Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Befall mit zBot Zeus, was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.01.2013, 00:38   #1
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Hallo!
Ich habe eine Email von der Telekom bekommen, dass ein PC bei uns von dem Trojaner Zbot Zeus befallen sein soll. Ich habe daraufhin Malwarebytes durchlaufen lassen mit folgendem Ergebnis:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tp :: TP-PC [Administrator]

Schutz: Aktiviert

1/10/2013 2:15:37 PM
mbam-log-2013-01-10 (14-15-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222038
Laufzeit: 3 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\tp\AppData\Roaming\Ogap\umyvx.exe (Trojan.Zbot) -> 4516 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{29EE5BB4-0161-AD41-1AA9-98C5185DBBD8} (Trojan.Zbot) -> Daten: C:\Users\tp\AppData\Roaming\Ogap\umyvx.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\tp\AppData\Roaming\Ogap\umyvx.exe (Trojan.Zbot) -> Löschen bei Neustart.
C:\Users\tp\AppData\Roaming\Ozidm\omuxi.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tp\AppData\Roaming\Sahu\kawo.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Die darauf folgenden Scans haben keinen Befall mehr ergeben.

Otl hat folgenden Logfile ergeben:

OTL logfile created on: 1/14/2013 12:16:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tp\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.89 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.67% Memory free
3.78 Gb Paging File | 1.74 Gb Available in Paging File | 45.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278.46 Gb Total Space | 235.51 Gb Free Space | 84.58% Space Free | Partition Type: NTFS

Computer Name: TP-PC | User Name: tp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/01/14 00:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tp\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/19 10:11:41 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/04/07 19:17:38 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2011/04/07 19:09:36 | 000,023,568 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2011/01/13 22:56:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/12/29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010/12/21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/10/01 16:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2009/05/16 02:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2007/09/06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe
PRC - [2007/08/10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 03:36:37 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/05 11:53:24 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 11:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/25 05:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/21 04:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/21 04:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/01 16:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/06/10 22:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2007/10/08 09:59:24 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.core.dll
MOD - [2007/10/08 09:59:24 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.common.dll
MOD - [2007/10/08 09:58:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/09/06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe
MOD - [2007/09/06 21:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoscw.dll
MOD - [2007/08/10 07:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/08/10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe
MOD - [2007/05/03 16:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodatr.dll
MOD - [2007/03/26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocats.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/01/13 22:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/10/07 15:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/09/20 21:33:06 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdocoms.exe -- (lxdo_device)
SRV:64bit: - [2007/07/17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/07 19:17:38 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2011/02/19 01:08:46 | 002,060,896 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2011/02/19 01:00:48 | 001,836,616 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan)
SRV - [2010/12/21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/07 15:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/07/21 21:48:20 | 000,596,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe -- (TmPfw)
SRV - [2010/07/21 21:44:22 | 000,917,840 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/20 21:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdocoms.exe -- (lxdo_device)
SRV - [2007/07/17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/10 18:17:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/10 18:17:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/20 14:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/13 09:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/14 18:09:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/01/14 18:08:42 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/01/14 18:08:42 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/01/14 18:08:42 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/01/14 18:08:40 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 23:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/24 17:21:32 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 02:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/11/09 02:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/11/09 02:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/16 01:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/29 19:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 20:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/03/19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/03/25 00:07:30 | 000,310,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2011/03/25 00:07:20 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/03/24 23:56:32 | 001,988,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE:64bit: - HKLM\..\SearchScopes\{716BA9ED-C560-4DF8-8B43-A04D37D0E568}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE - HKLM\..\SearchScopes\{716BA9ED-C560-4DF8-8B43-A04D37D0E568}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/02/10 17:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012/02/10 17:39:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\DELL\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdoamon] C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
O4:64bit: - HKLM..\Run: [lxdomon.exe] C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Lexmark 9500 Series] C:\Program Files (x86)\Lexmark 9500 Series\fm3032.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\DELL\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543287DF-6EB7-4B59-BE54-257A20B2CA8C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E82DFE87-2B54-4706-B787-C60B6AF411CB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/14 00:15:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tp\Desktop\OTL.exe
[2013/01/10 23:14:25 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\QuickScan
[2013/01/10 14:12:45 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\Malwarebytes
[2013/01/10 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/10 14:11:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 14:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 14:11:12 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Local\Programs
[2013/01/09 18:06:46 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 18:06:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 18:04:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 18:03:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 18:03:55 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 18:03:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 18:03:55 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 18:03:55 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 18:03:55 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 18:03:55 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 18:03:55 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 18:03:55 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 18:03:55 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 18:03:55 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 18:03:55 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 18:03:55 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 18:03:55 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 18:03:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 18:03:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 18:03:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 18:03:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 18:03:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 18:03:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 18:03:54 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 18:03:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 18:03:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 18:03:53 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 18:03:53 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 18:03:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 18:03:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 18:03:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 18:03:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 18:03:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 18:03:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 18:03:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 18:03:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 18:03:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 18:03:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 18:03:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 18:03:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 18:03:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 18:03:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 18:03:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 18:03:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 18:03:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 18:03:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 18:03:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 18:03:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 18:03:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 18:03:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 18:03:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 18:03:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 18:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 18:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 18:03:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 18:02:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/06 15:35:54 | 000,000,000 | R--D | C] -- C:\Users\tp\Dropbox
[2013/01/06 15:31:13 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\Dropbox
[2012/12/22 02:13:44 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/22 02:13:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/22 02:13:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/22 02:13:43 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/14 00:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tp\Desktop\OTL.exe
[2013/01/13 23:50:52 | 000,794,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/13 23:50:52 | 000,671,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/13 23:50:52 | 000,124,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/13 23:49:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/10 22:56:40 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 22:56:40 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 22:49:43 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2013/01/10 22:49:09 | 1522,663,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 14:11:33 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/10 13:04:43 | 000,002,019 | ---- | M] () -- C:\Users\tp\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013/01/10 13:04:43 | 000,001,948 | ---- | M] () -- C:\Users\tp\Desktop\Avira DE-Cleaner.lnk
[2013/01/10 12:10:51 | 000,322,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 03:17:39 | 000,789,100 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/10 14:11:33 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/10 12:50:58 | 000,002,019 | ---- | C] () -- C:\Users\tp\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013/01/10 12:50:58 | 000,001,948 | ---- | C] () -- C:\Users\tp\Desktop\Avira DE-Cleaner.lnk
[2012/05/10 01:08:59 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2012/05/10 01:08:59 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2012/05/10 01:08:02 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdocomx.dll
[2012/05/10 01:08:02 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdoinst.dll
[2012/05/10 01:08:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdopmui.dll
[2012/05/10 01:08:01 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoinpa.dll
[2012/05/10 01:08:01 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoiesc.dll
[2012/05/10 01:08:00 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoserv.dll
[2012/05/10 01:08:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdousb1.dll
[2012/05/10 01:08:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoprox.dll
[2012/05/10 01:07:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomc.dll
[2012/05/10 01:07:59 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdohbn3.dll
[2012/05/10 01:07:59 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocoms.exe
[2012/05/10 01:07:59 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdolmpm.dll
[2012/05/10 01:07:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomm.dll
[2012/05/10 01:07:59 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocfg.exe
[2012/05/10 01:07:59 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoih.exe
[2012/03/16 12:05:29 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/02/10 17:51:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/10 17:51:23 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/10 17:51:21 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/10 17:51:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/10 17:51:19 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/10 16:58:46 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011/02/10 15:33:46 | 000,789,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Ist das Syytem jetzt wieder sauber? Wie soll ich am besten weiterverfahren? Wahrscheinlich auf jeden Fall alle Passwörter ändern?! Online Banking mache ich keines.

Vielen vielen Dank im Voraus.
Grüße

Alt 14.01.2013, 11:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Hallo und

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________

__________________

Alt 14.01.2013, 13:36   #3
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Hallo Cosinus,

nein kein Firmen oder Uni PC, privates Notebook meines Vaters, der das gekauft hat... Warum keine Ahnung...

Gruesse
__________________

Alt 14.01.2013, 14:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 14:41   #5
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Nein leider keine anderen Logs. Nur noch den Extra Log von OTL, brauchst du den?
Vielen Dank schon mal :-).


Alt 14.01.2013, 15:03   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Befall mit zBot Zeus, was tun?

Alt 14.01.2013, 15:35   #7
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Also das Anti - Rootkit hat keine malware gefunden. Hier der Logfile
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tp :: TP-PC [administrator]

1/14/2013 3:28:53 PM
mbar-log-2013-01-14 (15-28-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27982
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


Vielen Dank schon mal!

Alt 14.01.2013, 15:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 16:01   #9
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Logfile 1:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 15:53:26
-----------------------------
15:53:26.093 OS Version: Windows x64 6.1.7601 Service Pack 1
15:53:26.093 Number of processors: 4 586 0x2A07
15:53:26.093 ComputerName: TP-PC UserName: tp
15:53:27.107 Initialize success
15:53:57.772 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:53:57.772 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
15:53:57.788 Disk 0 MBR read successfully
15:53:57.803 Disk 0 MBR scan
15:53:57.803 Disk 0 Windows VISTA default MBR code
15:53:57.819 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
15:53:57.819 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
15:53:57.835 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 285140 MB offset 41172992
15:53:57.866 Disk 0 scanning C:\Windows\system32\drivers
15:54:02.858 Service scanning
15:54:16.477 Modules scanning
15:54:16.492 Disk 0 trace - called modules:
15:54:16.508 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
15:54:16.508 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800409f060]
15:54:16.523 3 CLASSPNP.SYS[fffff88001b7943f] -> nt!IofCallDriver -> [0xfffffa8003f62cb0]
15:54:16.523 5 stdcfltn.sys[fffff88001ac3c52] -> nt!IofCallDriver -> [0xfffffa8002255750]
15:54:16.523 7 ACPI.sys[fffff88000d867a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002349050]
15:54:16.523 Scan finished successfully
15:54:37.630 Disk 0 MBR has been saved successfully to "C:\Users\tp\Desktop\MBR.dat"
15:54:37.630 The log file has been saved successfully to "C:\Users\tp\Desktop\aswMBR.txt"


Logfile 2:

15:56:41.0343 5208 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:56:41.0842 5208 ============================================================
15:56:41.0842 5208 Current date / time: 2013/01/14 15:56:41.0842
15:56:41.0842 5208 SystemInfo:
15:56:41.0842 5208
15:56:41.0842 5208 OS Version: 6.1.7601 ServicePack: 1.0
15:56:41.0842 5208 Product type: Workstation
15:56:41.0842 5208 ComputerName: TP-PC
15:56:41.0842 5208 UserName: tp
15:56:41.0842 5208 Windows directory: C:\Windows
15:56:41.0842 5208 System windows directory: C:\Windows
15:56:41.0842 5208 Running under WOW64
15:56:41.0842 5208 Processor architecture: Intel x64
15:56:41.0842 5208 Number of processors: 4
15:56:41.0842 5208 Page size: 0x1000
15:56:41.0842 5208 Boot type: Normal boot
15:56:41.0842 5208 ============================================================
15:56:42.0341 5208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:56:42.0341 5208 ============================================================
15:56:42.0341 5208 \Device\Harddisk0\DR0:
15:56:42.0357 5208 MBR partitions:
15:56:42.0357 5208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
15:56:42.0357 5208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x22CEA2B0
15:56:42.0357 5208 ============================================================
15:56:42.0372 5208 C: <-> \Device\Harddisk0\DR0\Partition2
15:56:42.0388 5208 ============================================================
15:56:42.0388 5208 Initialize success
15:56:42.0388 5208 ============================================================
15:56:53.0012 7088 ============================================================
15:56:53.0012 7088 Scan started
15:56:53.0012 7088 Mode: Manual; SigCheck; TDLFS;
15:56:53.0012 7088 ============================================================
15:56:53.0214 7088 ================ Scan system memory ========================
15:56:53.0214 7088 System memory - ok
15:56:53.0230 7088 ================ Scan services =============================
15:56:53.0433 7088 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:56:53.0604 7088 1394ohci - ok
15:56:53.0651 7088 [ AEDB94A49236F5FF060C90E09E70281F ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
15:56:53.0682 7088 Acceler - ok
15:56:53.0729 7088 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:56:53.0745 7088 ACPI - ok
15:56:53.0776 7088 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:56:53.0854 7088 AcpiPmi - ok
15:56:53.0963 7088 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:53.0979 7088 AdobeARMservice - ok
15:56:54.0057 7088 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:56:54.0104 7088 adp94xx - ok
15:56:54.0135 7088 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:56:54.0166 7088 adpahci - ok
15:56:54.0182 7088 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:56:54.0197 7088 adpu320 - ok
15:56:54.0228 7088 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:56:54.0416 7088 AeLookupSvc - ok
15:56:54.0462 7088 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:56:54.0478 7088 AERTFilters - ok
15:56:54.0525 7088 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:56:54.0587 7088 AFD - ok
15:56:54.0618 7088 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:56:54.0634 7088 agp440 - ok
15:56:54.0650 7088 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:56:54.0712 7088 ALG - ok
15:56:54.0728 7088 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:56:54.0728 7088 aliide - ok
15:56:54.0743 7088 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:56:54.0759 7088 amdide - ok
15:56:54.0759 7088 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:56:54.0806 7088 AmdK8 - ok
15:56:54.0821 7088 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:56:54.0837 7088 AmdPPM - ok
15:56:54.0852 7088 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:56:54.0868 7088 amdsata - ok
15:56:54.0884 7088 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:56:54.0899 7088 amdsbs - ok
15:56:54.0915 7088 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:56:54.0915 7088 amdxata - ok
15:56:54.0962 7088 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:56:54.0993 7088 ApfiltrService - ok
15:56:55.0008 7088 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:56:55.0164 7088 AppID - ok
15:56:55.0180 7088 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:56:55.0258 7088 AppIDSvc - ok
15:56:55.0274 7088 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:56:55.0320 7088 Appinfo - ok
15:56:55.0367 7088 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:56:55.0430 7088 AppMgmt - ok
15:56:55.0461 7088 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:56:55.0461 7088 arc - ok
15:56:55.0476 7088 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:56:55.0508 7088 arcsas - ok
15:56:55.0586 7088 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:56:55.0617 7088 aspnet_state - ok
15:56:55.0632 7088 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:55.0710 7088 AsyncMac - ok
15:56:55.0757 7088 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:56:55.0773 7088 atapi - ok
15:56:55.0804 7088 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:55.0882 7088 AudioEndpointBuilder - ok
15:56:55.0882 7088 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:56:55.0929 7088 AudioSrv - ok
15:56:55.0960 7088 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:56:56.0038 7088 AxInstSV - ok
15:56:56.0085 7088 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:56:56.0163 7088 b06bdrv - ok
15:56:56.0194 7088 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:56.0256 7088 b57nd60a - ok
15:56:56.0381 7088 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:56:56.0522 7088 BCM43XX - ok
15:56:56.0553 7088 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:56:56.0615 7088 BDESVC - ok
15:56:56.0646 7088 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:56:56.0724 7088 Beep - ok
15:56:56.0787 7088 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:56:56.0880 7088 BFE - ok
15:56:56.0927 7088 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:56:57.0036 7088 BITS - ok
15:56:57.0052 7088 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:56:57.0068 7088 blbdrive - ok
15:56:57.0099 7088 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:56:57.0161 7088 bowser - ok
15:56:57.0192 7088 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:56:57.0224 7088 BrFiltLo - ok
15:56:57.0239 7088 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:56:57.0270 7088 BrFiltUp - ok
15:56:57.0286 7088 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:56:57.0333 7088 Browser - ok
15:56:57.0348 7088 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:56:57.0411 7088 Brserid - ok
15:56:57.0426 7088 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:57.0442 7088 BrSerWdm - ok
15:56:57.0458 7088 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:57.0489 7088 BrUsbMdm - ok
15:56:57.0489 7088 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:57.0504 7088 BrUsbSer - ok
15:56:57.0551 7088 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:56:57.0629 7088 BthEnum - ok
15:56:57.0645 7088 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:56:57.0676 7088 BTHMODEM - ok
15:56:57.0707 7088 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:56:57.0738 7088 BthPan - ok
15:56:57.0770 7088 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:56:57.0832 7088 BTHPORT - ok
15:56:57.0863 7088 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:56:57.0941 7088 bthserv - ok
15:56:57.0972 7088 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:56:57.0988 7088 BTHUSB - ok
15:56:58.0035 7088 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
15:56:58.0066 7088 BTWAMPFL - ok
15:56:58.0097 7088 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:56:58.0128 7088 btwaudio - ok
15:56:58.0144 7088 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:56:58.0160 7088 btwavdt - ok
15:56:58.0191 7088 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:56:58.0253 7088 btwdins - ok
15:56:58.0269 7088 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:56:58.0284 7088 btwl2cap - ok
15:56:58.0284 7088 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:56:58.0300 7088 btwrchid - ok
15:56:58.0316 7088 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:56:58.0362 7088 cdfs - ok
15:56:58.0394 7088 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:56:58.0409 7088 cdrom - ok
15:56:58.0440 7088 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:56:58.0534 7088 CertPropSvc - ok
15:56:58.0534 7088 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:56:58.0565 7088 circlass - ok
15:56:58.0581 7088 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:56:58.0596 7088 CLFS - ok
15:56:58.0643 7088 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:58.0643 7088 clr_optimization_v2.0.50727_32 - ok
15:56:58.0690 7088 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:58.0721 7088 clr_optimization_v2.0.50727_64 - ok
15:56:58.0768 7088 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:58.0768 7088 clr_optimization_v4.0.30319_32 - ok
15:56:58.0799 7088 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:58.0862 7088 clr_optimization_v4.0.30319_64 - ok
15:56:58.0877 7088 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:58.0908 7088 CmBatt - ok
15:56:58.0940 7088 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:56:58.0955 7088 cmdide - ok
15:56:59.0002 7088 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:56:59.0049 7088 CNG - ok
15:56:59.0080 7088 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:56:59.0080 7088 Compbatt - ok
15:56:59.0096 7088 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:56:59.0127 7088 CompositeBus - ok
15:56:59.0142 7088 COMSysApp - ok
15:56:59.0158 7088 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:56:59.0158 7088 crcdisk - ok
15:56:59.0205 7088 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:56:59.0345 7088 CryptSvc - ok
15:56:59.0376 7088 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:56:59.0454 7088 CSC - ok
15:56:59.0470 7088 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:56:59.0501 7088 CscService - ok
15:56:59.0548 7088 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:56:59.0626 7088 CtClsFlt - ok
15:56:59.0720 7088 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:56:59.0813 7088 cvhsvc - ok
15:56:59.0860 7088 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:56:59.0922 7088 DcomLaunch - ok
15:56:59.0954 7088 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:57:00.0000 7088 defragsvc - ok
15:57:00.0032 7088 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:57:00.0125 7088 DfsC - ok
15:57:00.0141 7088 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:57:00.0234 7088 Dhcp - ok
15:57:00.0250 7088 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:57:00.0297 7088 discache - ok
15:57:00.0344 7088 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:57:00.0375 7088 Disk - ok
15:57:00.0390 7088 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:57:00.0437 7088 dmvsc - ok
15:57:00.0468 7088 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:57:00.0515 7088 Dnscache - ok
15:57:00.0562 7088 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:57:00.0624 7088 dot3svc - ok
15:57:00.0687 7088 [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
15:57:00.0702 7088 DpHost - ok
15:57:00.0718 7088 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:57:00.0765 7088 DPS - ok
15:57:00.0796 7088 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:57:00.0843 7088 drmkaud - ok
15:57:00.0874 7088 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:57:00.0921 7088 DXGKrnl - ok
15:57:00.0936 7088 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:57:01.0014 7088 EapHost - ok
15:57:01.0092 7088 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:57:01.0202 7088 ebdrv - ok
15:57:01.0233 7088 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:57:01.0280 7088 EFS - ok
15:57:01.0358 7088 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:57:01.0436 7088 ehRecvr - ok
15:57:01.0467 7088 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:57:01.0498 7088 ehSched - ok
15:57:01.0545 7088 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:57:01.0592 7088 elxstor - ok
15:57:01.0592 7088 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:57:01.0607 7088 ErrDev - ok
15:57:01.0654 7088 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:57:01.0716 7088 EventSystem - ok
15:57:01.0748 7088 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:57:01.0794 7088 exfat - ok
15:57:01.0794 7088 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:57:01.0857 7088 fastfat - ok
15:57:01.0888 7088 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:57:01.0950 7088 Fax - ok
15:57:01.0982 7088 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:57:02.0013 7088 fdc - ok
15:57:02.0044 7088 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:57:02.0075 7088 fdPHost - ok
15:57:02.0091 7088 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:57:02.0153 7088 FDResPub - ok
15:57:02.0169 7088 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:57:02.0184 7088 FileInfo - ok
15:57:02.0200 7088 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:57:02.0231 7088 Filetrace - ok
15:57:02.0231 7088 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:57:02.0247 7088 flpydisk - ok
15:57:02.0262 7088 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:57:02.0278 7088 FltMgr - ok
15:57:02.0325 7088 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:57:02.0403 7088 FontCache - ok
15:57:02.0450 7088 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:57:02.0465 7088 FontCache3.0.0.0 - ok
15:57:02.0481 7088 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:57:02.0496 7088 FsDepends - ok
15:57:02.0512 7088 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:57:02.0528 7088 Fs_Rec - ok
15:57:02.0559 7088 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:57:02.0590 7088 fvevol - ok
15:57:02.0606 7088 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:57:02.0637 7088 gagp30kx - ok
15:57:02.0668 7088 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:57:02.0730 7088 gpsvc - ok
15:57:02.0746 7088 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:57:02.0793 7088 hcw85cir - ok
15:57:02.0824 7088 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:57:02.0871 7088 HDAudBus - ok
15:57:02.0871 7088 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:57:02.0902 7088 HidBatt - ok
15:57:02.0902 7088 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:57:02.0918 7088 HidBth - ok
15:57:02.0933 7088 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:57:02.0949 7088 HidIr - ok
15:57:02.0964 7088 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:57:03.0027 7088 hidserv - ok
15:57:03.0058 7088 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:57:03.0089 7088 HidUsb - ok
15:57:03.0105 7088 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:57:03.0167 7088 hkmsvc - ok
15:57:03.0198 7088 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:57:03.0261 7088 HomeGroupListener - ok
15:57:03.0292 7088 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:57:03.0323 7088 HomeGroupProvider - ok
15:57:03.0354 7088 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:57:03.0354 7088 HpSAMD - ok
15:57:03.0386 7088 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:57:03.0479 7088 HTTP - ok
15:57:03.0479 7088 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:57:03.0495 7088 hwpolicy - ok
15:57:03.0510 7088 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:57:03.0526 7088 i8042prt - ok
15:57:03.0573 7088 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
15:57:03.0604 7088 iaStor - ok
15:57:03.0620 7088 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:57:03.0666 7088 iaStorV - ok
15:57:03.0713 7088 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:57:03.0776 7088 idsvc - ok
15:57:04.0010 7088 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:57:04.0337 7088 igfx - ok
15:57:04.0384 7088 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:57:04.0415 7088 iirsp - ok
15:57:04.0446 7088 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:57:04.0509 7088 IKEEXT - ok
15:57:04.0556 7088 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
15:57:04.0618 7088 Impcd - ok
15:57:04.0712 7088 [ 1B491F385EE96F9D9EE4CB430C8CD29E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:57:04.0836 7088 IntcAzAudAddService - ok
15:57:04.0852 7088 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:57:04.0899 7088 IntcDAud - ok
15:57:04.0930 7088 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:57:04.0946 7088 intelide - ok
15:57:04.0977 7088 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:57:05.0008 7088 intelppm - ok
15:57:05.0039 7088 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:57:05.0102 7088 IPBusEnum - ok
15:57:05.0117 7088 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:05.0180 7088 IpFilterDriver - ok
15:57:05.0226 7088 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:57:05.0304 7088 iphlpsvc - ok
15:57:05.0304 7088 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:57:05.0336 7088 IPMIDRV - ok
15:57:05.0336 7088 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:57:05.0398 7088 IPNAT - ok
15:57:05.0414 7088 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:57:05.0429 7088 IRENUM - ok
15:57:05.0429 7088 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:57:05.0445 7088 isapnp - ok
15:57:05.0460 7088 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:57:05.0476 7088 iScsiPrt - ok
15:57:05.0507 7088 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:57:05.0523 7088 kbdclass - ok
15:57:05.0523 7088 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:57:05.0570 7088 kbdhid - ok
15:57:05.0585 7088 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:57:05.0601 7088 KeyIso - ok
15:57:05.0632 7088 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:57:05.0648 7088 KSecDD - ok
15:57:05.0648 7088 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:57:05.0663 7088 KSecPkg - ok
15:57:05.0679 7088 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:57:05.0741 7088 ksthunk - ok
15:57:05.0772 7088 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:57:05.0850 7088 KtmRm - ok
15:57:05.0882 7088 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:57:05.0960 7088 LanmanServer - ok
15:57:05.0975 7088 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:57:06.0038 7088 LanmanWorkstation - ok
15:57:06.0069 7088 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:57:06.0147 7088 lltdio - ok
15:57:06.0162 7088 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:57:06.0209 7088 lltdsvc - ok
15:57:06.0240 7088 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:57:06.0287 7088 lmhosts - ok
15:57:06.0365 7088 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:57:06.0396 7088 LMS - ok
15:57:06.0412 7088 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:57:06.0428 7088 LSI_FC - ok
15:57:06.0443 7088 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:57:06.0474 7088 LSI_SAS - ok
15:57:06.0474 7088 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:57:06.0490 7088 LSI_SAS2 - ok
15:57:06.0490 7088 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:57:06.0506 7088 LSI_SCSI - ok
15:57:06.0521 7088 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:57:06.0568 7088 luafv - ok
15:57:06.0646 7088 [ 741083526BA1C6217D7E664BB86CFA62 ] lxdoCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe
15:57:06.0693 7088 lxdoCATSCustConnectService - ok
15:57:06.0708 7088 lxdo_device - ok
15:57:06.0771 7088 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:57:06.0786 7088 MBAMProtector - ok
15:57:06.0864 7088 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:57:06.0896 7088 MBAMScheduler - ok
15:57:06.0927 7088 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:57:06.0974 7088 MBAMService - ok
15:57:07.0005 7088 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:57:07.0036 7088 Mcx2Svc - ok
15:57:07.0067 7088 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:57:07.0083 7088 megasas - ok
15:57:07.0098 7088 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:57:07.0114 7088 MegaSR - ok
15:57:07.0145 7088 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:57:07.0161 7088 MEIx64 - ok
15:57:07.0192 7088 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:57:07.0254 7088 MMCSS - ok
15:57:07.0270 7088 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:57:07.0332 7088 Modem - ok
15:57:07.0364 7088 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:57:07.0379 7088 monitor - ok
15:57:07.0395 7088 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:57:07.0410 7088 mouclass - ok
15:57:07.0426 7088 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:57:07.0457 7088 mouhid - ok
15:57:07.0473 7088 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:57:07.0488 7088 mountmgr - ok
15:57:07.0504 7088 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:57:07.0520 7088 mpio - ok
15:57:07.0535 7088 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:57:07.0566 7088 mpsdrv - ok
15:57:07.0598 7088 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:57:07.0676 7088 MpsSvc - ok
15:57:07.0676 7088 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:57:07.0707 7088 MRxDAV - ok
15:57:07.0769 7088 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:07.0832 7088 mrxsmb - ok
15:57:07.0863 7088 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:07.0894 7088 mrxsmb10 - ok
15:57:07.0910 7088 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:07.0910 7088 mrxsmb20 - ok
15:57:07.0941 7088 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:57:07.0956 7088 msahci - ok
15:57:07.0972 7088 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:57:08.0003 7088 msdsm - ok
15:57:08.0019 7088 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:57:08.0050 7088 MSDTC - ok
15:57:08.0081 7088 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:57:08.0112 7088 Msfs - ok
15:57:08.0128 7088 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:57:08.0175 7088 mshidkmdf - ok
15:57:08.0190 7088 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:57:08.0190 7088 msisadrv - ok
15:57:08.0222 7088 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:57:08.0331 7088 MSiSCSI - ok
15:57:08.0331 7088 msiserver - ok
15:57:08.0362 7088 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:57:08.0424 7088 MSKSSRV - ok
15:57:08.0424 7088 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:08.0471 7088 MSPCLOCK - ok
15:57:08.0471 7088 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:57:08.0518 7088 MSPQM - ok
15:57:08.0534 7088 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:57:08.0549 7088 MsRPC - ok
15:57:08.0565 7088 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:57:08.0580 7088 mssmbios - ok
15:57:08.0580 7088 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:57:08.0658 7088 MSTEE - ok
15:57:08.0658 7088 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:57:08.0690 7088 MTConfig - ok
15:57:08.0705 7088 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:57:08.0721 7088 Mup - ok
15:57:08.0752 7088 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:57:08.0830 7088 napagent - ok
15:57:08.0861 7088 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:57:08.0908 7088 NativeWifiP - ok
15:57:08.0970 7088 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:57:09.0017 7088 NDIS - ok
15:57:09.0033 7088 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:57:09.0064 7088 NdisCap - ok
15:57:09.0095 7088 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:09.0126 7088 NdisTapi - ok
15:57:09.0142 7088 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:09.0189 7088 Ndisuio - ok
15:57:09.0204 7088 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:09.0251 7088 NdisWan - ok
15:57:09.0267 7088 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:57:09.0298 7088 NDProxy - ok
15:57:09.0298 7088 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:57:09.0345 7088 NetBIOS - ok
15:57:09.0360 7088 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:57:09.0407 7088 NetBT - ok
15:57:09.0423 7088 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:57:09.0438 7088 Netlogon - ok
15:57:09.0470 7088 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:57:09.0548 7088 Netman - ok
15:57:09.0579 7088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:09.0594 7088 NetMsmqActivator - ok
15:57:09.0626 7088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:09.0626 7088 NetPipeActivator - ok
15:57:09.0641 7088 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:57:09.0719 7088 netprofm - ok
15:57:09.0719 7088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:09.0719 7088 NetTcpActivator - ok
15:57:09.0735 7088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:09.0735 7088 NetTcpPortSharing - ok
15:57:09.0797 7088 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
15:57:09.0844 7088 netvsc - ok
15:57:09.0891 7088 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:57:09.0922 7088 nfrd960 - ok
15:57:09.0938 7088 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:57:09.0969 7088 NlaSvc - ok
15:57:09.0984 7088 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:57:10.0031 7088 Npfs - ok
15:57:10.0047 7088 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:57:10.0125 7088 nsi - ok
15:57:10.0140 7088 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:57:10.0187 7088 nsiproxy - ok
15:57:10.0234 7088 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:57:10.0296 7088 Ntfs - ok
15:57:10.0374 7088 [ 4E6E6BE52EF05E666CC7D6D99C2C426A ] ntrtscan c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
15:57:10.0437 7088 ntrtscan - ok
15:57:10.0452 7088 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:57:10.0484 7088 Null - ok
15:57:10.0530 7088 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:57:10.0562 7088 nusb3hub - ok
15:57:10.0577 7088 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:57:10.0608 7088 nusb3xhc - ok
15:57:10.0655 7088 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:57:10.0671 7088 nvraid - ok
15:57:10.0702 7088 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:57:10.0702 7088 nvstor - ok
15:57:10.0733 7088 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:57:10.0749 7088 nv_agp - ok
15:57:10.0749 7088 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:57:10.0764 7088 ohci1394 - ok
15:57:10.0811 7088 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:57:10.0842 7088 ose - ok
15:57:10.0998 7088 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:57:11.0139 7088 osppsvc - ok
15:57:11.0170 7088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:57:11.0232 7088 p2pimsvc - ok
15:57:11.0248 7088 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:57:11.0279 7088 p2psvc - ok
15:57:11.0310 7088 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:57:11.0342 7088 Parport - ok
15:57:11.0373 7088 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:57:11.0404 7088 partmgr - ok
15:57:11.0404 7088 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:57:11.0466 7088 PcaSvc - ok
15:57:11.0482 7088 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:57:11.0513 7088 pci - ok
15:57:11.0544 7088 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:57:11.0576 7088 pciide - ok
15:57:11.0591 7088 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:57:11.0607 7088 pcmcia - ok
15:57:11.0622 7088 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:57:11.0622 7088 pcw - ok
15:57:11.0654 7088 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:57:11.0732 7088 PEAUTH - ok
15:57:11.0778 7088 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:57:11.0856 7088 PeerDistSvc - ok
15:57:11.0950 7088 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:57:11.0981 7088 PerfHost - ok
15:57:12.0059 7088 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:57:12.0137 7088 pla - ok
15:57:12.0168 7088 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:57:12.0231 7088 PlugPlay - ok
15:57:12.0246 7088 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:57:12.0293 7088 PNRPAutoReg - ok
15:57:12.0309 7088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:57:12.0324 7088 PNRPsvc - ok
15:57:12.0356 7088 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:57:12.0418 7088 PolicyAgent - ok
15:57:12.0434 7088 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
15:57:12.0496 7088 Power - ok
15:57:12.0527 7088 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:57:12.0605 7088 PptpMiniport - ok
15:57:12.0621 7088 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:57:12.0652 7088 Processor - ok
15:57:12.0683 7088 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:57:12.0746 7088 ProfSvc - ok
15:57:12.0761 7088 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:57:12.0761 7088 ProtectedStorage - ok
15:57:12.0792 7088 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:57:12.0839 7088 Psched - ok
15:57:12.0870 7088 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:57:12.0886 7088 PxHlpa64 - ok
15:57:12.0917 7088 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:57:12.0995 7088 ql2300 - ok
15:57:13.0011 7088 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:57:13.0026 7088 ql40xx - ok
15:57:13.0042 7088 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:57:13.0073 7088 QWAVE - ok
15:57:13.0073 7088 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:57:13.0104 7088 QWAVEdrv - ok
15:57:13.0104 7088 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:57:13.0151 7088 RasAcd - ok
15:57:13.0167 7088 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:57:13.0229 7088 RasAgileVpn - ok
15:57:13.0229 7088 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:57:13.0276 7088 RasAuto - ok
15:57:13.0292 7088 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:57:13.0354 7088 Rasl2tp - ok
15:57:13.0385 7088 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:57:13.0448 7088 RasMan - ok
15:57:13.0463 7088 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:57:13.0510 7088 RasPppoe - ok
15:57:13.0526 7088 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:57:13.0572 7088 RasSstp - ok
15:57:13.0588 7088 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:57:13.0651 7088 rdbss - ok
15:57:13.0651 7088 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:57:13.0666 7088 rdpbus - ok
15:57:13.0697 7088 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:57:13.0760 7088 RDPCDD - ok
15:57:13.0775 7088 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:57:13.0822 7088 RDPDR - ok
15:57:13.0822 7088 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:57:13.0869 7088 RDPENCDD - ok
15:57:13.0885 7088 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:57:13.0931 7088 RDPREFMP - ok
15:57:13.0947 7088 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:57:13.0978 7088 RDPWD - ok
15:57:13.0994 7088 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:57:14.0009 7088 rdyboost - ok
15:57:14.0041 7088 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:57:14.0087 7088 RemoteAccess - ok
15:57:14.0103 7088 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:57:14.0134 7088 RemoteRegistry - ok
15:57:14.0165 7088 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:57:14.0212 7088 RFCOMM - ok
15:57:14.0306 7088 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:57:14.0384 7088 RoxMediaDB12OEM - ok
15:57:14.0399 7088 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:57:14.0431 7088 RoxWatch12 - ok
15:57:14.0446 7088 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:57:14.0509 7088 RpcEptMapper - ok
15:57:14.0524 7088 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:57:14.0540 7088 RpcLocator - ok
15:57:14.0555 7088 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:57:14.0602 7088 RpcSs - ok
15:57:14.0633 7088 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:57:14.0727 7088 rspndr - ok
15:57:14.0758 7088 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
15:57:14.0789 7088 RSUSBSTOR - ok
15:57:14.0821 7088 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:57:14.0867 7088 RTL8167 - ok
15:57:14.0883 7088 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:57:14.0899 7088 s3cap - ok
15:57:14.0930 7088 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:57:14.0945 7088 SamSs - ok
15:57:14.0977 7088 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:57:14.0992 7088 sbp2port - ok
15:57:15.0023 7088 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:57:15.0086 7088 SCardSvr - ok
15:57:15.0101 7088 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:57:15.0133 7088 scfilter - ok
15:57:15.0164 7088 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:57:15.0242 7088 Schedule - ok
15:57:15.0257 7088 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:57:15.0320 7088 SCPolicySvc - ok
15:57:15.0335 7088 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:57:15.0382 7088 SDRSVC - ok
15:57:15.0413 7088 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:57:15.0491 7088 secdrv - ok
15:57:15.0507 7088 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:57:15.0538 7088 seclogon - ok
15:57:15.0554 7088 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:57:15.0601 7088 SENS - ok
15:57:15.0616 7088 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:57:15.0647 7088 SensrSvc - ok
15:57:15.0679 7088 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:57:15.0725 7088 Serenum - ok
15:57:15.0741 7088 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:57:15.0757 7088 Serial - ok
15:57:15.0788 7088 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:57:15.0819 7088 sermouse - ok
15:57:15.0850 7088 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:57:15.0913 7088 SessionEnv - ok
15:57:15.0928 7088 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:57:15.0944 7088 sffdisk - ok
15:57:15.0944 7088 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:57:15.0959 7088 sffp_mmc - ok
15:57:15.0959 7088 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:57:15.0975 7088 sffp_sd - ok
15:57:15.0991 7088 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:57:15.0991 7088 sfloppy - ok
15:57:16.0069 7088 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
15:57:16.0115 7088 Sftfs - ok
15:57:16.0193 7088 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:57:16.0240 7088 sftlist - ok
15:57:16.0256 7088 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:57:16.0271 7088 Sftplay - ok
15:57:16.0287 7088 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:57:16.0303 7088 Sftredir - ok
15:57:16.0303 7088 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
15:57:16.0318 7088 Sftvol - ok
15:57:16.0334 7088 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:57:16.0334 7088 sftvsa - ok
15:57:16.0381 7088 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:57:16.0427 7088 SharedAccess - ok
15:57:16.0459 7088 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:57:16.0537 7088 ShellHWDetection - ok
15:57:16.0568 7088 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:57:16.0568 7088 SiSRaid2 - ok
15:57:16.0583 7088 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:57:16.0599 7088 SiSRaid4 - ok
15:57:16.0615 7088 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:57:16.0630 7088 SkypeUpdate - ok
15:57:16.0646 7088 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:57:16.0677 7088 Smb - ok
15:57:16.0693 7088 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:57:16.0708 7088 SNMPTRAP - ok
15:57:16.0724 7088 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:57:16.0739 7088 spldr - ok
15:57:16.0755 7088 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:57:16.0802 7088 Spooler - ok
15:57:16.0880 7088 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:57:17.0020 7088 sppsvc - ok
15:57:17.0036 7088 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:57:17.0067 7088 sppuinotify - ok
15:57:17.0098 7088 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:57:17.0176 7088 srv - ok
15:57:17.0192 7088 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:57:17.0239 7088 srv2 - ok
15:57:17.0254 7088 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:57:17.0270 7088 srvnet - ok
15:57:17.0301 7088 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:57:17.0379 7088 SSDPSRV - ok
15:57:17.0395 7088 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:57:17.0441 7088 SstpSvc - ok
15:57:17.0457 7088 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
15:57:17.0473 7088 stdcfltn - ok
15:57:17.0488 7088 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:57:17.0504 7088 stexstor - ok
15:57:17.0551 7088 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:57:17.0566 7088 stisvc - ok
15:57:17.0597 7088 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:57:17.0597 7088 stllssvr - ok
15:57:17.0644 7088 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:57:17.0691 7088 StorSvc - ok
15:57:17.0707 7088 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:57:17.0722 7088 storvsc - ok
15:57:17.0753 7088 [ DA8DA61CB3289AE3840D35C3C73317A3 ] svcGenericHost c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
15:57:17.0769 7088 svcGenericHost - ok
15:57:17.0800 7088 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:57:17.0831 7088 swenum - ok
15:57:17.0863 7088 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:57:17.0925 7088 swprv - ok
15:57:17.0941 7088 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
15:57:17.0956 7088 SynthVid - ok
15:57:18.0003 7088 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:57:18.0081 7088 SysMain - ok
15:57:18.0112 7088 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:57:18.0128 7088 TabletInputService - ok
15:57:18.0143 7088 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:57:18.0190 7088 TapiSrv - ok
15:57:18.0206 7088 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:57:18.0253 7088 TBS - ok
15:57:18.0315 7088 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:57:18.0362 7088 Tcpip - ok
15:57:18.0409 7088 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:57:18.0455 7088 TCPIP6 - ok
15:57:18.0471 7088 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:57:18.0502 7088 tcpipreg - ok
15:57:18.0533 7088 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:57:18.0580 7088 TDPIPE - ok
15:57:18.0611 7088 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:57:18.0643 7088 TDTCP - ok
15:57:18.0674 7088 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:57:18.0721 7088 tdx - ok
15:57:18.0721 7088 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:57:18.0736 7088 TermDD - ok
15:57:18.0767 7088 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:57:18.0830 7088 TermService - ok
15:57:18.0845 7088 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:57:18.0861 7088 Themes - ok
15:57:18.0892 7088 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:57:18.0939 7088 THREADORDER - ok
15:57:18.0986 7088 [ 5602F33CCC295C7C80E9DB2B2C5CEB06 ] TmFilter c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
15:57:19.0017 7088 TmFilter - ok
15:57:19.0079 7088 [ BAC43306908F70E878BFE01F3A9079CA ] tmlisten c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
15:57:19.0142 7088 tmlisten - ok
15:57:19.0173 7088 [ B5C00FC8786A237937C33AABEE68CA26 ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys
15:57:19.0173 7088 tmlwf - ok
15:57:19.0220 7088 [ 48D09383511757645C0A828622EF5AB3 ] TmPfw c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
15:57:19.0235 7088 TmPfw - ok
15:57:19.0251 7088 [ AA78D4E62E335EAD1C200875D7DAC9FA ] TmPreFilter c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
15:57:19.0251 7088 TmPreFilter - ok
15:57:19.0282 7088 [ A4B0E0D9CB7AAED795BF880C3EDAA08F ] TmProxy c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
15:57:19.0329 7088 TmProxy - ok
15:57:19.0360 7088 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
15:57:19.0376 7088 tmtdi - ok
15:57:19.0391 7088 [ 5D38C32A4B093BC8190CF3FB9078C9CD ] tmwfp C:\Windows\system32\DRIVERS\tmwfp.sys
15:57:19.0423 7088 tmwfp - ok
15:57:19.0454 7088 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:57:19.0532 7088 TrkWks - ok
15:57:19.0579 7088 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:57:19.0641 7088 TrustedInstaller - ok
15:57:19.0657 7088 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:19.0688 7088 tssecsrv - ok
15:57:19.0719 7088 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:57:19.0735 7088 TsUsbFlt - ok
15:57:19.0750 7088 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:57:19.0781 7088 TsUsbGD - ok
15:57:19.0828 7088 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:57:19.0891 7088 tunnel - ok
15:57:19.0891 7088 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:57:19.0906 7088 uagp35 - ok
15:57:19.0937 7088 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:57:20.0000 7088 udfs - ok
15:57:20.0015 7088 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:57:20.0031 7088 UI0Detect - ok
15:57:20.0047 7088 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:57:20.0062 7088 uliagpkx - ok
15:57:20.0062 7088 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:57:20.0093 7088 umbus - ok
15:57:20.0109 7088 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:57:20.0140 7088 UmPass - ok
15:57:20.0171 7088 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:57:20.0203 7088 UmRdpService - ok
15:57:20.0359 7088 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:57:20.0452 7088 UNS - ok
15:57:20.0483 7088 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:57:20.0546 7088 upnphost - ok
15:57:20.0577 7088 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:57:20.0608 7088 usbccgp - ok
15:57:20.0624 7088 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:57:20.0639 7088 usbcir - ok
15:57:20.0655 7088 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:57:20.0671 7088 usbehci - ok
15:57:20.0717 7088 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:57:20.0764 7088 usbhub - ok
15:57:20.0795 7088 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:57:20.0827 7088 usbohci - ok
15:57:20.0858 7088 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:57:20.0905 7088 usbprint - ok
15:57:20.0936 7088 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:57:20.0967 7088 usbscan - ok
15:57:20.0983 7088 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:21.0045 7088 USBSTOR - ok
15:57:21.0076 7088 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:57:21.0123 7088 usbuhci - ok
15:57:21.0154 7088 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:57:21.0170 7088 usbvideo - ok
15:57:21.0185 7088 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:57:21.0263 7088 UxSms - ok
15:57:21.0295 7088 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:57:21.0295 7088 VaultSvc - ok
15:57:21.0404 7088 [ 20BF96C13DB4BA085D98F4700F3B05FE ] vcsFPService C:\Windows\system32\vcsFPService.exe
15:57:21.0497 7088 vcsFPService - ok
15:57:21.0529 7088 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:57:21.0544 7088 vdrvroot - ok
15:57:21.0575 7088 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:57:21.0638 7088 vds - ok
15:57:21.0669 7088 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:21.0685 7088 vga - ok
15:57:21.0700 7088 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:57:21.0747 7088 VgaSave - ok
15:57:21.0747 7088 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:57:21.0763 7088 vhdmp - ok
15:57:21.0778 7088 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:57:21.0794 7088 viaide - ok
15:57:21.0809 7088 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:57:21.0841 7088 VMBusHID - ok
15:57:21.0856 7088 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:57:21.0872 7088 volmgr - ok
15:57:21.0887 7088 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:57:21.0903 7088 volmgrx - ok
15:57:21.0919 7088 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:57:21.0934 7088 volsnap - ok
15:57:21.0997 7088 [ AD4BA28B99BCFBFF40A550872A652A33 ] VSApiNt c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
15:57:22.0075 7088 VSApiNt - ok
15:57:22.0090 7088 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:57:22.0106 7088 vsmraid - ok
15:57:22.0153 7088 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:57:22.0262 7088 VSS - ok
15:57:22.0262 7088 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:57:22.0309 7088 vwifibus - ok
15:57:22.0324 7088 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:57:22.0340 7088 vwififlt - ok
15:57:22.0387 7088 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:57:22.0418 7088 vwifimp - ok
15:57:22.0449 7088 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:57:22.0496 7088 W32Time - ok
15:57:22.0511 7088 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:57:22.0527 7088 WacomPen - ok
15:57:22.0558 7088 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:57:22.0636 7088 WANARP - ok
15:57:22.0636 7088 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:57:22.0667 7088 Wanarpv6 - ok
15:57:22.0745 7088 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:57:22.0808 7088 WatAdminSvc - ok
15:57:22.0855 7088 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:57:22.0933 7088 wbengine - ok
15:57:22.0948 7088 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:57:22.0995 7088 WbioSrvc - ok
15:57:23.0011 7088 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:57:23.0042 7088 wcncsvc - ok
15:57:23.0042 7088 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:57:23.0089 7088 WcsPlugInService - ok
15:57:23.0120 7088 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:57:23.0120 7088 Wd - ok
15:57:23.0167 7088 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:57:23.0229 7088 Wdf01000 - ok
15:57:23.0245 7088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:57:23.0338 7088 WdiServiceHost - ok
15:57:23.0354 7088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:57:23.0385 7088 WdiSystemHost - ok
15:57:23.0416 7088 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:57:23.0447 7088 WebClient - ok
15:57:23.0463 7088 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:57:23.0541 7088 Wecsvc - ok
15:57:23.0557 7088 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:57:23.0588 7088 wercplsupport - ok
15:57:23.0619 7088 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:57:23.0666 7088 WerSvc - ok
15:57:23.0681 7088 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:57:23.0713 7088 WfpLwf - ok
15:57:23.0728 7088 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:57:23.0744 7088 WIMMount - ok
15:57:23.0759 7088 WinDefend - ok
15:57:23.0759 7088 WinHttpAutoProxySvc - ok
15:57:23.0822 7088 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:57:23.0900 7088 Winmgmt - ok
15:57:23.0947 7088 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:57:24.0040 7088 WinRM - ok
15:57:24.0071 7088 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
15:57:24.0087 7088 WinUSB - ok
15:57:24.0118 7088 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:57:24.0181 7088 Wlansvc - ok
15:57:24.0259 7088 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:57:24.0274 7088 wlcrasvc - ok
15:57:24.0368 7088 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:57:24.0446 7088 wlidsvc - ok
15:57:24.0461 7088 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:57:24.0493 7088 WmiAcpi - ok
15:57:24.0539 7088 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:57:24.0571 7088 wmiApSrv - ok
15:57:24.0586 7088 WMPNetworkSvc - ok
15:57:24.0617 7088 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:57:24.0649 7088 WPCSvc - ok
15:57:24.0664 7088 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:57:24.0711 7088 WPDBusEnum - ok
15:57:24.0742 7088 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:57:24.0789 7088 ws2ifsl - ok
15:57:24.0805 7088 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:57:24.0836 7088 wscsvc - ok
15:57:24.0836 7088 WSearch - ok
15:57:24.0914 7088 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:57:25.0007 7088 wuauserv - ok
15:57:25.0023 7088 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:57:25.0054 7088 WudfPf - ok
15:57:25.0085 7088 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:57:25.0132 7088 WUDFRd - ok
15:57:25.0163 7088 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:57:25.0195 7088 wudfsvc - ok
15:57:25.0226 7088 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:57:25.0273 7088 WwanSvc - ok
15:57:25.0304 7088 ================ Scan global ===============================
15:57:25.0319 7088 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:57:25.0366 7088 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:57:25.0397 7088 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:57:25.0429 7088 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:57:25.0444 7088 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:57:25.0460 7088 [Global] - ok
15:57:25.0460 7088 ================ Scan MBR ==================================
15:57:25.0475 7088 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:57:25.0897 7088 \Device\Harddisk0\DR0 - ok
15:57:25.0897 7088 ================ Scan VBR ==================================
15:57:25.0912 7088 [ 2D5654F06DB885844886C2D888258BB0 ] \Device\Harddisk0\DR0\Partition1
15:57:25.0912 7088 \Device\Harddisk0\DR0\Partition1 - ok
15:57:25.0943 7088 [ E93382622EC31E41291F144B79146763 ] \Device\Harddisk0\DR0\Partition2
15:57:25.0943 7088 \Device\Harddisk0\DR0\Partition2 - ok
15:57:25.0959 7088 ============================================================
15:57:25.0959 7088 Scan finished
15:57:25.0959 7088 ============================================================
15:57:25.0975 6972 Detected object count: 0
15:57:25.0975 6972 Actual detected object count: 0
15:58:53.0891 6004 Deinitialize success


Beide nichts gefunden?!

Alt 14.01.2013, 21:19   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Die nächsten Logs bitte in CODE-Tags!
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 22:23   #11
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



So hier der Combofix Log

Code:
ATTFilter
ComboFix 13-01-14.01 - tp 01/14/2013  22:10:03.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1936.692 [GMT 1:00]
Running from: c:\users\tp\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll
c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-12-14 to 2013-01-14  )))))))))))))))))))))))))))))))
.
.
2013-01-14 21:15 . 2013-01-14 21:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-13 23:22 . 2013-01-13 23:22	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2F8D97C-E852-4D0E-8AD1-90C2BA76DBEB}\offreg.dll
2013-01-13 23:01 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2F8D97C-E852-4D0E-8AD1-90C2BA76DBEB}\mpengine.dll
2013-01-10 22:14 . 2013-01-10 22:14	--------	d-----w-	c:\users\tp\AppData\Roaming\QuickScan
2013-01-10 13:12 . 2013-01-10 13:12	--------	d-----w-	c:\users\tp\AppData\Roaming\Malwarebytes
2013-01-10 13:11 . 2013-01-10 13:11	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-10 13:11 . 2013-01-10 13:11	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-10 13:11 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-10 13:11 . 2013-01-10 13:11	--------	d-----w-	c:\users\tp\AppData\Local\Programs
2013-01-09 17:06 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 17:06 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 17:04 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 17:04 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-09 17:04 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-09 17:04 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-09 17:04 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 17:04 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-09 17:02 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 17:02 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-06 14:35 . 2013-01-06 14:55	--------	d-----r-	c:\users\tp\Dropbox
2013-01-06 14:31 . 2013-01-06 14:58	--------	d-----w-	c:\users\tp\AppData\Roaming\Dropbox
2012-12-22 01:13 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 01:13 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 01:13 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-22 01:13 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 02:09 . 2012-11-30 17:53	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-11-30 04:45 . 2013-01-09 17:03	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-15 02:31 . 2012-11-15 02:31	0	----a-w-	c:\windows\SysWow64\shoFBA7.tmp
2012-11-14 07:06 . 2012-12-13 02:01	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 02:01	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 02:01	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 02:01	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 02:01	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 02:01	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 02:01	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 02:01	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 02:01	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 02:01	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 02:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 02:01	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 02:01	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 02:01	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 02:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 02:01	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 02:01	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 02:01	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 02:01	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 02:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 02:01	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 02:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-11 23:22	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-11 23:22	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-11 23:21	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-11 23:21	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-02-27 1708048]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Lexmark 9500 Series"="c:\program files (x86)\Lexmark 9500 Series\fm3032.exe" [2007-09-18 307200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\tp\Desktop\mbar-1.01.0.1016\mbar\mbar.exe" [2013-01-14 1356360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe [2007-07-17 28672]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-11 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-09 196688]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [2007-09-20 1039360]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-09 338000]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-10-07 3137840]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-14 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-01-14 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 32700281
*NewlyCreated* - ASWMBR
*Deregistered* - 32700281
*Deregistered* - aswMBR
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-14 6629480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files (x86)\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files (x86)\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-14  22:17:39
ComboFix-quarantined-files.txt  2013-01-14 21:17
.
Pre-Run: 252,147,507,200 bytes free
Post-Run: 253,130,149,888 bytes free
.
- - End Of File - - E07FA6D7F9CF478DD45115C46FA0F235
         
Vielen Dank :-)

Alt 14.01.2013, 23:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 23:06   #13
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Hier das Ergebnis:
Code:
ATTFilter
# AdwCleaner v2.105 - Logfile created 01/14/2013 at 23:04:56
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : tp - TP-PC
# Boot Mode : Normal
# Running from : C:\Users\tp\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [506 octets] - [14/01/2013 23:04:56]

########## EOF - C:\AdwCleaner[R1].txt - [565 octets] ##########
         
Vielen Dank.

Alt 14.01.2013, 23:59   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.01.2013, 00:16   #15
Huii
 
Befall mit zBot Zeus, was tun? - Standard

Befall mit zBot Zeus, was tun?



So hier die Logs

Code:
ATTFilter
OTL logfile created on: 1/15/2013 12:05:56 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tp\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.89 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 23.55% Memory free
3.78 Gb Paging File | 1.67 Gb Available in Paging File | 44.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278.46 Gb Total Space | 235.85 Gb Free Space | 84.70% Space Free | Partition Type: NTFS
 
Computer Name: TP-PC | User Name: tp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\tp\Desktop\adwcleaner.exe ()
PRC - C:\Users\tp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
PRC - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Trend Micro Inc.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
PRC - C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\tp\Desktop\adwcleaner.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdoscw.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdodatr.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdocats.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (lxdo_device) -- C:\Windows\SysNative\lxdocoms.exe ( )
SRV:64bit: - (lxdoCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdoserv.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (svcGenericHost) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
SRV - (tmlisten) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe (Trend Micro Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (TmPfw) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdo_device) -- C:\Windows\SysWOW64\lxdocoms.exe ( )
SRV - (lxdoCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TmFilter) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys (Trend Micro Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE:64bit: - HKLM\..\SearchScopes\{716BA9ED-C560-4DF8-8B43-A04D37D0E568}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE - HKLM\..\SearchScopes\{716BA9ED-C560-4DF8-8B43-A04D37D0E568}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1322675234-3765041023-2825135729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-1322675234-3765041023-2825135729-1000\..\SearchScopes,DefaultScope = {716BA9ED-C560-4DF8-8B43-A04D37D0E568}
IE - HKU\S-1-5-21-1322675234-3765041023-2825135729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/02/10 17:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012/02/10 17:39:41 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013/01/14 22:15:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\DELL\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdoamon] C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
O4:64bit: - HKLM..\Run: [lxdomon.exe] C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Lexmark 9500 Series] C:\Program Files (x86)\Lexmark 9500 Series\fm3032.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\DELL\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1322675234-3765041023-2825135729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1322675234-3765041023-2825135729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543287DF-6EB7-4B59-BE54-257A20B2CA8C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E82DFE87-2B54-4706-B787-C60B6AF411CB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/14 22:08:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/14 22:08:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/14 22:08:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/14 22:08:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/14 22:07:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/14 22:04:32 | 005,022,074 | R--- | C] (Swearware) -- C:\Users\tp\Desktop\ComboFix.exe
[2013/01/14 15:55:40 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\tp\Desktop\tdsskiller.exe
[2013/01/14 15:51:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\tp\Desktop\aswMBR.exe
[2013/01/14 15:17:08 | 000,000,000 | ---D | C] -- C:\Users\tp\Desktop\mbar-1.01.0.1016
[2013/01/14 00:15:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tp\Desktop\OTL.exe
[2013/01/10 23:14:25 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\QuickScan
[2013/01/10 14:12:45 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\Malwarebytes
[2013/01/10 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/10 14:11:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 14:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 14:11:12 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Local\Programs
[2013/01/09 18:06:46 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 18:06:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 18:04:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 18:03:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 18:03:55 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 18:03:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 18:03:55 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 18:03:55 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 18:03:55 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 18:03:55 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 18:03:55 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 18:03:55 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 18:03:55 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 18:03:55 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 18:03:55 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 18:03:55 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 18:03:55 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 18:03:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 18:03:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 18:03:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 18:03:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 18:03:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 18:03:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 18:03:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 18:03:54 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 18:03:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 18:03:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 18:03:53 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 18:03:53 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 18:03:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 18:03:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 18:03:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 18:03:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 18:03:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 18:03:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 18:03:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 18:03:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 18:03:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 18:03:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 18:03:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 18:03:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 18:03:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 18:03:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 18:03:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 18:03:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 18:03:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 18:03:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 18:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 18:03:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 18:03:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 18:03:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 18:03:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 18:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 18:03:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 18:03:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 18:03:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 18:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 18:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 18:03:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 18:02:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/06 15:35:54 | 000,000,000 | R--D | C] -- C:\Users\tp\Dropbox
[2013/01/06 15:31:13 | 000,000,000 | ---D | C] -- C:\Users\tp\AppData\Roaming\Dropbox
[2012/12/22 02:13:44 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/22 02:13:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/22 02:13:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/22 02:13:43 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/14 23:04:24 | 000,554,087 | ---- | M] () -- C:\Users\tp\Desktop\adwcleaner.exe
[2013/01/14 22:15:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/14 22:05:26 | 005,022,074 | R--- | M] (Swearware) -- C:\Users\tp\Desktop\ComboFix.exe
[2013/01/14 22:02:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/14 15:55:56 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\tp\Desktop\tdsskiller.exe
[2013/01/14 15:54:37 | 000,000,512 | ---- | M] () -- C:\Users\tp\Desktop\MBR.dat
[2013/01/14 15:52:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\tp\Desktop\aswMBR.exe
[2013/01/14 15:15:34 | 013,462,931 | ---- | M] () -- C:\Users\tp\Desktop\mbar-1.01.0.1016.zip
[2013/01/14 00:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tp\Desktop\OTL.exe
[2013/01/13 23:50:52 | 000,794,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/13 23:50:52 | 000,671,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/13 23:50:52 | 000,124,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/10 22:56:40 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 22:56:40 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 22:49:43 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2013/01/10 22:49:09 | 1522,663,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 14:11:33 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/10 13:04:43 | 000,002,019 | ---- | M] () -- C:\Users\tp\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013/01/10 13:04:43 | 000,001,948 | ---- | M] () -- C:\Users\tp\Desktop\Avira DE-Cleaner.lnk
[2013/01/10 12:10:51 | 000,322,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 03:17:39 | 000,789,100 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/14 23:04:24 | 000,554,087 | ---- | C] () -- C:\Users\tp\Desktop\adwcleaner.exe
[2013/01/14 22:08:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/14 22:08:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/14 22:08:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/14 22:08:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/14 22:08:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/14 15:54:37 | 000,000,512 | ---- | C] () -- C:\Users\tp\Desktop\MBR.dat
[2013/01/14 15:13:14 | 013,462,931 | ---- | C] () -- C:\Users\tp\Desktop\mbar-1.01.0.1016.zip
[2013/01/10 14:11:33 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/10 12:50:58 | 000,002,019 | ---- | C] () -- C:\Users\tp\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013/01/10 12:50:58 | 000,001,948 | ---- | C] () -- C:\Users\tp\Desktop\Avira DE-Cleaner.lnk
[2012/05/10 01:08:59 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2012/05/10 01:08:59 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2012/05/10 01:08:02 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdocomx.dll
[2012/05/10 01:08:02 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdoinst.dll
[2012/05/10 01:08:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdopmui.dll
[2012/05/10 01:08:01 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoinpa.dll
[2012/05/10 01:08:01 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoiesc.dll
[2012/05/10 01:08:00 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoserv.dll
[2012/05/10 01:08:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdousb1.dll
[2012/05/10 01:08:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoprox.dll
[2012/05/10 01:07:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomc.dll
[2012/05/10 01:07:59 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdohbn3.dll
[2012/05/10 01:07:59 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocoms.exe
[2012/05/10 01:07:59 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdolmpm.dll
[2012/05/10 01:07:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomm.dll
[2012/05/10 01:07:59 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocfg.exe
[2012/05/10 01:07:59 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoih.exe
[2012/03/16 12:05:29 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/02/10 17:51:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/10 17:51:23 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/10 17:51:21 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/10 17:51:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/10 17:51:19 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/10 16:58:46 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011/02/10 15:33:46 | 000,789,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 1/15/2013 12:05:56 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tp\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.89 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 23.55% Memory free
3.78 Gb Paging File | 1.67 Gb Available in Paging File | 44.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278.46 Gb Total Space | 235.85 Gb Free Space | 84.70% Space Free | Partition Type: NTFS
 
Computer Name: TP-PC | User Name: tp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F8C745A-E381-4E29-8680-83FCD5D7877E}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update | 
"{20FBA8BD-08CE-4654-AD26-3908ACEA5A65}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update | 
"{26D95153-5089-4FBC-BF69-42461DCD3034}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast | 
"{4F1F1A46-8753-4E63-9802-D44383A6B264}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{53E2ECBA-E06D-4DD5-9941-8BD174AAA0AC}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{890BEFAD-4D81-4BCB-8888-0953F114AC0E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C3574C8F-7718-41D7-95B3-21B52765016A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C84FDC-746E-4961-8B2A-18B413075F72}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe | 
"{253BBD61-3D07-456F-978A-A111C64C0054}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2CED0EA3-70D6-4160-9C03-42F8D96B9E02}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{3BF58CC1-D105-42D3-BCAE-1EE7124D20E5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe | 
"{4316B8C1-1A40-4997-8D6E-8D727DB6C5F0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe | 
"{496F22F4-0316-4F98-8166-4FC48D7668CC}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{4C72FDF4-727D-494B-9E19-498674DCDBEA}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocoms.exe | 
"{55949B8E-9887-49F8-8B1F-A81F2F4A0FCF}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
"{5D39E4EC-2DA4-43CF-8FF2-81DE8E52150C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe | 
"{5D88C6EA-FD1F-47D6-AC69-FB5A87B37847}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe | 
"{675CD7BA-F0D4-4D54-A023-5496E4D354E7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{6E9465B9-BBF2-413D-8C48-0E2A018EA76D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe | 
"{7DF73E95-450B-4312-995C-97390F543617}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{878A24BF-9FB1-4F24-90F7-4C91D03B3414}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{9013D8CA-F88D-45CE-8162-AD99363D2C1B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9DA71340-4BB6-40A8-A134-5217BDF369C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdocoms.exe | 
"{9E4A254A-690D-42F1-BFAF-08372256B89E}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
"{9E672155-B294-47B6-BB2B-392018FADE2A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe | 
"{ABE66149-4A64-4C47-A44C-20DD55B9BB44}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe | 
"{AD02E64A-85CF-41D4-AEF7-A0C5E00BE4EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdocoms.exe | 
"{B8DB7138-9DFB-440C-A8CC-97B8A08129D9}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe | 
"{BDB7315F-C37E-4C75-A31A-388FE5FB5E0B}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocoms.exe | 
"{CB1D924E-243B-499C-93D7-3153DFAE1F18}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{EB27A92F-40EF-4724-8317-EDFE186D6981}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe | 
"TCP Query User{E392A944-429B-4111-9FA3-DA7C6146B235}C:\users\tp\appdata\roaming\ogap\umyvx.exe" = protocol=6 | dir=in | app=c:\users\tp\appdata\roaming\ogap\umyvx.exe | 
"UDP Query User{4BF2D580-9CB8-4017-95DF-7692F7141122}C:\users\tp\appdata\roaming\ogap\umyvx.exe" = protocol=17 | dir=in | app=c:\users\tp\appdata\roaming\ogap\umyvx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10AAF056-7792-497A-ACAF-3BF002196574}" = Validity Sensors DDK
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"DW WLAN Card" = DW WLAN Card
"Lexmark 9500 Series" = Lexmark 9500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.20
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.60.10
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/10/2012 8:29:27 PM | Computer Name = tp-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Dell Support Center' could not be shut down.
 
Error - 11/12/2012 1:46:01 PM | Computer Name = tp-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Dell Support Center' could not be shut down.
 
Error - 11/12/2012 3:25:38 PM | Computer Name = tp-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Internet Explorer' could not be shut down.
 
Error - 11/12/2012 5:41:02 PM | Computer Name = tp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/13/2012 12:50:11 PM | Computer Name = tp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/14/2012 12:42:51 PM | Computer Name = tp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/14/2012 10:33:18 PM | Computer Name = tp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/14/2012 10:43:38 PM | Computer Name = tp-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vcsFPService.exe, version: 4.3.33.0, time
 stamp: 0x4cadecd3  Faulting module name: vcsFPService.exe, version: 4.3.33.0, time
 stamp: 0x4cadecd3  Exception code: 0xc0000005  Fault offset: 0x0000000000008a1c  Faulting
 process id: 0x528  Faulting application start time: 0x01cdc2d966d36f3c  Faulting application
 path: C:\Windows\system32\vcsFPService.exe  Faulting module path: C:\Windows\system32\vcsFPService.exe
Report
 Id: 40ebd61e-2ece-11e2-97c2-ccaf78a3c7be
 
Error - 11/14/2012 10:45:02 PM | Computer Name = tp-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1674    Start
 Time: 01cdc2dab2f00000    Termination Time: 359    Application Path: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe    Report Id:   
 
Error - 11/15/2012 7:42:37 AM | Computer Name = tp-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12/15/2012 8:27:44 PM | Computer Name = tp-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/16/2012 9:35:49 AM | Computer Name = tp-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdoCATSCustConnectService
 service to connect.
 
Error - 12/16/2012 9:35:49 AM | Computer Name = tp-PC | Source = Service Control Manager | ID = 7000
Description = The lxdoCATSCustConnectService service failed to start due to the 
following error:   %%1053
 
Error - 12/16/2012 12:36:42 PM | Computer Name = tp-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the WinDefend service.
 
Error - 12/17/2012 6:24:14 PM | Computer Name = tp-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the SysMain service.
 
Error - 12/17/2012 10:22:38 PM | Computer Name = tp-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/17/2012 10:22:59 PM | Computer Name = tp-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/18/2012 12:44:12 PM | Computer Name = tp-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdoCATSCustConnectService
 service to connect.
 
Error - 12/18/2012 12:44:12 PM | Computer Name = tp-PC | Source = Service Control Manager | ID = 7000
Description = The lxdoCATSCustConnectService service failed to start due to the 
following error:   %%1053
 
Error - 12/19/2012 9:59:54 AM | Computer Name = tp-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Vielen Dank :-)

Antwort

Themen zu Befall mit zBot Zeus, was tun?
administrator, adobe, autorun, avira, bho, defender, dell computer, email, entfernen, explorer, firefox, format, helper, logfile, löschen, malwarebytes, microsoft, online banking, plug-in, realtek, registry, security, server, software, trojaner, usb, winlogon, ändern




Ähnliche Themen: Befall mit zBot Zeus, was tun?


  1. Zeus ZBot Infektion
    Log-Analyse und Auswertung - 03.07.2015 (18)
  2. Telekom Brief Zeus/Zbot
    Log-Analyse und Auswertung - 26.05.2015 (32)
  3. Telekom E-Mail 'zeuS' 'Zbot'
    Log-Analyse und Auswertung - 01.02.2014 (3)
  4. Sicherheitswarnung Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  5. Zeus/ZBot Telekom email
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (29)
  6. ZeuS/ZBot Warnung von der Telekom
    Log-Analyse und Auswertung - 30.05.2013 (23)
  7. Telekom Brief Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  8. Telekombrief ZeuS/Zbot - was muss ich tun?
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (9)
  9. Trotz Formatierung Zeus/ZBot?
    Log-Analyse und Auswertung - 11.03.2013 (4)
  10. Telekom Brief, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (16)
  11. Zeus/ZBot TRojaner
    Log-Analyse und Auswertung - 20.02.2013 (12)
  12. ZeuS/ZBot...was tun?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (15)
  13. ZeuS/Zbot-Befall laut Telekom
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (11)
  14. Trojaner ZeuS/ZBot Telekom Brief
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (20)
  15. Post von der Telekom (ZeuS/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (4)
  16. Trojaner ZeuS/ZBot
    Log-Analyse und Auswertung - 11.10.2012 (1)
  17. Telekom beanstandet ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (7)

Zum Thema Befall mit zBot Zeus, was tun? - Hallo! Ich habe eine Email von der Telekom bekommen, dass ein PC bei uns von dem Trojaner Zbot Zeus befallen sein soll. Ich habe daraufhin Malwarebytes durchlaufen lassen mit folgendem - Befall mit zBot Zeus, was tun?...
Archiv
Du betrachtest: Befall mit zBot Zeus, was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.