB-10C7D5443D1E}
[2012.12.01 15:41:30 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\Desktop\Texte zu SE
[2012.11.29 17:17:39 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{A4557B58-59DD-41A1-88EE-C46F8E2C497A}
[2012.11.29 17:14:52 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{1FB9E5EC-A05D-496B-800E-F3B0B4587A9A}
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 20:25:17 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.12.27 20:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 19:58:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.27 17:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 17:00:49 | 000,004,252 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Neues RTF-Dokument (3).rtf
[2012.12.27 16:23:32 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 16:23:32 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 16:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 16:15:18 | 1932,091,391 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.24 22:49:54 | 000,036,890 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Unbenannt2.GIF
[2012.12.24 22:48:50 | 000,036,826 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Unbenannt.GIF
[2012.12.24 19:27:22 | 000,036,939 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\annonce1.JPG
[2012.12.23 22:12:54 | 000,050,952 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2012.12.23 22:12:54 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2012.12.23 11:12:09 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.23 11:12:09 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.23 11:12:09 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.23 11:12:09 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.23 11:12:09 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 21:22:12 | 000,004,924 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Antispyware.rtf
[2012.12.21 19:18:25 | 000,001,141 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Documents\Ulrike12-2012.axp
[2012.12.21 03:17:45 | 000,300,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.19 23:18:33 | 000,608,469 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\9254CS-20 Somatic Experiencing wwwwwwwwwwwww.pdf
[2012.12.19 15:06:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.12.19 13:24:09 | 000,020,327 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Kinesiologie-Tests Katja
[2012.12.16 21:42:02 | 000,003,773 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Documents\Konzert 2012.axp
[2012.12.16 17:31:59 | 000,021,251 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Die vier Eemu.odt
[2012.12.15 21:02:02 | 000,249,851 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Adelheid.png
[2012.12.13 17:47:30 | 000,199,174 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Gladiole.png
[2012.12.04 11:13:07 | 000,001,113 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Neues RTF-Dokument (2).rtf
[2012.11.29 06:05:52 | 000,029,756 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Notizen 12.odt
 
========== Files Created - No Company Name ==========
 
[2012.12.24 22:49:54 | 000,036,890 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Unbenannt2.GIF
[2012.12.24 22:42:22 | 000,036,826 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Unbenannt.GIF
[2012.12.24 19:27:21 | 000,036,939 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\annonce1.JPG
[2012.12.21 21:15:20 | 000,004,924 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Antispyware.rtf
[2012.12.21 19:18:25 | 000,001,141 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Documents\Ulrike12-2012.axp
[2012.12.20 20:35:24 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.12.19 23:18:23 | 000,608,469 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\9254CS-20 Somatic Experiencing wwwwwwwwwwwww.pdf
[2012.12.19 22:36:50 | 000,004,252 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Neues RTF-Dokument (3).rtf
[2012.12.19 13:24:09 | 000,020,327 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Kinesiologie-Tests Katja
[2012.12.15 21:02:01 | 000,249,851 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Adelheid.png
[2012.12.13 17:47:28 | 000,199,174 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Gladiole.png
[2012.12.12 00:21:34 | 000,003,773 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Documents\Konzert 2012.axp
[2012.12.04 11:12:48 | 000,001,113 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Neues RTF-Dokument (2).rtf
[2012.11.29 22:23:52 | 000,029,756 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Notizen 12.odt
[2012.07.24 21:44:28 | 000,000,000 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\.gtk-bookmarks
[2012.06.04 12:23:52 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT
[2012.06.03 12:41:43 | 000,000,228 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.06.03 12:41:43 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.06.03 12:40:12 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.06.03 12:40:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.06.03 08:58:48 | 000,000,191 | ---- | C] () -- C:\Windows\magix.ini
[2012.06.03 01:17:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012.06.03 01:16:22 | 000,000,747 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.06.03 00:36:23 | 000,033,134 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\UserTile.png
[2012.06.02 18:29:36 | 000,017,408 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\AppData\Local\WebpageIcons.db
[2012.05.29 11:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.17 09:45:20 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.02 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\A Note
[2012.10.19 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Audacity
[2012.06.03 00:23:11 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Canneverbe Limited
[2012.06.04 12:35:26 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Canon
[2012.06.16 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\capella-software
[2012.12.27 16:17:33 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Dropbox
[2012.09.24 22:45:30 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\enchant
[2012.12.25 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\FileZilla
[2012.12.22 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\FreeDoko
[2012.06.02 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\InfraRecorder
[2012.06.03 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\KompoZer
[2012.07.08 13:16:21 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\MusE
[2012.06.02 23:13:10 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\OpenOffice.org
[2012.12.15 23:11:57 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\PCToolsFirewallPlus
[2012.12.18 23:35:19 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Spyware Terminator
[2012.06.02 19:02:07 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Thunderbird
[2012.06.10 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Transcend
[2012.07.18 10:30:32 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.06.02 10:53:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.25 14:55:16 | 000,000,000 | ---D | M] -- C:\BlueByte
[2012.06.21 09:12:18 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.06.02 10:53:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.03 09:54:47 | 000,000,000 | ---D | M] -- C:\MAGIX
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.19 15:01:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.21 19:27:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.21 09:34:20 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.06.02 10:53:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.06.02 11:07:04 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.12.27 20:25:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.02 10:53:43 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.21 11:46:03 | 000,000,000 | -H-D | M] -- C:\VritualRoot
[2012.12.20 20:44:57 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.04 19:12:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.08.31 21:56:29 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.31 21:56:29 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.08.19 16:39:14 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.08.19 16:39:14 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.08.19 16:39:14 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.08.19 16:39:14 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.08.19 16:39:14 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.08.19 16:39:14 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.08.19 16:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.08.19 16:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.08.19 16:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.08.19 16:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.08.19 16:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.08.19 16:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.08.19 16:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.08.19 16:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2012.07.24 21:48:14 | 000,000,000 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\.gtk-bookmarks
[2012.12.27 20:25:11 | 003,932,160 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat
[2012.12.27 20:25:11 | 000,262,144 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat.LOG1
[2012.06.02 10:53:43 | 000,000,000 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat.LOG2
[2012.06.02 12:28:46 | 000,065,536 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.06.02 12:28:46 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.06.02 12:28:46 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.12.15 22:22:23 | 000,065,536 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{857d8cc6-46f7-11e2-be9f-c86000568664}.TM.blf
[2012.12.15 22:22:23 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{857d8cc6-46f7-11e2-be9f-c86000568664}.TMContainer00000000000000000001.regtrans-ms
[2012.12.15 22:22:23 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{857d8cc6-46f7-11e2-be9f-c86000568664}.TMContainer00000000000000000002.regtrans-ms
[2012.12.19 15:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{eb12972f-49dd-11e2-a920-c86000568664}.TM.blf
[2012.12.19 15:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{eb12972f-49dd-11e2-a920-c86000568664}.TMContainer00000000000000000001.regtrans-ms
[2012.12.19 15:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{eb12972f-49dd-11e2-a920-c86000568664}.TMContainer00000000000000000002.regtrans-ms
[2012.06.02 10:53:44 | 000,000,020 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.ini
[2012.06.04 12:35:26 | 000,000,000 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
         
--- --- ---


Alt 28.12.2012, 17:23   #6
markusg
/// Malware-holic
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Extras wird nur beim ersten Durchlauf erstellt.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> TrojWare.Win32.Buzus.carj@283207124

Alt 28.12.2012, 19:30   #7
nonarthur
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Scan results:

Suspicious: PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic )

Suspicious: sptd ( LockedFile.Multi.Generic )

Suspicious: StarWindServiceAE ( UnsignedFile.Multi.Generic )

Alt 03.01.2013, 17:10   #8
markusg
/// Malware-holic
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hi
öffne bitte c: tdss-killer-Datum.txt und poste deren Inhalt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 18:44   #9
nonarthur
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



18:49:48.0710 0948 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:49:49.0098 0948 ============================================================
18:49:49.0098 0948 Current date / time: 2012/12/28 18:49:49.0098
18:49:49.0098 0948 SystemInfo:
18:49:49.0098 0948
18:49:49.0098 0948 OS Version: 6.1.7601 ServicePack: 1.0
18:49:49.0098 0948 Product type: Workstation
18:49:49.0099 0948 ComputerName: xxxxxxxxxxxxxxxxxxxxx-PC
18:49:49.0099 0948 UserName: xxxxxxxxxxxxxxxxxxxxx
18:49:49.0099 0948 Windows directory: C:\Windows
18:49:49.0099 0948 System windows directory: C:\Windows
18:49:49.0099 0948 Running under WOW64
18:49:49.0099 0948 Processor architecture: Intel x64
18:49:49.0099 0948 Number of processors: 4
18:49:49.0099 0948 Page size: 0x1000
18:49:49.0099 0948 Boot type: Normal boot
18:49:49.0099 0948 ============================================================
18:49:49.0652 0948 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:49:49.0657 0948 ============================================================
18:49:49.0657 0948 \Device\Harddisk0\DR0:
18:49:49.0657 0948 MBR partitions:
18:49:49.0657 0948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x7337D800
18:49:49.0657 0948 ============================================================
18:49:49.0683 0948 C: <-> \Device\Harddisk0\DR0\Partition1
18:49:49.0683 0948 ============================================================
18:49:49.0683 0948 Initialize success
18:49:49.0683 0948 ============================================================
18:51:23.0276 2524 ============================================================
18:51:23.0276 2524 Scan started
18:51:23.0276 2524 Mode: Manual; SigCheck; TDLFS;
18:51:23.0276 2524 ============================================================
18:51:23.0370 2524 ================ Scan system memory ========================
18:51:23.0370 2524 System memory - ok
18:51:23.0371 2524 ================ Scan services =============================
18:51:23.0579 2524 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:51:23.0813 2524 1394ohci - ok
18:51:23.0848 2524 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:51:23.0867 2524 ACPI - ok
18:51:23.0879 2524 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:51:23.0917 2524 AcpiPmi - ok
18:51:24.0025 2524 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:51:24.0037 2524 AdobeARMservice - ok
18:51:24.0133 2524 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:51:24.0148 2524 AdobeFlashPlayerUpdateSvc - ok
18:51:24.0176 2524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:51:24.0196 2524 adp94xx - ok
18:51:24.0231 2524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:51:24.0249 2524 adpahci - ok
18:51:24.0266 2524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:51:24.0282 2524 adpu320 - ok
18:51:24.0315 2524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:51:24.0356 2524 AeLookupSvc - ok
18:51:24.0417 2524 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:51:24.0456 2524 AFD - ok
18:51:24.0476 2524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:51:24.0490 2524 agp440 - ok
18:51:24.0494 2524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:51:24.0551 2524 ALG - ok
18:51:24.0587 2524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:51:24.0600 2524 aliide - ok
18:51:24.0643 2524 [ 87E226C0E11182943D28E8BEC61618CD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:51:24.0692 2524 AMD External Events Utility - ok
18:51:24.0708 2524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:51:24.0721 2524 amdide - ok
18:51:24.0738 2524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:51:24.0766 2524 AmdK8 - ok
18:51:24.0895 2524 [ 446A1AAD34191665A8DF6092BD8EB5A8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:51:25.0063 2524 amdkmdag - ok
18:51:25.0079 2524 [ F8F8A908FDB005A65DDF7238C814EEA5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:51:25.0109 2524 amdkmdap - ok
18:51:25.0138 2524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:51:25.0164 2524 AmdPPM - ok
18:51:25.0202 2524 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:51:25.0216 2524 amdsata - ok
18:51:25.0238 2524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:51:25.0253 2524 amdsbs - ok
18:51:25.0262 2524 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:51:25.0276 2524 amdxata - ok
18:51:25.0290 2524 [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
18:51:30.0536 2524 amd_sata - ok
18:51:30.0569 2524 [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
18:51:30.0583 2524 amd_xata - ok
18:51:30.0639 2524 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:51:30.0682 2524 AppID - ok
18:51:30.0708 2524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:51:30.0749 2524 AppIDSvc - ok
18:51:30.0776 2524 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:51:30.0828 2524 Appinfo - ok
18:51:30.0852 2524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:51:30.0866 2524 arc - ok
18:51:30.0893 2524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:51:30.0907 2524 arcsas - ok
18:51:30.0953 2524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:51:31.0007 2524 AsyncMac - ok
18:51:31.0025 2524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:51:31.0038 2524 atapi - ok
18:51:31.0087 2524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:51:31.0144 2524 AudioEndpointBuilder - ok
18:51:31.0153 2524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:51:31.0190 2524 AudioSrv - ok
18:51:31.0235 2524 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:51:31.0295 2524 AxInstSV - ok
18:51:31.0337 2524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:51:31.0373 2524 b06bdrv - ok
18:51:31.0390 2524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:51:31.0427 2524 b57nd60a - ok
18:51:31.0518 2524 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
18:51:31.0533 2524 BBSvc - ok
18:51:31.0596 2524 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
18:51:31.0611 2524 BBUpdate - ok
18:51:31.0624 2524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:51:31.0660 2524 BDESVC - ok
18:51:31.0679 2524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:51:31.0711 2524 Beep - ok
18:51:31.0751 2524 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:51:31.0792 2524 BFE - ok
18:51:31.0823 2524 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:51:31.0885 2524 BITS - ok
18:51:31.0926 2524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:51:31.0952 2524 blbdrive - ok
18:51:31.0986 2524 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:51:32.0010 2524 bowser - ok
18:51:32.0032 2524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:51:32.0056 2524 BrFiltLo - ok
18:51:32.0067 2524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:51:32.0082 2524 BrFiltUp - ok
18:51:32.0108 2524 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:51:32.0145 2524 Browser - ok
18:51:32.0181 2524 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
18:51:32.0213 2524 BrSerIb - ok
18:51:32.0224 2524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:51:32.0253 2524 Brserid - ok
18:51:32.0268 2524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:51:32.0286 2524 BrSerWdm - ok
18:51:32.0304 2524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:51:32.0336 2524 BrUsbMdm - ok
18:51:32.0354 2524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:51:32.0384 2524 BrUsbSer - ok
18:51:32.0414 2524 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
18:51:32.0440 2524 BrUsbSIb - ok
18:51:32.0460 2524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:51:32.0489 2524 BTHMODEM - ok
18:51:32.0536 2524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:51:32.0572 2524 bthserv - ok
18:51:32.0614 2524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:51:32.0664 2524 cdfs - ok
18:51:32.0705 2524 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:51:32.0732 2524 cdrom - ok
18:51:32.0756 2524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:51:32.0806 2524 CertPropSvc - ok
18:51:32.0821 2524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:51:32.0838 2524 circlass - ok
18:51:32.0855 2524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:51:32.0873 2524 CLFS - ok
18:51:32.0939 2524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:51:32.0952 2524 clr_optimization_v2.0.50727_32 - ok
18:51:32.0999 2524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:51:33.0013 2524 clr_optimization_v2.0.50727_64 - ok
18:51:33.0163 2524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:51:33.0199 2524 clr_optimization_v4.0.30319_32 - ok
18:51:33.0278 2524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:51:33.0291 2524 clr_optimization_v4.0.30319_64 - ok
18:51:33.0323 2524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:51:33.0371 2524 CmBatt - ok
18:51:33.0514 2524 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
18:51:33.0567 2524 cmdAgent - ok
18:51:33.0614 2524 [ 2D6DC31AA55BFF702519235DEF0DA68E ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
18:51:33.0628 2524 cmderd - ok
18:51:33.0658 2524 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
18:51:33.0680 2524 cmdGuard - ok
18:51:33.0706 2524 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
18:51:33.0721 2524 cmdHlp - ok
18:51:33.0737 2524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:51:33.0750 2524 cmdide - ok
18:51:33.0783 2524 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:51:33.0830 2524 CNG - ok
18:51:33.0858 2524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:51:33.0870 2524 Compbatt - ok
18:51:33.0908 2524 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:51:33.0947 2524 CompositeBus - ok
18:51:33.0966 2524 COMSysApp - ok
18:51:34.0001 2524 cpuz130 - ok
18:51:34.0024 2524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:51:34.0039 2524 crcdisk - ok
18:51:34.0089 2524 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:51:34.0129 2524 CryptSvc - ok
18:51:34.0195 2524 [ 5A639B2B630B572FFE9B72448A8A514D ] DBService C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
18:51:34.0283 2524 DBService - ok
18:51:34.0312 2524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:51:34.0367 2524 DcomLaunch - ok
18:51:34.0411 2524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:51:34.0449 2524 defragsvc - ok
18:51:34.0473 2524 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:51:34.0512 2524 DfsC - ok
18:51:34.0559 2524 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:51:34.0605 2524 Dhcp - ok
18:51:34.0629 2524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:51:34.0671 2524 discache - ok
18:51:34.0728 2524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:51:34.0741 2524 Disk - ok
18:51:34.0766 2524 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:51:34.0810 2524 Dnscache - ok
18:51:34.0825 2524 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:51:34.0874 2524 dot3svc - ok
18:51:34.0894 2524 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:51:34.0942 2524 DPS - ok
18:51:35.0109 2524 [ 02F0870C07872CC506C33E79883082B3 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
18:51:35.0150 2524 DragonUpdater - ok
18:51:35.0197 2524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:51:35.0226 2524 drmkaud - ok
18:51:35.0251 2524 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:51:35.0275 2524 DXGKrnl - ok
18:51:35.0301 2524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:51:35.0335 2524 EapHost - ok
18:51:35.0383 2524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:51:35.0446 2524 ebdrv - ok
18:51:35.0473 2524 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:51:35.0505 2524 EFS - ok
18:51:35.0564 2524 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:51:35.0613 2524 ehRecvr - ok
18:51:35.0663 2524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:51:35.0683 2524 ehSched - ok
18:51:35.0739 2524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:51:35.0760 2524 elxstor - ok
18:51:35.0787 2524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:51:35.0811 2524 ErrDev - ok
18:51:35.0859 2524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:51:35.0903 2524 EventSystem - ok
18:51:35.0925 2524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:51:35.0961 2524 exfat - ok
18:51:35.0966 2524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:51:36.0002 2524 fastfat - ok
18:51:36.0058 2524 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:51:36.0103 2524 Fax - ok
18:51:36.0115 2524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:51:36.0137 2524 fdc - ok
18:51:36.0147 2524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:51:36.0185 2524 fdPHost - ok
18:51:36.0189 2524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:51:36.0232 2524 FDResPub - ok
18:51:36.0251 2524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:51:36.0265 2524 FileInfo - ok
18:51:36.0268 2524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:51:36.0323 2524 Filetrace - ok
18:51:36.0346 2524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:51:36.0361 2524 flpydisk - ok
18:51:36.0382 2524 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:51:36.0400 2524 FltMgr - ok
18:51:36.0439 2524 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:51:36.0472 2524 FontCache - ok
18:51:36.0517 2524 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:51:36.0590 2524 FontCache3.0.0.0 - ok
18:51:36.0595 2524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:51:36.0608 2524 FsDepends - ok
18:51:36.0636 2524 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:51:36.0648 2524 Fs_Rec - ok
18:51:36.0653 2524 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:51:36.0673 2524 fvevol - ok
18:51:36.0697 2524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:51:36.0711 2524 gagp30kx - ok
18:51:36.0726 2524 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:51:36.0770 2524 gpsvc - ok
18:51:36.0838 2524 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:51:36.0850 2524 gupdate - ok
18:51:36.0854 2524 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:51:36.0867 2524 gupdatem - ok
18:51:36.0887 2524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:51:36.0930 2524 hcw85cir - ok
18:51:36.0955 2524 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:51:36.0990 2524 HDAudBus - ok
18:51:37.0009 2524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:51:37.0038 2524 HidBatt - ok
18:51:37.0050 2524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:51:37.0069 2524 HidBth - ok
18:51:37.0095 2524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:51:37.0111 2524 HidIr - ok
18:51:37.0140 2524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:51:37.0175 2524 hidserv - ok
18:51:37.0227 2524 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:51:37.0242 2524 HidUsb - ok
18:51:37.0264 2524 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:51:37.0309 2524 hkmsvc - ok
18:51:37.0330 2524 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:51:37.0354 2524 HomeGroupListener - ok
18:51:37.0371 2524 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:51:37.0389 2524 HomeGroupProvider - ok
18:51:37.0442 2524 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:51:37.0456 2524 HpSAMD - ok
18:51:37.0492 2524 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:51:37.0545 2524 HTTP - ok
18:51:37.0549 2524 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:51:37.0563 2524 hwpolicy - ok
18:51:37.0585 2524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:51:37.0600 2524 i8042prt - ok
18:51:37.0623 2524 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:51:37.0643 2524 iaStorV - ok
18:51:37.0671 2524 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:51:37.0697 2524 idsvc - ok
18:51:37.0709 2524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:51:37.0722 2524 iirsp - ok
18:51:37.0746 2524 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:51:37.0796 2524 IKEEXT - ok
18:51:37.0845 2524 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
18:51:37.0860 2524 inspect - ok
18:51:37.0931 2524 [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:51:37.0975 2524 IntcAzAudAddService - ok
18:51:37.0989 2524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:51:38.0001 2524 intelide - ok
18:51:38.0039 2524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
18:51:38.0062 2524 intelppm - ok
18:51:38.0086 2524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:51:38.0129 2524 IPBusEnum - ok
18:51:38.0147 2524 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:51:38.0182 2524 IpFilterDriver - ok
18:51:38.0207 2524 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:51:38.0240 2524 iphlpsvc - ok
18:51:38.0263 2524 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:51:38.0285 2524 IPMIDRV - ok
18:51:38.0311 2524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:51:38.0356 2524 IPNAT - ok
18:51:38.0374 2524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:51:38.0407 2524 IRENUM - ok
18:51:38.0417 2524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:51:38.0429 2524 isapnp - ok
18:51:38.0440 2524 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:51:38.0457 2524 iScsiPrt - ok
18:51:38.0484 2524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:51:38.0498 2524 kbdclass - ok
18:51:38.0540 2524 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:51:38.0568 2524 kbdhid - ok
18:51:38.0585 2524 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:51:38.0600 2524 KeyIso - ok
18:51:38.0637 2524 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:51:38.0652 2524 KSecDD - ok
18:51:38.0663 2524 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:51:38.0680 2524 KSecPkg - ok
18:51:38.0683 2524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:51:38.0732 2524 ksthunk - ok
18:51:38.0754 2524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:51:38.0800 2524 KtmRm - ok
18:51:38.0825 2524 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:51:38.0872 2524 LanmanServer - ok
18:51:38.0899 2524 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:51:38.0934 2524 LanmanWorkstation - ok
18:51:38.0966 2524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:51:39.0013 2524 lltdio - ok
18:51:39.0035 2524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:51:39.0086 2524 lltdsvc - ok
18:51:39.0089 2524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:51:39.0127 2524 lmhosts - ok
18:51:39.0158 2524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:51:39.0172 2524 LSI_FC - ok
18:51:39.0196 2524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:51:39.0212 2524 LSI_SAS - ok
18:51:39.0235 2524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:51:39.0248 2524 LSI_SAS2 - ok
18:51:39.0288 2524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:51:39.0303 2524 LSI_SCSI - ok
18:51:39.0323 2524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:51:39.0364 2524 luafv - ok
18:51:39.0413 2524 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:51:39.0428 2524 MBAMProtector - ok
18:51:39.0481 2524 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:51:39.0573 2524 MBAMScheduler - ok
18:51:39.0602 2524 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:51:39.0706 2524 MBAMService - ok
18:51:39.0738 2524 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:51:39.0755 2524 Mcx2Svc - ok
18:51:39.0777 2524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:51:39.0790 2524 megasas - ok
18:51:39.0800 2524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:51:39.0818 2524 MegaSR - ok
18:51:39.0861 2524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:51:39.0902 2524 MMCSS - ok
18:51:39.0916 2524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:51:39.0950 2524 Modem - ok
18:51:39.0953 2524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:51:39.0985 2524 monitor - ok
18:51:40.0018 2524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:51:40.0031 2524 mouclass - ok
18:51:40.0069 2524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
18:51:40.0098 2524 mouhid - ok
18:51:40.0127 2524 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:51:40.0140 2524 mountmgr - ok
18:51:40.0166 2524 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:51:40.0275 2524 MozillaMaintenance - ok
18:51:40.0293 2524 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:51:40.0308 2524 mpio - ok
18:51:40.0322 2524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:51:40.0356 2524 mpsdrv - ok
18:51:40.0389 2524 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:51:40.0441 2524 MpsSvc - ok
18:51:40.0460 2524 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:51:40.0489 2524 MRxDAV - ok
18:51:40.0520 2524 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:51:40.0543 2524 mrxsmb - ok
18:51:40.0549 2524 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:51:40.0570 2524 mrxsmb10 - ok
18:51:40.0575 2524 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:51:40.0589 2524 mrxsmb20 - ok
18:51:40.0594 2524 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:51:40.0608 2524 msahci - ok
18:51:40.0623 2524 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:51:40.0639 2524 msdsm - ok
18:51:40.0655 2524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:51:40.0681 2524 MSDTC - ok
18:51:40.0690 2524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:51:40.0726 2524 Msfs - ok
18:51:40.0744 2524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:51:40.0778 2524 mshidkmdf - ok
18:51:40.0801 2524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:51:40.0815 2524 msisadrv - ok
18:51:40.0837 2524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:51:40.0875 2524 MSiSCSI - ok
18:51:40.0880 2524 msiserver - ok
18:51:40.0920 2524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:51:40.0966 2524 MSKSSRV - ok
18:51:40.0970 2524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:51:41.0005 2524 MSPCLOCK - ok
18:51:41.0009 2524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:51:41.0051 2524 MSPQM - ok
18:51:41.0073 2524 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:51:41.0092 2524 MsRPC - ok
18:51:41.0115 2524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:51:41.0127 2524 mssmbios - ok
18:51:41.0131 2524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:51:41.0165 2524 MSTEE - ok
18:51:41.0169 2524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:51:41.0184 2524 MTConfig - ok
18:51:41.0193 2524 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\drivers\ASACPI.sys
18:51:41.0207 2524 MTsensor - ok
18:51:41.0212 2524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:51:41.0226 2524 Mup - ok
18:51:41.0250 2524 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:51:41.0299 2524 napagent - ok
18:51:41.0336 2524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:51:41.0366 2524 NativeWifiP - ok
18:51:41.0408 2524 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:51:41.0440 2524 NDIS - ok
18:51:41.0445 2524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:51:41.0480 2524 NdisCap - ok
18:51:41.0492 2524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:51:41.0526 2524 NdisTapi - ok
18:51:41.0548 2524 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:51:41.0588 2524 Ndisuio - ok
18:51:41.0593 2524 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:51:41.0631 2524 NdisWan - ok
18:51:41.0650 2524 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:51:41.0694 2524 NDProxy - ok
18:51:41.0726 2524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:51:41.0767 2524 NetBIOS - ok
18:51:41.0779 2524 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:51:41.0814 2524 NetBT - ok
18:51:41.0831 2524 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:51:41.0845 2524 Netlogon - ok
18:51:41.0874 2524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:51:41.0922 2524 Netman - ok
18:51:41.0939 2524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:51:41.0987 2524 netprofm - ok
18:51:42.0011 2524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:51:42.0087 2524 NetTcpPortSharing - ok
18:51:42.0127 2524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:51:42.0141 2524 nfrd960 - ok
18:51:42.0168 2524 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:51:42.0193 2524 NlaSvc - ok
18:51:42.0225 2524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:51:42.0261 2524 Npfs - ok
18:51:42.0286 2524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:51:42.0320 2524 nsi - ok
18:51:42.0325 2524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:51:42.0367 2524 nsiproxy - ok
18:51:42.0423 2524 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:51:42.0463 2524 Ntfs - ok
18:51:42.0468 2524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:51:42.0520 2524 Null - ok
18:51:42.0540 2524 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:51:42.0556 2524 nvraid - ok
18:51:42.0571 2524 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:51:42.0586 2524 nvstor - ok
18:51:42.0607 2524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:51:42.0621 2524 nv_agp - ok
18:51:42.0635 2524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:51:42.0658 2524 ohci1394 - ok
18:51:42.0691 2524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:51:42.0736 2524 p2pimsvc - ok
18:51:42.0769 2524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:51:42.0788 2524 p2psvc - ok
18:51:42.0828 2524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:51:42.0855 2524 Parport - ok
18:51:42.0878 2524 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:51:42.0893 2524 partmgr - ok
18:51:42.0898 2524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:51:42.0930 2524 PcaSvc - ok
18:51:42.0951 2524 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:51:42.0965 2524 pci - ok
18:51:42.0982 2524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:51:42.0995 2524 pciide - ok
18:51:43.0015 2524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:51:43.0032 2524 pcmcia - ok
18:51:43.0063 2524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:51:43.0076 2524 pcw - ok
18:51:43.0087 2524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:51:43.0128 2524 PEAUTH - ok
18:51:43.0180 2524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:51:43.0267 2524 PerfHost - ok
18:51:43.0312 2524 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:51:43.0373 2524 pla - ok
18:51:43.0403 2524 [ 9B03B2D34D46F88638D51066531D08DC ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
18:51:43.0489 2524 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:51:43.0489 2524 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:51:43.0544 2524 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:51:43.0569 2524 PlugPlay - ok
18:51:43.0579 2524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:51:43.0602 2524 PNRPAutoReg - ok
18:51:43.0610 2524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:51:43.0627 2524 PNRPsvc - ok
18:51:43.0653 2524 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:51:43.0706 2524 PolicyAgent - ok
18:51:43.0738 2524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:51:43.0774 2524 Power - ok
18:51:43.0816 2524 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:51:43.0859 2524 PptpMiniport - ok
18:51:43.0877 2524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:51:43.0893 2524 Processor - ok
18:51:43.0950 2524 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:51:43.0984 2524 ProfSvc - ok
18:51:44.0000 2524 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:51:44.0015 2524 ProtectedStorage - ok
18:51:44.0059 2524 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:51:44.0105 2524 Psched - ok
18:51:44.0153 2524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:51:44.0190 2524 ql2300 - ok
18:51:44.0207 2524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:51:44.0222 2524 ql40xx - ok
18:51:44.0243 2524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:51:44.0266 2524 QWAVE - ok
18:51:44.0274 2524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:51:44.0293 2524 QWAVEdrv - ok
18:51:44.0297 2524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:51:44.0331 2524 RasAcd - ok
18:51:44.0343 2524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:51:44.0376 2524 RasAgileVpn - ok
18:51:44.0390 2524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:51:44.0436 2524 RasAuto - ok
18:51:44.0452 2524 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:51:44.0498 2524 Rasl2tp - ok
18:51:44.0523 2524 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:51:44.0560 2524 RasMan - ok
18:51:44.0566 2524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:51:44.0608 2524 RasPppoe - ok
18:51:44.0613 2524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:51:44.0647 2524 RasSstp - ok
18:51:44.0658 2524 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:51:44.0697 2524 rdbss - ok
18:51:44.0709 2524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:51:44.0735 2524 rdpbus - ok
18:51:44.0740 2524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:51:44.0772 2524 RDPCDD - ok
18:51:44.0780 2524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:51:44.0820 2524 RDPENCDD - ok
18:51:44.0827 2524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:51:44.0860 2524 RDPREFMP - ok
18:51:44.0894 2524 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:51:44.0929 2524 RDPWD - ok
18:51:44.0943 2524 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:51:44.0959 2524 rdyboost - ok
18:51:44.0982 2524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:51:45.0019 2524 RemoteAccess - ok
18:51:45.0033 2524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:51:45.0085 2524 RemoteRegistry - ok
18:51:45.0100 2524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:51:45.0148 2524 RpcEptMapper - ok
18:51:45.0158 2524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:51:45.0180 2524 RpcLocator - ok
18:51:45.0199 2524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:51:45.0237 2524 RpcSs - ok
18:51:45.0248 2524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:51:45.0281 2524 rspndr - ok
18:51:45.0307 2524 [ 6CF9DB101A75360E98659F823852E540 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:51:45.0328 2524 RTL8167 - ok
18:51:45.0334 2524 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:51:45.0349 2524 SamSs - ok
18:51:45.0357 2524 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:51:45.0371 2524 sbp2port - ok
18:51:45.0397 2524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:51:45.0446 2524 SCardSvr - ok
18:51:45.0460 2524 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:51:45.0502 2524 scfilter - ok
18:51:45.0538 2524 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:51:45.0599 2524 Schedule - ok
18:51:45.0622 2524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:51:45.0654 2524 SCPolicySvc - ok
18:51:45.0670 2524 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:51:45.0706 2524 SDRSVC - ok
18:51:45.0710 2524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:51:45.0745 2524 secdrv - ok
18:51:45.0758 2524 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:51:45.0799 2524 seclogon - ok
18:51:45.0813 2524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:51:45.0849 2524 SENS - ok
18:51:45.0870 2524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:51:45.0910 2524 SensrSvc - ok
18:51:45.0944 2524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:51:45.0966 2524 Serenum - ok
18:51:45.0988 2524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:51:46.0002 2524 Serial - ok
18:51:46.0030 2524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:51:46.0050 2524 sermouse - ok
18:51:46.0073 2524 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:51:46.0123 2524 SessionEnv - ok
18:51:46.0146 2524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:51:46.0164 2524 sffdisk - ok
18:51:46.0196 2524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:51:46.0223 2524 sffp_mmc - ok
18:51:46.0236 2524 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:51:46.0259 2524 sffp_sd - ok
18:51:46.0282 2524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:51:46.0297 2524 sfloppy - ok
18:51:46.0320 2524 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:51:46.0358 2524 SharedAccess - ok
18:51:46.0377 2524 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:51:46.0414 2524 ShellHWDetection - ok
18:51:46.0449 2524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:51:46.0463 2524 SiSRaid2 - ok
18:51:46.0476 2524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:51:46.0491 2524 SiSRaid4 - ok
18:51:46.0544 2524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:51:46.0591 2524 Smb - ok
18:51:46.0632 2524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:51:46.0663 2524 SNMPTRAP - ok
18:51:46.0682 2524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:51:46.0696 2524 spldr - ok
18:51:46.0742 2524 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:51:46.0779 2524 Spooler - ok
18:51:46.0836 2524 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:51:46.0902 2524 sppsvc - ok
18:51:46.0921 2524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:51:46.0956 2524 sppuinotify - ok
18:51:47.0025 2524 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys
18:51:47.0025 2524 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
18:51:47.0026 2524 sptd ( LockedFile.Multi.Generic ) - warning
18:51:47.0026 2524 sptd - detected LockedFile.Multi.Generic (1)
18:51:47.0062 2524 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:51:47.0083 2524 srv - ok
18:51:47.0092 2524 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:51:47.0121 2524 srv2 - ok
18:51:47.0140 2524 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:51:47.0154 2524 srvnet - ok
18:51:47.0166 2524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:51:47.0203 2524 SSDPSRV - ok
18:51:47.0217 2524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:51:47.0254 2524 SstpSvc - ok
18:51:47.0304 2524 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\StarWind\StarWindServiceAE.exe
18:51:47.0325 2524 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
18:51:47.0325 2524 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
18:51:47.0337 2524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:51:47.0350 2524 stexstor - ok
18:51:47.0403 2524 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:51:47.0439 2524 stisvc - ok
18:51:47.0449 2524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:51:47.0461 2524 swenum - ok
18:51:47.0489 2524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:51:47.0532 2524 swprv - ok
18:51:47.0566 2524 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:51:47.0614 2524 SysMain - ok
18:51:47.0635 2524 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:51:47.0668 2524 TabletInputService - ok
18:51:47.0676 2524 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:51:47.0717 2524 TapiSrv - ok
18:51:47.0731 2524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:51:47.0768 2524 TBS - ok
18:51:47.0821 2524 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:51:47.0876 2524 Tcpip - ok
18:51:47.0902 2524 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:51:47.0937 2524 TCPIP6 - ok
18:51:47.0962 2524 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:51:47.0977 2524 tcpipreg - ok
18:51:47.0993 2524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:51:48.0027 2524 TDPIPE - ok
18:51:48.0050 2524 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:51:48.0074 2524 TDTCP - ok
18:51:48.0112 2524 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:51:48.0146 2524 tdx - ok
18:51:48.0158 2524 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:51:48.0171 2524 TermDD - ok
18:51:48.0189 2524 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:51:48.0231 2524 TermService - ok
18:51:48.0248 2524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:51:48.0279 2524 Themes - ok
18:51:48.0290 2524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:51:48.0324 2524 THREADORDER - ok
18:51:48.0340 2524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:51:48.0385 2524 TrkWks - ok
18:51:48.0422 2524 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:51:48.0455 2524 TrustedInstaller - ok
18:51:48.0464 2524 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:51:48.0511 2524 tssecsrv - ok
18:51:48.0533 2524 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:51:48.0562 2524 TsUsbFlt - ok
18:51:48.0572 2524 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:51:48.0597 2524 TsUsbGD - ok
18:51:48.0631 2524 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:51:48.0680 2524 tunnel - ok
18:51:48.0686 2524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:51:48.0700 2524 uagp35 - ok
18:51:48.0718 2524 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:51:48.0763 2524 udfs - ok
18:51:48.0788 2524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:51:48.0813 2524 UI0Detect - ok
18:51:48.0841 2524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:51:48.0855 2524 uliagpkx - ok
18:51:48.0900 2524 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:51:48.0919 2524 umbus - ok
18:51:48.0945 2524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:51:48.0970 2524 UmPass - ok
18:51:48.0986 2524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:51:49.0036 2524 upnphost - ok
18:51:49.0053 2524 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:51:49.0093 2524 usbccgp - ok
18:51:49.0138 2524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:51:49.0157 2524 usbcir - ok
18:51:49.0181 2524 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:51:49.0208 2524 usbehci - ok
18:51:49.0230 2524 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
18:51:49.0254 2524 usbhub - ok
18:51:49.0268 2524 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:51:49.0297 2524 usbohci - ok
18:51:49.0346 2524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:51:49.0372 2524 usbprint - ok
18:51:49.0402 2524 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:51:49.0419 2524 usbscan - ok
18:51:49.0435 2524 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:51:49.0470 2524 USBSTOR - ok
18:51:49.0485 2524 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:51:49.0506 2524 usbuhci - ok
18:51:49.0522 2524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:51:49.0557 2524 UxSms - ok
18:51:49.0581 2524 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:51:49.0595 2524 VaultSvc - ok
18:51:49.0626 2524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:51:49.0640 2524 vdrvroot - ok
18:51:49.0692 2524 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:51:49.0742 2524 vds - ok
18:51:49.0797 2524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:51:49.0813 2524 vga - ok
18:51:49.0828 2524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:51:49.0861 2524 VgaSave - ok
18:51:49.0892 2524 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:51:49.0907 2524 vhdmp - ok
18:51:49.0922 2524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:51:49.0934 2524 viaide - ok
18:51:49.0957 2524 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:51:49.0971 2524 volmgr - ok
18:51:49.0997 2524 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:51:50.0014 2524 volmgrx - ok
18:51:50.0040 2524 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:51:50.0057 2524 volsnap - ok
18:51:50.0102 2524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:51:50.0118 2524 vsmraid - ok
18:51:50.0156 2524 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:51:50.0220 2524 VSS - ok
18:51:50.0239 2524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:51:50.0263 2524 vwifibus - ok
18:51:50.0291 2524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:51:50.0332 2524 W32Time - ok
18:51:50.0351 2524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:51:50.0379 2524 WacomPen - ok
18:51:50.0424 2524 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:51:50.0470 2524 WANARP - ok
18:51:50.0493 2524 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:51:50.0526 2524 Wanarpv6 - ok
18:51:50.0568 2524 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:51:50.0626 2524 wbengine - ok
18:51:50.0640 2524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:51:50.0663 2524 WbioSrvc - ok
18:51:50.0672 2524 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:51:50.0708 2524 wcncsvc - ok
18:51:50.0723 2524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:51:50.0747 2524 WcsPlugInService - ok
18:51:50.0773 2524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:51:50.0786 2524 Wd - ok
18:51:50.0823 2524 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:51:50.0853 2524 Wdf01000 - ok
18:51:50.0858 2524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:51:50.0923 2524 WdiServiceHost - ok
18:51:50.0928 2524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:51:50.0948 2524 WdiSystemHost - ok
18:51:50.0961 2524 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:51:50.0995 2524 WebClient - ok
18:51:51.0013 2524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:51:51.0062 2524 Wecsvc - ok
18:51:51.0077 2524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:51:51.0123 2524 wercplsupport - ok
18:51:51.0141 2524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:51:51.0175 2524 WerSvc - ok
18:51:51.0190 2524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:51:51.0223 2524 WfpLwf - ok
18:51:51.0229 2524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:51:51.0243 2524 WIMMount - ok
18:51:51.0258 2524 WinDefend - ok
18:51:51.0266 2524 WinHttpAutoProxySvc - ok
18:51:51.0314 2524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:51:51.0351 2524 Winmgmt - ok
18:51:51.0397 2524 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:51:51.0455 2524 WinRM - ok
18:51:51.0519 2524 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:51:51.0552 2524 WinUsb - ok
18:51:51.0587 2524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:51:51.0628 2524 Wlansvc - ok
18:51:51.0739 2524 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:51:51.0751 2524 wlcrasvc - ok
18:51:51.0841 2524 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:51:51.0889 2524 wlidsvc - ok
18:51:51.0903 2524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:51:51.0917 2524 WmiAcpi - ok
18:51:51.0944 2524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:51:51.0976 2524 wmiApSrv - ok
18:51:51.0994 2524 WMPNetworkSvc - ok
18:51:52.0007 2524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:51:52.0032 2524 WPCSvc - ok
18:51:52.0045 2524 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:51:52.0063 2524 WPDBusEnum - ok
18:51:52.0078 2524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:51:52.0113 2524 ws2ifsl - ok
18:51:52.0128 2524 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:51:52.0158 2524 wscsvc - ok
18:51:52.0163 2524 WSearch - ok
18:51:52.0233 2524 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:51:52.0285 2524 wuauserv - ok
18:51:52.0317 2524 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:51:52.0359 2524 WudfPf - ok
18:51:52.0405 2524 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:51:52.0433 2524 WUDFRd - ok
18:51:52.0460 2524 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:51:52.0487 2524 wudfsvc - ok
18:51:52.0505 2524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:51:52.0527 2524 WwanSvc - ok
18:51:52.0550 2524 ================ Scan global ===============================
18:51:52.0581 2524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:51:52.0605 2524 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:51:52.0611 2524 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:51:52.0631 2524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:51:52.0652 2524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:51:52.0655 2524 [Global] - ok
18:51:52.0656 2524 ================ Scan MBR ==================================
18:51:52.0666 2524 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:51:52.0861 2524 \Device\Harddisk0\DR0 - ok
18:51:52.0862 2524 ================ Scan VBR ==================================
18:51:52.0864 2524 [ E30C2C84493D010BB14F3E6B4F6E3DB6 ] \Device\Harddisk0\DR0\Partition1
18:51:52.0865 2524 \Device\Harddisk0\DR0\Partition1 - ok
18:51:52.0867 2524 ============================================================
18:51:52.0867 2524 Scan finished
18:51:52.0867 2524 ============================================================
18:51:52.0874 2392 Detected object count: 3
18:51:52.0874 2392 Actual detected object count: 3
18:53:30.0422 2392 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:30.0422 2392 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:30.0425 2392 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:53:30.0425 2392 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:53:30.0426 2392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:30.0426 2392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:55.0296 4080 Deinitialize success

Alt 03.01.2013, 19:26   #10
markusg
/// Malware-holic
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.01.2013, 00:52   #11
nonarthur
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-03.05 - xxxxxxxxxxxxxxxxxx 04.01.2013   0:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7918.6522 [GMT 1:00]
ausgeführt von:: c:\users\xxxxxxxxxxxxxxxxxx\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-03 23:43 . 2013-01-03 23:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-31 13:07 . 2012-12-31 13:07	--------	d-----w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Local\Programs
2012-12-21 10:46 . 2012-12-21 10:46	--------	d-----w-	C:\VritualRoot
2012-12-21 08:34 . 2012-12-21 08:34	--------	d-----w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Malwarebytes
2012-12-21 08:34 . 2012-12-21 08:34	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-21 08:34 . 2012-12-31 13:07	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-21 08:34 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-21 02:01 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 02:01 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 02:01 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-21 02:01 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-20 19:33 . 2012-12-23 21:12	50952	----a-w-	c:\windows\system32\certsentry.dll
2012-12-20 19:33 . 2012-12-23 21:12	42760	----a-w-	c:\windows\SysWow64\certsentry.dll
2012-12-20 19:33 . 2012-12-20 19:33	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-12-20 19:33 . 2012-12-20 19:33	1700352	----a-w-	c:\windows\SysWow64\gdiplus.dll
2012-12-20 19:33 . 2012-12-20 19:33	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2012-12-19 22:15 . 2012-12-19 22:15	16363960	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-19 21:50 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE912D84-8200-4FD4-93CF-F6C2F7BF6C4E}\mpengine.dll
2012-12-18 22:35 . 2012-12-19 14:02	--------	d-----w-	c:\programdata\Spyware Terminator
2012-12-18 22:35 . 2012-12-18 22:35	--------	d-----w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Spyware Terminator
2012-12-18 22:33 . 2012-12-19 14:02	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2012-12-15 22:11 . 2012-12-15 22:11	--------	d-----w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\PCToolsFirewallPlus
2012-12-15 22:11 . 2012-12-19 14:02	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2012-12-15 22:11 . 2012-12-19 14:02	--------	d-----w-	c:\program files (x86)\PC Tools Firewall Plus
2012-12-15 21:21 . 2012-12-15 21:21	--------	d-----w-	c:\programdata\CPA_VA
2012-12-15 20:50 . 2012-12-15 20:50	--------	d-----w-	c:\program files (x86)\CheckPoint
2012-12-15 20:50 . 2012-12-15 20:50	--------	d-----w-	c:\programdata\CheckPoint
2012-12-15 20:19 . 2012-12-22 21:47	--------	d-----w-	c:\programdata\Comodo
2012-12-15 20:19 . 2012-12-20 19:54	--------	d-----w-	c:\program files\COMODO
2012-12-15 20:19 . 2012-12-15 21:16	--------	d-----w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Local\Comodo
2012-12-15 20:19 . 2012-12-23 21:12	--------	d-----w-	c:\program files (x86)\Comodo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 22:16 . 2012-06-25 13:22	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-19 22:16 . 2012-06-02 21:43	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-19 21:57 . 2012-06-10 10:02	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-07 22:38 . 2012-11-07 22:38	94288	----a-w-	c:\windows\system32\drivers\inspect.sys
2012-11-07 22:38 . 2012-11-07 22:38	38144	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 22:38 . 2012-11-07 22:38	584056	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 22:37 . 2012-11-07 22:37	22736	----a-w-	c:\windows\system32\drivers\cmderd.sys
2012-11-07 22:37 . 2012-11-07 22:37	41240	----a-w-	c:\windows\system32\cmdcsr.dll
2012-11-07 22:37 . 2012-11-07 22:37	301264	----a-w-	c:\windows\SysWow64\guard32.dll
2012-11-07 22:37 . 2012-11-07 22:37	390392	----a-w-	c:\windows\system32\guard64.dll
2012-10-30 22:50 . 2012-08-31 20:56	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-12-19 21:50	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-19 21:50	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-19 21:50	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 14:48	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 14:48	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 14:48	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 14:48	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\AxAutoMntSrv.exe" [2010-08-20 33120]
"SJelite3Launch"="c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe" [2009-04-03 176128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
HotSync Manager.lnk - c:\program files (x86)\palmOne\HOTSYNC.EXE [2004-4-13 299008]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-11 77952]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-11 37504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-29 503352]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-11-07 22736]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2010-10-28 189776]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-12-19 1868432]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-23 648808]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 50571652
*NewlyCreated* - 78865984
*Deregistered* - 50571652
*Deregistered* - 78865984
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 22:16]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 20:56]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 20:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ndcaucj4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.innehalten.org/
FF - ExtSQL: 2012-11-19 21:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-MAGIXautostart - d:\install\program\setup.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-04  00:47:07
ComboFix-quarantined-files.txt  2013-01-03 23:47
.
Vor Suchlauf: 9 Verzeichnis(se), 889.787.908.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 889.806.884.864 Bytes frei
.
- - End Of File - - 437A7E71FB6ED15E07B2AD0C7A20B50E
         
--- --- ---

Alt 05.01.2013, 18:30   #12
markusg
/// Malware-holic
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2013, 22:17   #13
nonarthur
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hallo
manche Microsoftprogramme kann ich nicht beurteilen. Hier die Liste:




ABC Amber Audio Converter 02.06.2012notwendig
AbiWord 2.8.6 AbiSource Developers 01.06.2012 2.8.6unnötig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 18.12.2012 6,00MB 11.5.502.135notwendig
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 16.08.2012 121,9MB 10.1.4notwendig
Audacity 1.3.14 (Unicode) Audacity Team 02.06.2012 40,5MB unnötig
Bing Bar Microsoft Corporation 12.09.2012 0,45MB 7.1.391.0unbekannt
Canon MP Navigator EX 4.0 03.06.2012notwendig
Canon Solution Menu EX 03.06.2012notwendig
CanoScan LiDE 210 Scanner Driver 03.06.2012notwendig
CCleaner Piriform 23.12.2012 3.15notwendig
CDBurnerXP CDBurnerXP 20.11.2012 12,4MB 4.4.2.3442notwendig
Comodo Dragon COMODO 22.12.2012 70,7MB 23.4.0.0unnötig
COMODO Internet Security COMODO Security Solutions Inc. 19.12.2012 162,5MB 5.12.59641.2599notwendig
COMODO Internet Security COMODO Security Solutions Inc. 20.12.2012 5.12.59641.2599notwendig???
DATA BECKER capella studio & scan 2.0 DATA BECKER GmbH & Co. KG 15.06.2012 122,6MB 6.0.17.0unnötig
Die Siedler IV 24.07.2012unnötig
Dropbox Dropbox, Inc. 02.01.2013 1.6.11notwendig
FileZilla Client 3.5.3 FileZilla Project 22.07.2012 16,6MB 3.5.3notwendig
FreeDoko 0.7.10 Borg Enders und Diether Knof 02.06.2012 0.7.10notwendig
Futuremark SystemInfo Futuremark Corporation 28.05.2012 3.21.2.1unbekannt
InfraRecorder Christian Kindahl 01.06.2012 unnötig
Java(TM) 6 Update 37 Oracle 01.07.2012 95,7MB 6.0.370notwendig
LIMBO 29.06.2012 92,9MB unnötig
MAGIX music studio 2004 deLuxe MAGIX AG 02.06.2012 1.0.1.545notwendig
MAGIX notation 02.06.2012 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 30.12.2012 18,5MB 1.70.0.1100notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.06.2012 38,8MB 4.0.30319unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.06.2012 2,94MB 4.0.30319unbekannt
Microsoft Office 2010 Microsoft Corporation 28.05.2012 6,31MB 14.0.4763.1000unnötig
Microsoft Silverlight Microsoft Corporation 17.07.2012 40,4MB 4.1.10329.0unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.05.2012 1,70MB 3.1.0000unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.07.2012 0,29MB 8.0.61001unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 02.06.2012 0,77MB 9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.07.2012 0,76MB 9.0.30729.6161unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 01.06.2012 2,06MB 9.0.21022unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.06.2012 0,58MB 9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.07.2012 0,58MB 9.0.30729.6161unbekannt
Mozilla Firefox 17.0.1 (x86 de) Mozilla 20.12.2012 41,1MB 17.0.1notwendig
Mozilla Maintenance Service Mozilla 20.12.2012 0,32MB 17.0.1unbekannt
Mozilla Thunderbird 10.0.2 (x86 de) Mozilla 01.06.2012 37,3MB 10.0.2notwendig
MuseScore 1.2 MuseScore score typesetter Werner Schweer and Others 07.07.2012 1.2.0unnötig
OpenAL 01.06.2012 unbekannt
OpenOffice.org 3.3 OpenOffice.org 02.06.2012 415MB 3.3.9567notwendig
Paint.NET v3.5.10 dotPDN LLC 01.06.2012 10,7MB 3.60.0notwendig
Palm Desktop Palm, Inc. 01.06.2012 38,5MB 4.1.0410notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.05.2012 6.0.1.6215notwendig
VLC media player 2.0.1 VideoLAN 02.06.2012 2.0.1notwendig
Windows Live Essentials Microsoft Corporation 18.07.2012 15.4.3555.0308notwendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 28.05.2012 5,58MB 15.4.5722.2unbekannt

Alt 07.01.2013, 16:35   #14
markusg
/// Malware-holic
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



Hi
du hast die Bezeichnungen direkt an die Versionsnummer getan, das kann man schlecht lesen, bitte noch mal erstellen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.01.2013, 23:15   #15
nonarthur
 
TrojWare.Win32.Buzus.carj@283207124 - Standard

TrojWare.Win32.Buzus.carj@283207124



ABC Amber Audio Converter 02.06.2012 notwendig
AbiWord 2.8.6 AbiSource Developers 01.06.2012 2.8.6 unnötig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 18.12.2012 6,00MB 11.5.502.135 notwendig
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 16.08.2012 121,9MB 10.1.4 notwendig
Audacity 1.3.14 (Unicode) Audacity Team 02.06.2012 40,5MB unnötig
Bing Bar Microsoft Corporation 12.09.2012 0,45MB 7.1.391.0 unbekannt
Canon MP Navigator EX 4.0 03.06.2012 notwendig
Canon Solution Menu EX 03.06.2012 notwendig
CanoScan LiDE 210 Scanner Driver 03.06.2012 notwendig
CCleaner Piriform 23.12.2012 3.15 notwendig
CDBurnerXP CDBurnerXP 20.11.2012 12,4MB 4.4.2.3442 notwendig
Comodo Dragon COMODO 22.12.2012 70,7MB 23.4.0.0 unnötig
COMODO Internet Security COMODO Security Solutions Inc. 19.12.2012 162,5MB 5.12.59641.2599 notwendig
COMODO Internet Security COMODO Security Solutions Inc. 20.12.2012 5.12.59641.2599 notwendig???
DATA BECKER capella studio & scan 2.0 DATA BECKER GmbH & Co. KG 15.06.2012 122,6MB 6.0.17.0 unnötig
Die Siedler IV 24.07.2012 unnötig
Dropbox Dropbox, Inc. 02.01.2013 1.6.11 notwendig
FileZilla Client 3.5.3 FileZilla Project 22.07.2012 16,6MB 3.5.3 notwendig
FreeDoko 0.7.10 Borg Enders und Diether Knof 02.06.2012 0.7.10 notwendig
Futuremark SystemInfo Futuremark Corporation 28.05.2012 3.21.2.1 unbekannt
InfraRecorder Christian Kindahl 01.06.2012 unnötig
Java(TM) 6 Update 37 Oracle 01.07.2012 95,7MB 6.0.370 notwendig
LIMBO 29.06.2012 92,9MB unnötig
MAGIX music studio 2004 deLuxe MAGIX AG 02.06.2012 1.0.1.545 notwendig
MAGIX notation 02.06.2012 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 30.12.2012 18,5MB 1.70.0.1100 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.06.2012 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.06.2012 2,94MB 4.0.30319 unbekannt
Microsoft Office 2010 Microsoft Corporation 28.05.2012 6,31MB 14.0.4763.1000 unnötig
Microsoft Silverlight Microsoft Corporation 17.07.2012 40,4MB 4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.05.2012 1,70MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.07.2012 0,29MB 8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 02.06.2012 0,77MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.07.2012 0,76MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 01.06.2012 2,06MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.06.2012 0,58MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.07.2012 0,58MB 9.0.30729.6161 unbekannt
Mozilla Firefox 17.0.1 (x86 de) Mozilla 20.12.2012 41,1MB 17.0.1 notwendig
Mozilla Maintenance Service Mozilla 20.12.2012 0,32MB 17.0.1 unbekannt
Mozilla Thunderbird 10.0.2 (x86 de) Mozilla 01.06.2012 37,3MB 10.0.2 notwendig
MuseScore 1.2 MuseScore score typesetter Werner Schweer and Others 07.07.2012 1.2.0 unnötig
OpenAL 01.06.2012 unbekannt
OpenOffice.org 3.3 OpenOffice.org 02.06.2012 415MB 3.3.9567 notwendig
Paint.NET v3.5.10 dotPDN LLC 01.06.2012 10,7MB 3.60.0 notwendig
Palm Desktop Palm, Inc. 01.06.2012 38,5MB 4.1.0410 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.05.2012 6.0.1.6215 notwendig
VLC media player 2.0.1 VideoLAN 02.06.2012 2.0.1 notwendig
Windows Live Essentials Microsoft Corporation 18.07.2012 15.4.3555.0308 notwendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 28.05.2012 5,58MB 15.4.5722.2 unbekannt

Antwort

Themen zu TrojWare.Win32.Buzus.carj@283207124
comodo, durchsucht, entdeck, entdeckt, freeware, freue, hinweise, installier, installiert, komplette, kurzem, quarantäne, stelle, system, temp, troja, trojaner, windows, windows\temp




Ähnliche Themen: TrojWare.Win32.Buzus.carj@283207124


  1. Trojan.FakeMS.ED, Trojan.FakeMS, trojware.win32.injector
    Log-Analyse und Auswertung - 03.09.2014 (19)
  2. TrojWare.Win32.VB.HEFF@312803905
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (3)
  3. Trojan.Win32.Buzus.nzom danach 20 Malware
    Log-Analyse und Auswertung - 17.09.2013 (11)
  4. Viele Trojaner im System: Kitana-134/Win32:Crypt -Buzus -Banker -...
    Plagegeister aller Art und deren Bekämpfung - 28.07.2013 (11)
  5. TrojWare.JS.Agent.IL in AdAware eingenistet?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (17)
  6. TrojWare.Win32.Buzus.carj in C:\Windows\Temp\HInfo.exe bzw. C:\Windows\Temp\restart.exe
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  7. TrojWare.Win32.Simda.C@282510848 Kann mir jemand helfen!
    Log-Analyse und Auswertung - 07.06.2012 (3)
  8. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Log-Analyse und Auswertung - 06.04.2012 (3)
  9. TrojWare.Win32.Trojan.Agent.Gen@1 in temp/upd.exe gefunden! Lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (16)
  10. Trojaner TR/Buzus.iias + TR/Buzus.ihys + Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.akm
    Plagegeister aller Art und deren Bekämpfung - 14.09.2011 (38)
  11. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  12. TrojWare.Win32.Trojan.Agent.Gen@146264662 in systempack107_2121.exe
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (39)
  13. Virenmeldung TrojWare.Win32.Krap.T@-1
    Plagegeister aller Art und deren Bekämpfung - 17.12.2010 (1)
  14. Trojaner eingefangen, Trojan.win32.buzus.dajg, Kaspersky kann es nicht beseitigen
    Log-Analyse und Auswertung - 03.10.2010 (1)
  15. Windows 7 Bifrose - win32.buzus.dxpu
    Log-Analyse und Auswertung - 09.05.2010 (3)
  16. TR/Buzus.ctwt und DR/Buzus.ctwt - Trojaner wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (9)
  17. Trojan-Spy.Win32.Pophot.gzv / Trojan.Win32.Buzus.alwl / Virus.Win32.Virut.ce
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (1)

Zum Thema TrojWare.Win32.Buzus.carj@283207124 - Hallo! Ich habe vor kurzem die Comodo Freeware installiert, und sie hat den genannten Trojaner an drei Stellen entdeckt und in Quarantäne gesteckt: C:\Windows\Temp\restart.exe C:\Windows\Temp\Hinfo.exe C:\Windows\Temp\status.exe Ich habe den / - TrojWare.Win32.Buzus.carj@283207124...
Archiv
Du betrachtest: TrojWare.Win32.Buzus.carj@283207124 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.