| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Temp msotyqr.bat konnte nicht geladen oder gestartet werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.01.2013, 23:15
| #1 |
 |  Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hallo zusammen, habe seit Sonntag die oben genannte Fehlermeldung beim Hochfahren des Notebooks. Vorher habe ich Malwarebytes als auch Anti-Vir über meinen Rechner laufen lassen, weil die Windows Programme nicht mehr gestartet sind und ich auch nicht mehr in's Netz kam. Es wurden Trojaner und Würmer gefunden die nun gelöscht wurden. Seid dem läuft der Rechner wieder, allerdings ist die oben genannte Meldung noch vohanden. Soll ich hier nun meine OTL und Extras posten? Freue mich über Info. Toffkris |
|
08.01.2013, 23:18
| #2 |
| /// Malware-holic   | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hi, ne erst mal die Logs mit Funden, sonst wissen wir ja gar nicht, was auf dem PC war.
__________________Öffne Avira, verwaltung, Quarantäne, poste Funde mit Pfadangaben. poste auch Malwarebytes Logs: http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
|
08.01.2013, 23:35
| #3 |
| | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Vielen Dank für die schnelle Antwort. Ich hoffe ich mache das mit den Codes korrekt!
__________________ bei Avira habe ich leider schon die Quarantäne gelöscht! Verdammich! Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.06.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 :: [Administrator] 07.01.2013 07:07:18 mbam-log-2013-01-07 (07-07-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211706 Laufzeit: 7 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\\Local Settings\Temp\msotyqr.bat (Trojan.Vbcrypt) -> 4664 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Lavasoft (Trojan.Vbcrypt) -> Daten: C:\Users\\AppData\Roaming\81CE7B\81CE7B.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\\LOCALS~1\Temp\msotyqr.bat -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\\LOCALS~1\Temp\msotyqr.bat -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1X1F7AUF5HVX3C3WVYQMXNMGH (Trojan.SpyEyes.Gen) -> Daten: C:\config.bin\9A052F918CF.exe /q -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Vbcrypt) -> Bösartig: (C:\Users\\LOCALS~1\Temp\msotyqr.bat) Gut: () -> Löschen bei Neustart. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\\Local Settings\Temp\msotyqr.bat (Trojan.Vbcrypt) -> Löschen bei Neustart. C:\Users\\AppData\Roaming\81CE7B\81CE7B.exe (Trojan.Vbcrypt) -> Löschen bei Neustart. C:\Users\\AppData\Local\Temp\00621f44.exe (Trojan.Vbcrypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\\AppData\Roaming\nMNtffsdf5ev.exe (Trojan.Vbcrypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von toffkris (08.01.2013 um 23:44 Uhr) |
|
09.01.2013, 00:03
| #4 |
| /// Malware-holic | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hi avira öffnen, ereignisse, dort Fundmeldungen raussuchen. Avira, berichte, fundberichte raussuchen und posten. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 08:21
| #5 |
| | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Guten Morgen Markus, hier die Avira Fundberichte: Exportierte Ereignisse: 09.01.2013 07:55 [Echtzeit Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 12.3.0.15 Engine Version: 8.2.10.226 VDF Version: 7.11.56.106 09.01.2013 07:55 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 12.3.0.15 Engine Version: 8.2.10.226 VDF Version: 7.11.56.106 09.01.2013 07:55 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 12.3.0.15 08.01.2013 23:47 [Echtzeit Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 08.01.2013 23:47 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 08.01.2013 23:04 [Echtzeit Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 12.3.0.15 Engine Version: 8.2.10.226 VDF Version: 7.11.56.106 08.01.2013 23:04 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 12.3.0.15 Engine Version: 8.2.10.226 VDF Version: 7.11.56.106 und hier die OTL: [CODE][OTL logfile created on: 08.01.2013 22:46:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ekel\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,23% Memory free 6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 45,08 Gb Free Space | 30,25% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 39,49 Gb Free Space | 28,36% Space Free | Partition Type: NTFS Computer Name: EKEL-PC | User Name: ekel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.08 22:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ekel\Desktop\OTL.exe PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\ekel\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.08.08 22:17:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.13 03:22:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.13 03:22:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.13 03:22:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.05.25 17:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.14 12:58:45 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2008.08.19 18:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008.07.30 01:34:34 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.07.15 19:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2008.07.15 19:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2008.07.10 01:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008.06.24 04:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008.06.19 20:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008.06.18 06:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.06.13 06:52:51 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.06.12 05:52:18 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe PRC - [2008.06.12 05:52:08 | 000,212,992 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe PRC - [2008.06.04 01:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.05.20 01:15:06 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe PRC - [2008.03.18 05:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.01.23 18:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.02.07 09:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008.07.30 01:27:20 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll MOD - [2008.06.12 05:52:20 | 000,778,240 | ---- | M] () -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.06.12 05:52:16 | 000,007,680 | ---- | M] () -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvcPS.dll MOD - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.11.12 23:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV - [2012.12.15 12:57:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.13 03:22:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.13 03:22:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.21 02:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2008.03.18 05:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.02.07 09:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2006.06.22 02:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll -- (ASChannel) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\I386\AsProcOb.sys -- (ASUSProcObsrv) DRV - [2012.05.13 03:22:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.13 03:22:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.07 09:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009.04.11 05:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008.07.25 09:30:59 | 007,547,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.25 06:05:05 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.06.24 23:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.06.03 22:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 18:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby) DRV - [2008.05.20 01:15:42 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.05.13 07:35:23 | 001,772,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.21 05:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.14 22:56:01 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.12.19 01:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.11.02 12:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) DRV - [2007.11.02 12:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 12:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) DRV - [2007.11.02 12:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 12:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) DRV - [2007.11.02 12:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.30 19:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.06.17 05:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2006.12.14 23:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\ekel\Music IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{207511D0-A61C-48bc-90BC-CF53D8E7D14A}: "URL" = hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.12 18:55:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.12 18:55:00 | 000,000,000 | ---D | M] [2011.03.02 19:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ekel\AppData\Roaming\mozilla\Extensions [2012.11.13 22:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ekel\AppData\Roaming\mozilla\Firefox\Profiles\w935rsxy.default\extensions [2011.03.05 00:38:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ekel\AppData\Roaming\mozilla\Firefox\Profiles\w935rsxy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.28 16:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2008.11.01 18:15:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.04.26 18:14:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 02:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml [2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule File not found O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PCMAgent] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - Startup: C:\Users\ekel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ekel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\ekel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\ekel\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies) F3 - HKCU WinNT: Load - (C:\Users\ekel\LOCALS~1\Temp\msotyqr.bat) - File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab (B+S Banksysteme AG DDBAC Plug-In) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AA7C740-CDF3-44BC-BB39-E22C246FDD05}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B07D2F33-1C44-45F5-B05E-7AC4201CADF2}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\ekel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\ekel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{48a60db2-da44-11dd-bd46-0023545484ac}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\{875eb078-a1cd-11e0-933d-0023545484ac}\Shell - "" = AutoRun O33 - MountPoints2\{875eb078-a1cd-11e0-933d-0023545484ac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 22:45:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ekel\Desktop\OTL.exe [2013.01.08 18:57:57 | 000,000,000 | ---D | C] -- C:\Users\ekel\LOCALS~1 [2013.01.08 18:38:09 | 000,000,000 | ---D | C] -- C:\Users\ekel\AppData\Roaming\Auslogics [2013.01.08 18:35:50 | 007,034,560 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Users\ekel\Desktop\registry-cleaner-setup_2405.exe [2013.01.07 18:43:37 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Users\ekel\Desktop\ccsetup326.exe [2013.01.07 14:32:24 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Busta Rhymes Reek Da Villain J Doe - Catastroph (DatPiff.com) [2013.01.07 14:31:29 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Papoose - Most Hated Alive (DatPiff.com) [2013.01.07 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Wale - Folarin (DatPiff.com) [2013.01.06 21:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.06 21:11:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.06 21:09:46 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ekel\Documents\mbam-setup-1.70.0.1100.exe [2013.01.06 19:07:44 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Österreich 2012 [2013.01.06 18:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012.12.27 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\Liquid Lalilulelo [2012.12.24 13:09:36 | 000,000,000 | ---D | C] -- C:\Users\ekel\AppData\Roaming\Blender Foundation [2012.12.23 15:12:22 | 000,000,000 | ---D | C] -- C:\Users\ekel\Documents\BioWare [2012.12.23 14:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2 [2012.12.23 14:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare [2012.12.15 22:23:30 | 000,000,000 | ---D | C] -- C:\Users\ekel\Desktop\101_PANA [2012.12.15 15:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.15 15:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.15 15:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.15 15:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.13 21:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.13 21:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010.11.13 15:30:36 | 081,893,672 | ---- | C] (Apple Inc.) -- C:\Users\ekel\iTunesSetup.exe [21 C:\Users\ekel\Documents\*.tmp files -> C:\Users\ekel\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.08 22:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ekel\Desktop\OTL.exe [2013.01.08 22:40:14 | 000,094,588 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.01.08 22:34:03 | 000,000,000 | ---- | M] () -- C:\Users\ekel\defogger_reenable [2013.01.08 22:32:34 | 000,050,477 | ---- | M] () -- C:\Users\ekel\Desktop\Defogger.exe [2013.01.08 22:31:44 | 004,331,248 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.08 22:31:44 | 001,717,346 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.08 22:31:44 | 001,345,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.08 22:31:44 | 001,175,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.08 22:24:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2013.01.08 22:24:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 22:24:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 22:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.08 22:23:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.01.08 22:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013.01.08 21:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.08 21:38:35 | 000,008,268 | ---- | M] () -- C:\Users\ekel\AppData\Local\d3d9caps.dat [2013.01.08 21:34:37 | 000,000,714 | ---- | M] () -- C:\Users\ekel\Documents\cc_20130108_213429.reg [2013.01.08 18:35:50 | 007,034,560 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Users\ekel\Desktop\registry-cleaner-setup_2405.exe [2013.01.07 18:50:52 | 000,368,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.07 18:47:17 | 000,151,748 | ---- | M] () -- C:\Users\ekel\Documents\cc_20130107_184634.reg [2013.01.07 18:43:43 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Users\ekel\Desktop\ccsetup326.exe [2013.01.06 21:11:13 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.06 21:10:12 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ekel\Documents\mbam-setup-1.70.0.1100.exe [2013.01.06 19:12:38 | 000,212,480 | ---- | M] () -- C:\Users\ekel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.06 09:30:01 | 000,000,957 | ---- | M] () -- C:\Users\ekel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.06 09:29:45 | 000,000,923 | ---- | M] () -- C:\Users\ekel\Desktop\Dropbox.lnk [2012.12.28 07:55:59 | 000,094,588 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.12.27 19:00:11 | 000,011,848 | -HS- | M] () -- C:\Users\ekel\Desktop\Folder.jpg [2012.12.27 19:00:11 | 000,002,539 | -HS- | M] () -- C:\Users\ekel\Desktop\AlbumArtSmall.jpg [2012.12.24 12:53:48 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.15 15:33:16 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [21 C:\Users\ekel\Documents\*.tmp files -> C:\Users\ekel\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.08 22:34:03 | 000,000,000 | ---- | C] () -- C:\Users\ekel\defogger_reenable [2013.01.08 22:32:34 | 000,050,477 | ---- | C] () -- C:\Users\ekel\Desktop\Defogger.exe [2013.01.08 21:34:32 | 000,000,714 | ---- | C] () -- C:\Users\ekel\Documents\cc_20130108_213429.reg [2013.01.07 18:50:31 | 000,368,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.07 18:46:38 | 000,151,748 | ---- | C] () -- C:\Users\ekel\Documents\cc_20130107_184634.reg [2013.01.06 21:11:13 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.15 15:33:16 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.13 22:02:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.13 22:02:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2011.12.05 20:28:30 | 000,000,843 | ---- | C] () -- C:\Users\ekel\.recently-used.xbel [2011.11.25 08:08:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.21 22:48:43 | 000,004,096 | -H-- | C] () -- C:\Users\ekel\AppData\Local\keyfile3.drm [2010.12.11 21:46:14 | 000,000,092 | ---- | C] () -- C:\Users\ekel\AppData\Local\fusioncache.dat [2010.12.11 21:31:44 | 000,139,152 | ---- | C] () -- C:\Users\ekel\AppData\Roaming\PnkBstrK.sys [2008.12.01 00:15:11 | 000,029,239 | ---- | C] () -- C:\Users\ekel\AppData\Roaming\UserTile.png [2008.11.09 20:13:59 | 000,008,268 | ---- | C] () -- C:\Users\ekel\AppData\Local\d3d9caps.dat [2008.11.07 19:01:38 | 000,212,480 | ---- | C] () -- C:\Users\ekel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.02 18:52:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.11.02 11:47:37 | 000,094,588 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.11.02 11:47:29 | 000,094,588 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.11.01 15:58:39 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat [2008.07.02 03:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.07 07:17:00 | 000,000,000 | -HSD | M] -- C:\Users\ekel\AppData\Roaming\81CE7B [2011.11.21 20:12:48 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Ableton [2009.10.19 21:19:16 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\ASCOMP Software [2010.03.18 07:41:11 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Audacity [2013.01.08 18:38:09 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Auslogics [2011.12.26 19:26:43 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Bioshock2 [2012.12.24 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Blender Foundation [2012.05.20 08:59:50 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\DataDesign [2013.01.08 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Dropbox [2012.11.13 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\GameRanger [2010.06.13 16:25:34 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\gtk-2.0 [2008.11.01 18:27:29 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\ICQ [2009.03.19 20:18:42 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\PeaZip [2008.12.01 00:15:11 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\PeerNetworking [2011.04.06 08:38:57 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\Softland [2011.04.06 08:26:18 | 000,000,000 | ---D | M] -- C:\Users\ekel\AppData\Roaming\WordToPDF ========== Purity Check ========== /CODE] |
|
09.01.2013, 14:53
| #6 |
| /// Malware-holic | Temp msotyqr.bat konnte nicht geladen oder gestartet werden hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
F3 - HKCU WinNT: Load - (C:\Users\ekel\LOCALS~1\Temp\msotyqr.bat) - File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ --> Temp msotyqr.bat konnte nicht geladen oder gestartet werden |
|
09.01.2013, 15:13
| #7 |
| | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hallo! Hier der Inhalt des Textdokuments: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\ekel\LOCALS~1\Temp\msotyqr.bat deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: ekel ->Flash cache emptied: 3347 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User User: ekel ->Temp folder emptied: 798726 bytes ->Temporary Internet Files folder emptied: 505158177 bytes ->FireFox cache emptied: 57483764 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1626432 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 539,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01092013_150843 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
09.01.2013, 15:22
| #8 |
| /// Malware-holic | Temp msotyqr.bat konnte nicht geladen oder gestartet werden download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 15:43
| #9 |
| | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hier der LOG: 15:31:32.0126 3792 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:31:32.0313 3792 ============================================================ 15:31:32.0313 3792 Current date / time: 2013/01/09 15:31:32.0313 15:31:32.0313 3792 SystemInfo: 15:31:32.0313 3792 15:31:32.0313 3792 OS Version: 6.0.6002 ServicePack: 2.0 15:31:32.0313 3792 Product type: Workstation 15:31:32.0313 3792 ComputerName: EKEL-PC 15:31:32.0313 3792 UserName: ekel 15:31:32.0313 3792 Windows directory: C:\Windows 15:31:32.0313 3792 System windows directory: C:\Windows 15:31:32.0313 3792 Processor architecture: Intel x86 15:31:32.0313 3792 Number of processors: 2 15:31:32.0313 3792 Page size: 0x1000 15:31:32.0313 3792 Boot type: Normal boot 15:31:32.0313 3792 ============================================================ 15:31:32.0828 3792 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:31:32.0828 3792 ============================================================ 15:31:32.0828 3792 \Device\Harddisk0\DR0: 15:31:32.0828 3792 MBR partitions: 15:31:32.0828 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0x12A14C00 15:31:32.0844 3792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D9D77A, BlocksNum 0x1168FF47 15:31:32.0844 3792 ============================================================ 15:31:32.0890 3792 C: <-> \Device\Harddisk0\DR0\Partition1 15:31:32.0922 3792 D: <-> \Device\Harddisk0\DR0\Partition2 15:31:32.0922 3792 ============================================================ 15:31:32.0922 3792 Initialize success 15:31:32.0922 3792 ============================================================ 15:32:28.0083 0836 ============================================================ 15:32:28.0083 0836 Scan started 15:32:28.0083 0836 Mode: Manual; SigCheck; TDLFS; 15:32:28.0083 0836 ============================================================ 15:32:28.0863 0836 ================ Scan system memory ======================== 15:32:28.0863 0836 System memory - ok 15:32:28.0863 0836 ================ Scan services ============================= 15:32:29.0097 0836 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 15:32:29.0238 0836 ACPI - ok 15:32:29.0316 0836 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:32:29.0331 0836 AdobeFlashPlayerUpdateSvc - ok 15:32:29.0409 0836 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:32:29.0440 0836 adp94xx - ok 15:32:29.0456 0836 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:32:29.0472 0836 adpahci - ok 15:32:29.0518 0836 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 15:32:29.0534 0836 adpu160m - ok 15:32:29.0550 0836 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:32:29.0565 0836 adpu320 - ok 15:32:29.0628 0836 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:32:29.0768 0836 AeLookupSvc - ok 15:32:29.0815 0836 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 15:32:29.0908 0836 AFD - ok 15:32:29.0955 0836 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe 15:32:30.0033 0836 AgereModemAudio - ok 15:32:30.0111 0836 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 15:32:30.0174 0836 AgereSoftModem - ok 15:32:30.0220 0836 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:32:30.0236 0836 agp440 - ok 15:32:30.0283 0836 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 15:32:30.0298 0836 aic78xx - ok 15:32:30.0298 0836 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 15:32:30.0454 0836 ALG - ok 15:32:30.0470 0836 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 15:32:30.0486 0836 aliide - ok 15:32:30.0548 0836 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:32:30.0564 0836 amdagp - ok 15:32:30.0595 0836 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 15:32:30.0610 0836 amdide - ok 15:32:30.0657 0836 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 15:32:30.0688 0836 AmdK7 - ok 15:32:30.0704 0836 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:32:30.0751 0836 AmdK8 - ok 15:32:30.0876 0836 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:32:30.0907 0836 AntiVirSchedulerService - ok 15:32:30.0938 0836 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:32:30.0954 0836 AntiVirService - ok 15:32:30.0985 0836 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 15:32:31.0047 0836 Appinfo - ok 15:32:31.0156 0836 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:32:31.0172 0836 Apple Mobile Device - ok 15:32:31.0219 0836 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 15:32:31.0250 0836 arc - ok 15:32:31.0281 0836 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:32:31.0297 0836 arcsas - ok 15:32:31.0390 0836 [ 2EEDA27C19259C2340324EF7180D086B ] ASBroker C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 15:32:31.0437 0836 ASBroker ( UnsignedFile.Multi.Generic ) - warning 15:32:31.0437 0836 ASBroker - detected UnsignedFile.Multi.Generic (1) 15:32:31.0468 0836 [ BB3C0521ECCA4BB17AC55EB640DF0FA5 ] ASChannel C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll 15:32:31.0500 0836 ASChannel ( UnsignedFile.Multi.Generic ) - warning 15:32:31.0500 0836 ASChannel - detected UnsignedFile.Multi.Generic (1) 15:32:31.0609 0836 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe 15:32:31.0640 0836 ASLDRService ( UnsignedFile.Multi.Generic ) - warning 15:32:31.0640 0836 ASLDRService - detected UnsignedFile.Multi.Generic (1) 15:32:31.0671 0836 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys 15:32:31.0687 0836 ASMMAP - ok 15:32:31.0827 0836 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:32:31.0827 0836 aspnet_state - ok 15:32:31.0874 0836 ASUSProcObsrv - ok 15:32:31.0890 0836 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:32:31.0952 0836 AsyncMac - ok 15:32:31.0999 0836 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 15:32:31.0999 0836 atapi - ok 15:32:32.0046 0836 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe 15:32:32.0077 0836 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning 15:32:32.0077 0836 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1) 15:32:32.0108 0836 [ F70D2392158CB68E775F8C4CD3D12FBB ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys 15:32:32.0124 0836 ATSWPDRV - ok 15:32:32.0186 0836 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:32:32.0233 0836 AudioEndpointBuilder - ok 15:32:32.0233 0836 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:32:32.0264 0836 Audiosrv - ok 15:32:32.0311 0836 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:32:32.0326 0836 avgntflt - ok 15:32:32.0389 0836 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:32:32.0404 0836 avipbb - ok 15:32:32.0451 0836 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:32:32.0467 0836 avkmgr - ok 15:32:32.0514 0836 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 15:32:32.0560 0836 Beep - ok 15:32:32.0623 0836 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 15:32:32.0670 0836 BFE - ok 15:32:32.0794 0836 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 15:32:32.0888 0836 BITS - ok 15:32:32.0935 0836 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:32:32.0982 0836 blbdrive - ok 15:32:33.0106 0836 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:32:33.0122 0836 Bonjour Service - ok 15:32:33.0169 0836 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:32:33.0231 0836 bowser - ok 15:32:33.0278 0836 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 15:32:33.0309 0836 BrFiltLo - ok 15:32:33.0325 0836 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 15:32:33.0372 0836 BrFiltUp - ok 15:32:33.0418 0836 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 15:32:33.0465 0836 Browser - ok 15:32:33.0496 0836 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 15:32:33.0684 0836 Brserid - ok 15:32:33.0730 0836 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 15:32:33.0824 0836 BrSerWdm - ok 15:32:33.0855 0836 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 15:32:33.0949 0836 BrUsbMdm - ok 15:32:33.0980 0836 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 15:32:34.0042 0836 BrUsbSer - ok 15:32:34.0089 0836 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 15:32:34.0120 0836 BthEnum - ok 15:32:34.0167 0836 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:32:34.0245 0836 BTHMODEM - ok 15:32:34.0261 0836 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 15:32:34.0292 0836 BthPan - ok 15:32:34.0354 0836 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 15:32:34.0464 0836 BTHPORT - ok 15:32:34.0526 0836 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll 15:32:34.0620 0836 BthServ - ok 15:32:34.0666 0836 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 15:32:34.0698 0836 BTHUSB - ok 15:32:34.0744 0836 [ 463483285B2D2D345443AAEE7B9391E7 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 15:32:34.0760 0836 btwaudio - ok 15:32:34.0776 0836 [ 4F82B6173EF8637CB26CF4E73B90F172 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 15:32:34.0791 0836 btwavdt - ok 15:32:34.0854 0836 [ B78D1ACA1BBD0077848D9F87C8207AB1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 15:32:34.0869 0836 btwdins - ok 15:32:34.0900 0836 [ ECB98391C756A7B9CFBAE89D9D1235E1 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 15:32:34.0916 0836 btwl2cap - ok 15:32:34.0932 0836 [ F771034F5B59A4A5054A2FA6F4E9F28B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 15:32:34.0947 0836 btwrchid - ok 15:32:34.0963 0836 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:32:35.0025 0836 cdfs - ok 15:32:35.0072 0836 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:32:35.0119 0836 cdrom - ok 15:32:35.0166 0836 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 15:32:35.0197 0836 CertPropSvc - ok 15:32:35.0244 0836 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:32:35.0290 0836 circlass - ok 15:32:35.0353 0836 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 15:32:35.0368 0836 CLFS - ok 15:32:35.0415 0836 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:32:35.0415 0836 clr_optimization_v2.0.50727_32 - ok 15:32:35.0509 0836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:32:35.0524 0836 clr_optimization_v4.0.30319_32 - ok 15:32:35.0556 0836 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:32:35.0602 0836 CmBatt - ok 15:32:35.0618 0836 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:32:35.0634 0836 cmdide - ok 15:32:35.0649 0836 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:32:35.0665 0836 Compbatt - ok 15:32:35.0680 0836 COMSysApp - ok 15:32:35.0680 0836 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:32:35.0696 0836 crcdisk - ok 15:32:35.0712 0836 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 15:32:35.0774 0836 Crusoe - ok 15:32:35.0821 0836 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:32:35.0883 0836 CryptSvc - ok 15:32:35.0946 0836 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:32:35.0992 0836 DcomLaunch - ok 15:32:36.0024 0836 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:32:36.0055 0836 DfsC - ok 15:32:36.0226 0836 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 15:32:36.0429 0836 DFSR - ok 15:32:36.0507 0836 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 15:32:36.0585 0836 Dhcp - ok 15:32:36.0648 0836 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 15:32:36.0663 0836 disk - ok 15:32:36.0694 0836 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:32:36.0757 0836 Dnscache - ok 15:32:36.0788 0836 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:32:36.0819 0836 dot3svc - ok 15:32:36.0850 0836 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 15:32:36.0897 0836 DPS - ok 15:32:36.0928 0836 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:32:36.0975 0836 drmkaud - ok 15:32:37.0053 0836 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:32:37.0084 0836 DXGKrnl - ok 15:32:37.0100 0836 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 15:32:37.0147 0836 E1G60 - ok 15:32:37.0194 0836 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 15:32:37.0240 0836 EapHost - ok 15:32:37.0303 0836 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 15:32:37.0318 0836 Ecache - ok 15:32:37.0365 0836 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:32:37.0428 0836 ehRecvr - ok 15:32:37.0459 0836 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 15:32:37.0506 0836 ehSched - ok 15:32:37.0521 0836 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 15:32:37.0552 0836 ehstart - ok 15:32:37.0599 0836 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:32:37.0646 0836 elxstor - ok 15:32:37.0740 0836 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 15:32:37.0864 0836 EMDMgmt - ok 15:32:37.0911 0836 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:32:37.0942 0836 ErrDev - ok 15:32:38.0020 0836 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 15:32:38.0067 0836 EventSystem - ok 15:32:38.0098 0836 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 15:32:38.0192 0836 exfat - ok 15:32:38.0254 0836 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:32:38.0301 0836 fastfat - ok 15:32:38.0348 0836 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:32:38.0395 0836 fdc - ok 15:32:38.0426 0836 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 15:32:38.0457 0836 fdPHost - ok 15:32:38.0504 0836 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 15:32:38.0566 0836 FDResPub - ok 15:32:38.0598 0836 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:32:38.0629 0836 FileInfo - ok 15:32:38.0644 0836 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:32:38.0691 0836 Filetrace - ok 15:32:38.0722 0836 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:32:38.0785 0836 flpydisk - ok 15:32:38.0847 0836 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:32:38.0878 0836 FltMgr - ok 15:32:38.0972 0836 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 15:32:39.0081 0836 FontCache - ok 15:32:39.0190 0836 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:32:39.0190 0836 FontCache3.0.0.0 - ok 15:32:39.0253 0836 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:32:39.0315 0836 Fs_Rec - ok 15:32:39.0346 0836 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:32:39.0362 0836 gagp30kx - ok 15:32:39.0424 0836 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:32:39.0440 0836 GEARAspiWDM - ok 15:32:39.0502 0836 [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 15:32:39.0518 0836 ghaio - ok 15:32:39.0705 0836 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 15:32:39.0752 0836 gpsvc - ok 15:32:39.0799 0836 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:32:39.0877 0836 HdAudAddService - ok 15:32:40.0048 0836 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:32:40.0111 0836 HDAudBus - ok 15:32:40.0142 0836 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:32:40.0236 0836 HidBth - ok 15:32:40.0282 0836 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:32:40.0345 0836 HidIr - ok 15:32:40.0392 0836 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 15:32:40.0438 0836 hidserv - ok 15:32:40.0470 0836 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:32:40.0501 0836 HidUsb - ok 15:32:40.0532 0836 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:32:40.0563 0836 hkmsvc - ok 15:32:40.0626 0836 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 15:32:40.0657 0836 HpCISSs - ok 15:32:40.0719 0836 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:32:40.0875 0836 HTTP - ok 15:32:40.0938 0836 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 15:32:40.0953 0836 i2omp - ok 15:32:41.0000 0836 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:32:41.0047 0836 i8042prt - ok 15:32:41.0094 0836 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 15:32:41.0109 0836 iaStor - ok 15:32:41.0218 0836 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 15:32:41.0234 0836 iaStorV - ok 15:32:41.0390 0836 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 15:32:41.0437 0836 IDriverT ( UnsignedFile.Multi.Generic ) - warning 15:32:41.0452 0836 IDriverT - detected UnsignedFile.Multi.Generic (1) 15:32:41.0718 0836 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:32:41.0796 0836 idsvc - ok 15:32:41.0842 0836 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:32:41.0874 0836 iirsp - ok 15:32:42.0045 0836 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 15:32:42.0264 0836 IKEEXT - ok 15:32:42.0560 0836 [ 23EBCEE9AAA4D6C88728791FAB462456 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 15:32:42.0810 0836 IntcAzAudAddService - ok 15:32:42.0856 0836 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 15:32:42.0872 0836 intelide - ok 15:32:42.0903 0836 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:32:42.0934 0836 intelppm - ok 15:32:42.0981 0836 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:32:43.0044 0836 IPBusEnum - ok 15:32:43.0059 0836 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:32:43.0106 0836 IpFilterDriver - ok 15:32:43.0137 0836 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:32:43.0200 0836 iphlpsvc - ok 15:32:43.0215 0836 IpInIp - ok 15:32:43.0246 0836 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 15:32:43.0262 0836 IPMIDRV - ok 15:32:43.0293 0836 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 15:32:43.0340 0836 IPNAT - ok 15:32:43.0402 0836 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:32:43.0418 0836 iPod Service - ok 15:32:43.0449 0836 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:32:43.0496 0836 IRENUM - ok 15:32:43.0512 0836 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:32:43.0543 0836 isapnp - ok 15:32:43.0590 0836 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 15:32:43.0605 0836 iScsiPrt - ok 15:32:43.0636 0836 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 15:32:43.0652 0836 iteatapi - ok 15:32:43.0699 0836 [ 8BCD857C7932AD005D5F9C89329DA2E1 ] itecir C:\Windows\system32\DRIVERS\itecir.sys 15:32:43.0730 0836 itecir - ok 15:32:43.0746 0836 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 15:32:43.0761 0836 iteraid - ok 15:32:43.0777 0836 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:32:43.0792 0836 kbdclass - ok 15:32:43.0839 0836 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:32:43.0870 0836 kbdhid - ok 15:32:43.0902 0836 [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 15:32:43.0917 0836 kbfiltr - ok 15:32:43.0948 0836 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 15:32:44.0058 0836 KeyIso - ok 15:32:44.0151 0836 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:32:44.0182 0836 KSecDD - ok 15:32:44.0229 0836 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 15:32:44.0307 0836 KtmRm - ok 15:32:44.0370 0836 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 15:32:44.0432 0836 LanmanServer - ok 15:32:44.0479 0836 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:32:44.0557 0836 LanmanWorkstation - ok 15:32:44.0604 0836 Lavasoft Kernexplorer - ok 15:32:44.0635 0836 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:32:44.0682 0836 lltdio - ok 15:32:44.0713 0836 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:32:44.0744 0836 lltdsvc - ok 15:32:44.0775 0836 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:32:44.0838 0836 lmhosts - ok 15:32:44.0869 0836 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:32:44.0884 0836 LSI_FC - ok 15:32:44.0916 0836 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:32:44.0931 0836 LSI_SAS - ok 15:32:44.0947 0836 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:32:44.0962 0836 LSI_SCSI - ok 15:32:44.0978 0836 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 15:32:45.0025 0836 luafv - ok 15:32:45.0056 0836 [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys 15:32:45.0072 0836 lullaby - ok 15:32:45.0134 0836 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:32:45.0181 0836 Mcx2Svc - ok 15:32:45.0228 0836 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 15:32:45.0243 0836 megasas - ok 15:32:45.0290 0836 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 15:32:45.0321 0836 MegaSR - ok 15:32:45.0337 0836 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 15:32:45.0368 0836 MMCSS - ok 15:32:45.0399 0836 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 15:32:45.0446 0836 Modem - ok 15:32:45.0493 0836 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys 15:32:45.0540 0836 MODEMCSA - ok 15:32:45.0555 0836 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:32:45.0602 0836 monitor - ok 15:32:45.0618 0836 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:32:45.0664 0836 mouclass - ok 15:32:45.0680 0836 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:32:45.0711 0836 mouhid - ok 15:32:45.0727 0836 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 15:32:45.0742 0836 MountMgr - ok 15:32:45.0805 0836 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:32:45.0820 0836 MozillaMaintenance - ok 15:32:45.0867 0836 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 15:32:45.0883 0836 mpio - ok 15:32:45.0930 0836 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:32:45.0945 0836 mpsdrv - ok 15:32:46.0008 0836 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 15:32:46.0054 0836 MpsSvc - ok 15:32:46.0117 0836 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 15:32:46.0132 0836 Mraid35x - ok 15:32:46.0164 0836 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:32:46.0195 0836 MRxDAV - ok 15:32:46.0257 0836 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:32:46.0320 0836 mrxsmb - ok 15:32:46.0382 0836 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:32:46.0429 0836 mrxsmb10 - ok 15:32:46.0476 0836 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:32:46.0491 0836 mrxsmb20 - ok 15:32:46.0554 0836 [ DE77526BDE93142BDC90CFA9F5CEAD36 ] msahci C:\Windows\system32\drivers\msahci.sys 15:32:46.0569 0836 msahci - ok 15:32:46.0600 0836 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:32:46.0616 0836 msdsm - ok 15:32:46.0663 0836 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 15:32:46.0725 0836 MSDTC - ok 15:32:46.0725 0836 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:32:46.0756 0836 Msfs - ok 15:32:46.0803 0836 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:32:46.0819 0836 msisadrv - ok 15:32:46.0850 0836 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:32:46.0881 0836 MSiSCSI - ok 15:32:46.0881 0836 msiserver - ok 15:32:46.0912 0836 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:32:46.0944 0836 MSKSSRV - ok 15:32:46.0959 0836 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:32:46.0990 0836 MSPCLOCK - ok 15:32:47.0006 0836 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:32:47.0037 0836 MSPQM - ok 15:32:47.0100 0836 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:32:47.0115 0836 MsRPC - ok 15:32:47.0162 0836 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:32:47.0178 0836 mssmbios - ok 15:32:47.0193 0836 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:32:47.0256 0836 MSTEE - ok 15:32:47.0287 0836 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys 15:32:47.0318 0836 MTsensor - ok 15:32:47.0365 0836 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 15:32:47.0380 0836 Mup - ok 15:32:47.0396 0836 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 15:32:47.0458 0836 napagent - ok 15:32:47.0505 0836 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:32:47.0552 0836 NativeWifiP - ok 15:32:47.0599 0836 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:32:47.0614 0836 NDIS - ok 15:32:47.0646 0836 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:32:47.0677 0836 NdisTapi - ok 15:32:47.0708 0836 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:32:47.0739 0836 Ndisuio - ok 15:32:47.0802 0836 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:32:47.0848 0836 NdisWan - ok 15:32:47.0864 0836 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:32:47.0895 0836 NDProxy - ok 15:32:47.0926 0836 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:32:47.0958 0836 NetBIOS - ok 15:32:48.0020 0836 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 15:32:48.0067 0836 netbt - ok 15:32:48.0098 0836 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 15:32:48.0114 0836 Netlogon - ok 15:32:48.0160 0836 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 15:32:48.0223 0836 Netman - ok 15:32:48.0238 0836 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 15:32:48.0301 0836 netprofm - ok 15:32:48.0332 0836 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:32:48.0348 0836 NetTcpPortSharing - ok 15:32:48.0597 0836 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 15:32:48.0878 0836 NETw5v32 - ok 15:32:48.0909 0836 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:32:48.0925 0836 nfrd960 - ok 15:32:48.0956 0836 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:32:49.0018 0836 NlaSvc - ok 15:32:49.0050 0836 [ C82F4CC10AD315B6D6BCB14D0A7CAD66 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys 15:32:49.0128 0836 nmwcd - ok 15:32:49.0143 0836 [ 60EF5F5621D7832F00A3F190A0C905E2 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys 15:32:49.0174 0836 nmwcdc - ok 15:32:49.0221 0836 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:32:49.0252 0836 Npfs - ok 15:32:49.0299 0836 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 15:32:49.0362 0836 nsi - ok 15:32:49.0393 0836 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:32:49.0408 0836 nsiproxy - ok 15:32:49.0611 0836 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:32:49.0736 0836 Ntfs - ok 15:32:49.0814 0836 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 15:32:49.0892 0836 ntrigdigi - ok 15:32:49.0908 0836 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 15:32:49.0954 0836 Null - ok 15:32:49.0986 0836 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 15:32:50.0001 0836 NVHDA - ok 15:32:50.0360 0836 [ B5D2B15D3EBA77BEF9392FBEFB3DDDA0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:32:50.0797 0836 nvlddmkm - ok 15:32:50.0828 0836 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:32:50.0844 0836 nvraid - ok 15:32:50.0859 0836 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:32:50.0890 0836 nvstor - ok 15:32:50.0953 0836 [ C7D36F2077360216D1DB16B1B8F5AEA3 ] nvsvc C:\Windows\system32\nvvsvc.exe 15:32:51.0000 0836 nvsvc - ok 15:32:51.0015 0836 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:32:51.0031 0836 nv_agp - ok 15:32:51.0046 0836 NwlnkFlt - ok 15:32:51.0046 0836 NwlnkFwd - ok 15:32:51.0093 0836 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 15:32:51.0124 0836 ohci1394 - ok 15:32:51.0187 0836 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:32:51.0187 0836 ose - ok 15:32:51.0374 0836 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 15:32:51.0483 0836 p2pimsvc - ok 15:32:51.0514 0836 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 15:32:51.0655 0836 p2psvc - ok 15:32:51.0702 0836 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 15:32:51.0764 0836 Parport - ok 15:32:51.0842 0836 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:32:51.0920 0836 partmgr - ok 15:32:51.0967 0836 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 15:32:52.0014 0836 Parvdm - ok 15:32:52.0045 0836 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 15:32:52.0107 0836 PcaSvc - ok 15:32:52.0138 0836 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 15:32:52.0170 0836 pci - ok 15:32:52.0201 0836 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 15:32:52.0232 0836 pciide - ok 15:32:52.0263 0836 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:32:52.0279 0836 pcmcia - ok 15:32:52.0341 0836 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:32:52.0419 0836 PEAUTH - ok 15:32:52.0497 0836 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 15:32:52.0638 0836 pla - ok 15:32:52.0731 0836 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:32:52.0778 0836 PlugPlay - ok 15:32:52.0825 0836 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe 15:32:52.0840 0836 PnkBstrA - ok 15:32:52.0872 0836 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 15:32:52.0996 0836 PNRPAutoReg - ok 15:32:53.0059 0836 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 15:32:53.0121 0836 PNRPsvc - ok 15:32:53.0168 0836 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:32:53.0277 0836 PolicyAgent - ok 15:32:53.0355 0836 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:32:53.0371 0836 PptpMiniport - ok 15:32:53.0418 0836 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 15:32:53.0480 0836 Processor - ok 15:32:53.0527 0836 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 15:32:53.0574 0836 ProfSvc - ok 15:32:53.0589 0836 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 15:32:53.0605 0836 ProtectedStorage - ok 15:32:53.0652 0836 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 15:32:53.0667 0836 PSched - ok 15:32:53.0761 0836 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:32:53.0839 0836 ql2300 - ok 15:32:53.0901 0836 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:32:53.0932 0836 ql40xx - ok 15:32:53.0964 0836 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 15:32:53.0995 0836 QWAVE - ok 15:32:54.0010 0836 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:32:54.0057 0836 QWAVEdrv - ok 15:32:54.0057 0836 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:32:54.0088 0836 RasAcd - ok 15:32:54.0135 0836 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 15:32:54.0166 0836 RasAuto - ok 15:32:54.0213 0836 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:32:54.0244 0836 Rasl2tp - ok 15:32:54.0338 0836 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 15:32:54.0385 0836 RasMan - ok 15:32:54.0432 0836 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:32:54.0463 0836 RasPppoe - ok 15:32:54.0525 0836 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:32:54.0541 0836 RasSstp - ok 15:32:54.0572 0836 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:32:54.0588 0836 rdbss - ok 15:32:54.0634 0836 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:32:54.0681 0836 RDPCDD - ok 15:32:54.0712 0836 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 15:32:54.0744 0836 rdpdr - ok 15:32:54.0759 0836 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:32:54.0790 0836 RDPENCDD - ok 15:32:54.0853 0836 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:32:54.0915 0836 RDPWD - ok 15:32:54.0962 0836 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:32:55.0009 0836 RemoteAccess - ok 15:32:55.0056 0836 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:32:55.0087 0836 RemoteRegistry - ok 15:32:55.0149 0836 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 15:32:55.0165 0836 RFCOMM - ok 15:32:55.0212 0836 [ DED01A389926A89540B82373E4C550EE ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 15:32:55.0243 0836 rimmptsk - ok 15:32:55.0258 0836 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys 15:32:55.0305 0836 rimsptsk - ok 15:32:55.0321 0836 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys 15:32:55.0383 0836 rismxdp - ok 15:32:55.0414 0836 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 15:32:55.0461 0836 RpcLocator - ok 15:32:55.0477 0836 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 15:32:55.0555 0836 RpcSs - ok 15:32:55.0586 0836 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:32:55.0633 0836 rspndr - ok 15:32:55.0695 0836 [ ABBE0F54BA3A378262C9CB86CF7D91F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 15:32:55.0758 0836 RTL8169 - ok 15:32:55.0820 0836 [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus C:\Windows\system32\DRIVERS\s217bus.sys 15:32:55.0851 0836 s217bus - ok 15:32:55.0882 0836 [ A43C0AF0E46BE7EF0C7E8CCF0F058600 ] s217mdfl C:\Windows\system32\DRIVERS\s217mdfl.sys 15:32:55.0882 0836 s217mdfl - ok 15:32:55.0898 0836 [ 005F5DED1ED8F8A9D2399D765EAD20F1 ] s217mdm C:\Windows\system32\DRIVERS\s217mdm.sys 15:32:55.0914 0836 s217mdm - ok 15:32:55.0945 0836 [ 11CC5D7F992799E7E75D018E9C018563 ] s217nd5 C:\Windows\system32\DRIVERS\s217nd5.sys 15:32:55.0960 0836 s217nd5 - ok 15:32:55.0976 0836 [ 0F9F4045799AFB66B85EEF999D0609EC ] s217obex C:\Windows\system32\DRIVERS\s217obex.sys 15:32:55.0992 0836 s217obex - ok 15:32:56.0023 0836 [ 1C91E1023F07B6407D84B5A43537D984 ] s217unic C:\Windows\system32\DRIVERS\s217unic.sys 15:32:56.0038 0836 s217unic - ok 15:32:56.0070 0836 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 15:32:56.0070 0836 SamSs - ok 15:32:56.0116 0836 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:32:56.0132 0836 sbp2port - ok 15:32:56.0163 0836 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:32:56.0226 0836 SCardSvr - ok 15:32:56.0257 0836 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 15:32:56.0304 0836 Schedule - ok 15:32:56.0335 0836 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 15:32:56.0350 0836 SCPolicySvc - ok 15:32:56.0397 0836 [ 624795DF1993B955B0C0A03A4612F2EC ] SCR3XX2K C:\Windows\system32\DRIVERS\SCR3XX2K.sys 15:32:56.0428 0836 SCR3XX2K - ok 15:32:56.0475 0836 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 15:32:56.0506 0836 sdbus - ok 15:32:56.0538 0836 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:32:56.0600 0836 SDRSVC - ok 15:32:56.0631 0836 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:32:56.0678 0836 secdrv - ok 15:32:56.0709 0836 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 15:32:56.0740 0836 seclogon - ok 15:32:56.0772 0836 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 15:32:56.0818 0836 SENS - ok 15:32:56.0834 0836 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 15:32:56.0896 0836 Serenum - ok 15:32:56.0912 0836 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 15:32:56.0990 0836 Serial - ok 15:32:57.0052 0836 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:32:57.0084 0836 sermouse - ok 15:32:57.0115 0836 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 15:32:57.0162 0836 SessionEnv - ok 15:32:57.0177 0836 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 15:32:57.0193 0836 sffdisk - ok 15:32:57.0208 0836 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:32:57.0240 0836 sffp_mmc - ok 15:32:57.0286 0836 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 15:32:57.0318 0836 sffp_sd - ok 15:32:57.0364 0836 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 15:32:57.0411 0836 sfloppy - ok 15:32:57.0458 0836 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:32:57.0505 0836 SharedAccess - ok 15:32:57.0552 0836 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:32:57.0614 0836 ShellHWDetection - ok 15:32:57.0630 0836 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:32:57.0645 0836 sisagp - ok 15:32:57.0661 0836 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 15:32:57.0676 0836 SiSRaid2 - ok 15:32:57.0692 0836 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:32:57.0708 0836 SiSRaid4 - ok 15:32:57.0770 0836 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 15:32:57.0770 0836 SkypeUpdate - ok 15:32:57.0973 0836 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 15:32:58.0378 0836 slsvc - ok 15:32:58.0425 0836 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 15:32:58.0456 0836 SLUINotify - ok 15:32:58.0488 0836 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:32:58.0519 0836 Smb - ok 15:32:58.0597 0836 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys 15:32:58.0675 0836 smserial - ok 15:32:58.0737 0836 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:32:58.0768 0836 SNMPTRAP - ok 15:32:58.0893 0836 [ A709DFA1674C1ED61EF7B5F29B38EEB1 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 15:32:58.0987 0836 SNP2UVC - ok 15:32:59.0034 0836 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 15:32:59.0049 0836 spldr - ok 15:32:59.0096 0836 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 15:32:59.0096 0836 spmgr - ok 15:32:59.0205 0836 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 15:32:59.0268 0836 Spooler - ok 15:32:59.0314 0836 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:32:59.0361 0836 srv - ok 15:32:59.0408 0836 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:32:59.0455 0836 srv2 - ok 15:32:59.0486 0836 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:32:59.0502 0836 srvnet - ok 15:32:59.0533 0836 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:32:59.0564 0836 SSDPSRV - ok 15:32:59.0595 0836 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 15:32:59.0611 0836 ssmdrv - ok 15:32:59.0658 0836 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:32:59.0689 0836 SstpSvc - ok 15:32:59.0736 0836 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 15:32:59.0767 0836 StillCam - ok 15:32:59.0892 0836 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 15:32:59.0985 0836 stisvc - ok 15:33:00.0016 0836 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:33:00.0032 0836 swenum - ok 15:33:00.0079 0836 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 15:33:00.0141 0836 swprv - ok 15:33:00.0172 0836 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 15:33:00.0204 0836 Symc8xx - ok 15:33:00.0219 0836 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 15:33:00.0250 0836 Sym_hi - ok 15:33:00.0266 0836 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 15:33:00.0282 0836 Sym_u3 - ok 15:33:00.0313 0836 [ BE78198C69135EF1FA157E08FD5C90FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 15:33:00.0328 0836 SynTP - ok 15:33:00.0375 0836 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 15:33:00.0469 0836 SysMain - ok 15:33:00.0516 0836 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:33:00.0547 0836 TabletInputService - ok 15:33:00.0594 0836 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:33:00.0625 0836 TapiSrv - ok 15:33:00.0656 0836 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 15:33:00.0687 0836 TBS - ok 15:33:00.0859 0836 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:33:00.0999 0836 Tcpip - ok 15:33:01.0062 0836 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 15:33:01.0186 0836 Tcpip6 - ok 15:33:01.0249 0836 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:33:01.0296 0836 tcpipreg - ok 15:33:01.0311 0836 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:33:01.0358 0836 TDPIPE - ok 15:33:01.0389 0836 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:33:01.0405 0836 TDTCP - ok 15:33:01.0436 0836 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:33:01.0467 0836 tdx - ok 15:33:01.0530 0836 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:33:01.0561 0836 TermDD - ok 15:33:01.0576 0836 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 15:33:01.0623 0836 TermService - ok 15:33:01.0654 0836 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 15:33:01.0670 0836 Themes - ok 15:33:01.0717 0836 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 15:33:01.0748 0836 THREADORDER - ok 15:33:01.0795 0836 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 15:33:01.0857 0836 TrkWks - ok 15:33:01.0935 0836 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:33:01.0998 0836 TrustedInstaller - ok 15:33:02.0029 0836 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:33:02.0076 0836 tssecsrv - ok 15:33:02.0122 0836 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 15:33:02.0154 0836 tunmp - ok 15:33:02.0185 0836 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:33:02.0200 0836 tunnel - ok 15:33:02.0232 0836 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:33:02.0247 0836 uagp35 - ok 15:33:02.0310 0836 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:33:02.0372 0836 udfs - ok 15:33:02.0419 0836 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:33:02.0450 0836 UI0Detect - ok 15:33:02.0481 0836 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:33:02.0497 0836 uliagpkx - ok 15:33:02.0544 0836 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 15:33:02.0575 0836 uliahci - ok 15:33:02.0590 0836 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 15:33:02.0606 0836 UlSata - ok 15:33:02.0622 0836 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 15:33:02.0637 0836 ulsata2 - ok 15:33:02.0653 0836 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:33:02.0684 0836 umbus - ok 15:33:02.0700 0836 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 15:33:02.0762 0836 upnphost - ok 15:33:02.0793 0836 [ BB16932A4189E82D6C455042C11849B6 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 15:33:02.0840 0836 upperdev - ok 15:33:02.0902 0836 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 15:33:02.0934 0836 USBAAPL - ok 15:33:02.0965 0836 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:33:02.0996 0836 usbccgp - ok 15:33:03.0058 0836 [ 32C068EAF37C92D7194EEE1FAA1E7853 ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys 15:33:03.0105 0836 USBCCID - ok 15:33:03.0152 0836 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:33:03.0230 0836 usbcir - ok 15:33:03.0277 0836 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:33:03.0308 0836 usbehci - ok 15:33:03.0355 0836 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:33:03.0370 0836 usbhub - ok 15:33:03.0433 0836 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:33:03.0511 0836 usbohci - ok 15:33:03.0542 0836 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:33:03.0604 0836 usbprint - ok 15:33:03.0636 0836 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:33:03.0667 0836 usbscan - ok 15:33:03.0698 0836 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\DRIVERS\usbser.sys 15:33:03.0729 0836 usbser - ok 15:33:03.0760 0836 [ E748D50B3B2EC7F40A2BA67FB094CF01 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 15:33:03.0776 0836 UsbserFilt - ok 15:33:03.0807 0836 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:33:03.0854 0836 USBSTOR - ok 15:33:03.0885 0836 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:33:03.0901 0836 usbuhci - ok 15:33:03.0932 0836 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:33:03.0979 0836 usbvideo - ok 15:33:04.0010 0836 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 15:33:04.0057 0836 UxSms - ok 15:33:04.0135 0836 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 15:33:04.0197 0836 vds - ok 15:33:04.0244 0836 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:33:04.0275 0836 vga - ok 15:33:04.0306 0836 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 15:33:04.0369 0836 VgaSave - ok 15:33:04.0384 0836 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:33:04.0400 0836 viaagp - ok 15:33:04.0431 0836 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 15:33:04.0462 0836 ViaC7 - ok 15:33:04.0478 0836 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 15:33:04.0478 0836 viaide - ok 15:33:04.0525 0836 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:33:04.0540 0836 volmgr - ok 15:33:04.0634 0836 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:33:04.0665 0836 volmgrx - ok 15:33:04.0712 0836 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:33:04.0743 0836 volsnap - ok 15:33:04.0790 0836 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:33:04.0806 0836 vsmraid - ok 15:33:04.0884 0836 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 15:33:05.0008 0836 VSS - ok 15:33:05.0040 0836 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 15:33:05.0071 0836 W32Time - ok 15:33:05.0118 0836 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:33:05.0196 0836 WacomPen - ok 15:33:05.0242 0836 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 15:33:05.0274 0836 Wanarp - ok 15:33:05.0274 0836 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:33:05.0305 0836 Wanarpv6 - ok 15:33:05.0352 0836 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:33:05.0430 0836 wcncsvc - ok 15:33:05.0461 0836 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:33:05.0492 0836 WcsPlugInService - ok 15:33:05.0523 0836 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 15:33:05.0539 0836 Wd - ok 15:33:05.0617 0836 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:33:05.0648 0836 Wdf01000 - ok 15:33:05.0679 0836 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:33:05.0710 0836 WdiServiceHost - ok 15:33:05.0726 0836 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:33:05.0757 0836 WdiSystemHost - ok 15:33:05.0788 0836 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 15:33:05.0804 0836 WebClient - ok 15:33:05.0835 0836 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:33:05.0882 0836 Wecsvc - ok 15:33:05.0913 0836 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:33:05.0944 0836 wercplsupport - ok 15:33:05.0960 0836 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 15:33:05.0976 0836 WerSvc - ok 15:33:06.0038 0836 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:33:06.0054 0836 WinDefend - ok 15:33:06.0069 0836 WinHttpAutoProxySvc - ok 15:33:06.0163 0836 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:33:06.0194 0836 Winmgmt - ok 15:33:06.0256 0836 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 15:33:06.0366 0836 WinRM - ok 15:33:06.0475 0836 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:33:06.0600 0836 Wlansvc - ok 15:33:06.0662 0836 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 15:33:06.0709 0836 WmiAcpi - ok 15:33:06.0756 0836 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:33:06.0771 0836 wmiApSrv - ok 15:33:06.0865 0836 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:33:06.0990 0836 WMPNetworkSvc - ok 15:33:07.0021 0836 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:33:07.0068 0836 WPCSvc - ok 15:33:07.0146 0836 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:33:07.0224 0836 WPDBusEnum - ok 15:33:07.0270 0836 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 15:33:07.0302 0836 WpdUsb - ok 15:33:07.0395 0836 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:33:07.0442 0836 WPFFontCache_v0400 - ok 15:33:07.0442 0836 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:33:07.0473 0836 ws2ifsl - ok 15:33:07.0536 0836 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 15:33:07.0551 0836 wscsvc - ok 15:33:07.0551 0836 WSearch - ok 15:33:07.0692 0836 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 15:33:08.0035 0836 wuauserv - ok 15:33:08.0097 0836 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:33:08.0160 0836 WudfPf - ok 15:33:08.0191 0836 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:33:08.0206 0836 WUDFRd - ok 15:33:08.0253 0836 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:33:08.0269 0836 wudfsvc - ok 15:33:08.0300 0836 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 15:33:08.0362 0836 yukonwlh - ok 15:33:08.0456 0836 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl 15:33:08.0472 0836 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok 15:33:08.0487 0836 ================ Scan global =============================== 15:33:08.0518 0836 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 15:33:08.0550 0836 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:33:08.0581 0836 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:33:08.0643 0836 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 15:33:08.0659 0836 [Global] - ok 15:33:08.0659 0836 ================ Scan MBR ================================== 15:33:08.0674 0836 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0 15:33:09.0252 0836 \Device\Harddisk0\DR0 - ok 15:33:09.0252 0836 ================ Scan VBR ================================== 15:33:09.0283 0836 [ 63A840E1B59D2D7C909EB84F3D5DC062 ] \Device\Harddisk0\DR0\Partition1 15:33:09.0330 0836 \Device\Harddisk0\DR0\Partition1 - ok 15:33:09.0330 0836 [ B8274D868092CA08F5CACF55D47B5837 ] \Device\Harddisk0\DR0\Partition2 15:33:09.0330 0836 \Device\Harddisk0\DR0\Partition2 - ok 15:33:09.0330 0836 ============================================================ 15:33:09.0330 0836 Scan finished 15:33:09.0330 0836 ============================================================ 15:33:09.0345 3116 Detected object count: 5 15:33:09.0345 3116 Actual detected object count: 5 15:33:36.0864 3116 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:36.0864 3116 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:36.0864 3116 ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:36.0864 3116 ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:36.0864 3116 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:36.0864 3116 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:36.0864 3116 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:36.0864 3116 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:36.0864 3116 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:36.0864 3116 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
09.01.2013, 15:45
| #10 | |
| /// Malware-holic | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 16:47
| #11 |
| | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hier die nächste Logfile  :Combofix Logfile: Code:
ATTFilter ComboFix 13-01-08.01 - ekel 09.01.2013 16:31:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1985 [GMT 1:00]
ausgeführt von:: c:\users\ekel\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-09 bis 2013-01-09 ))))))))))))))))))))))))))))))
.
.
2013-01-09 15:38 . 2013-01-09 15:39 -------- d-----w- c:\users\ekel\AppData\Local\temp
2013-01-09 15:38 . 2013-01-09 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 14:08 . 2013-01-09 14:08 -------- d-----w- C:\_OTL
2013-01-09 12:50 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 12:49 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 12:49 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 12:48 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84FB0509-5EFB-47B6-83AB-DFD7B697FF80}\mpengine.dll
2013-01-08 17:57 . 2013-01-08 17:59 -------- d-----w- c:\users\ekel\LOCALS~1
2013-01-08 17:38 . 2013-01-08 17:38 -------- d-----w- c:\users\ekel\AppData\Roaming\Auslogics
2013-01-06 20:11 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 17:18 . 2013-01-06 17:18 -------- d-----w- c:\program files\Dropbox
2012-12-24 12:09 . 2012-12-24 12:09 -------- d-----w- c:\users\ekel\AppData\Roaming\Blender Foundation
2012-12-23 13:35 . 2012-12-23 14:09 -------- d-----w- c:\program files\Common Files\BioWare
2012-12-23 13:35 . 2012-12-23 13:54 -------- d-----w- c:\program files\Mass Effect 2
2012-12-21 18:39 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 18:39 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 14:32 . 2012-12-15 14:32 -------- d-----w- c:\program files\iPod
2012-12-15 14:32 . 2012-12-15 14:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-15 14:32 . 2012-12-15 14:33 -------- d-----w- c:\program files\iTunes
2012-12-13 21:02 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 21:02 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 21:02 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 21:02 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 21:02 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 21:02 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 21:02 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 21:02 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 21:02 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 21:02 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 21:02 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 20:58 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 20:56 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 20:49 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 20:49 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 20:37 . 2012-12-13 20:37 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 15:14 . 2008-10-14 12:09 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-12-15 11:57 . 2012-04-06 09:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 11:57 . 2011-05-16 21:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2012-04-21 01:18 . 2012-04-28 15:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\ekel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\ekel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\ekel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 1801064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe" [2008-06-12 196608]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"PCMAgent"="c:\program files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe" [2008-06-12 212992]
"PlayMovie"="c:\program files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe" [2008-05-20 172032]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-14 3054136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\users\ekel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ekel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
GameRanger.lnk - c:\users\ekel\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2012-10-27 1486560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:57]
.
2013-01-09 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.100
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab
FF - ProfilePath - c:\users\ekel\AppData\Roaming\Mozilla\Firefox\Profiles\w935rsxy.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-02 08:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-09 16:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\ASUS\AI TouchMedia\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-406565842-584222018-3088325611-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,52,68,26,66,fc,9c,22,8e,08,8e,ff,5b,50,1d,0b,a5,58,eb,78,30,
f2,84,26,33,3c,0c,0b,9c,eb,05,40,ec,34,37,7a,ec,d7,ab,b1,26,f5,51,65,4f,cc,\
"rkeysecu"=hex:3b,83,f4,b3,6d,c9,ca,78,87,81,ce,27,92,62,6f,bd
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1292)
c:\windows\system32\APSHook.dll
c:\users\ekel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2013-01-09 16:40:56
ComboFix-quarantined-files.txt 2013-01-09 15:40
ComboFix2.txt 2013-01-09 15:22
.
Vor Suchlauf: 13 Verzeichnis(se), 46.334.926.848 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 46.275.739.648 Bytes frei
.
- - End Of File - - 897DC3D8F86DD1EE1C689436450ED21A
|
|
09.01.2013, 16:54
| #12 |
| /// Malware-holic | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 07:24
| #13 |
| | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Moin Markus, sorry fürs lange Warten. Ich hab den Scan durchlaufen lassen, er findet auch nix, nur kann ich die Logdatei nicht posten, weil diese nicht gespeichert wird. Ich habe nur Logdateiein vom z.B. 08.01, weil ich dort schon mal den Scan durchgeführt habe. Bitte um Rat. Vielen Dank. |
|
10.01.2013, 14:39
| #14 |
| /// Malware-holic | Temp msotyqr.bat konnte nicht geladen oder gestartet werden dann lass das mit dem Log. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 14:56
| #15 |
| | Temp msotyqr.bat konnte nicht geladen oder gestartet werden Hier die Log des CC Cleaners: ANALYSE komplett - (0.320 Sek) ---------------------------------------------------------------------------------------------------- 0,14MB zu entfernen. (Ungefähre Größe) ---------------------------------------------------------------------------------------------------- Details der zu löschenden Dateien (Hinweis: Es wurden noch keine Dateien gelöscht) ---------------------------------------------------------------------------------------------------- Internet Explorer - Verlauf 16KB 1 Dateien Windows - MS Search 128KB 1 Dateien ------------------------------------------------------------------------------------------ C:\Users\ekel\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat 16KB C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS049BB.log 128KB |
|
| Themen zu Temp msotyqr.bat konnte nicht geladen oder gestartet werden |
| extras, fehlermeldung, gefunde, geladen, gelöscht, gestartet, hallo zusammen, hochfahren, konnte, laufe, laufen, malwarebytes, nicht geladen, nicht mehr, poste, posten, programme, rechner, sonntag, temp, troja, trojaner, windows, würmer, zusammen |
Linear-Darstellung
