Root.Necurs

HardStylerx3 · 06.05.2013, 15:36

Code:

ATTFilter

RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestartet in : Normaler Modus
Benutzer : Adgoha [Admin Rechte]
Funktion : Scannen -- Datum : 05/06/2013 13:12:46
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 1 ¤¤¤
[Root.Necurs][SERVICE] fd3323c75793f310 -- C:\Windows\\SystemRoot\System32\Drivers\fd3323c75793f310.sys [x] -> GESTOPPT

¤¤¤ Registry-Einträge : 8 ¤¤¤
[Services][Root.Necurs] HKLM\[...]\ControlSet001\Services\fd3323c75793f310 (C:\Windows\System32\Drivers\fd3323c75793f310.sys) -> GEFUNDEN
[Services][Root.Necurs] HKLM\[...]\ControlSet002\Services\fd3323c75793f310 (C:\Windows\System32\Drivers\fd3323c75793f310.sys) -> GEFUNDEN
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> GEFUNDEN
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
[HJ] HKLM\[...]\System : EnableLUA (0) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [GELADEN] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8326413D -> HOOKED (Unknown @ 0x91AE83A6)
SSDT[316] : NtSetContextThread @ 0x8331E851 -> HOOKED (Unknown @ 0x91AE83AB)
SSDT[370] : NtTerminateProcess @ 0x8329BD86 -> HOOKED (Unknown @ 0x91AE8347)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x91AE83B0)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x91AE83B5)

¤¤¤ Infektion : Root.Necurs ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST3250820AS ATA Device +++++
--- User ---
[MBR] f6b5b46509c1705a59fbc926182d68c3
[BSP] 2ec69806dad941cfeb81dcac729f44a6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102402048 | Size: 188470 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] d1724993157bf51f40183df561929d50
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 248 | Size: 1925 Mo

Code:

ATTFilter

RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestartet in : Normaler Modus
Benutzer : Adgoha [Admin Rechte]
Funktion : Entfernen -- Datum : 05/06/2013 13:13:41
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 1 ¤¤¤
[Root.Necurs][SERVICE] fd3323c75793f310 -- C:\Windows\\SystemRoot\System32\Drivers\fd3323c75793f310.sys [x] -> GESTOPPT

¤¤¤ Registry-Einträge : 8 ¤¤¤
[Services][Root.Necurs] HKLM\[...]\ControlSet001\Services\fd3323c75793f310 (C:\Windows\System32\Drivers\fd3323c75793f310.sys) -> GELÖSCHT
[Services][Root.Necurs] HKLM\[...]\ControlSet002\Services\fd3323c75793f310 (C:\Windows\System32\Drivers\fd3323c75793f310.sys) -> GELÖSCHT
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> GELÖSCHT
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ERSETZT (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> ERSETZT (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> ERSETZT (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [GELADEN] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8326413D -> HOOKED (Unknown @ 0x91AE83A6)
SSDT[316] : NtSetContextThread @ 0x8331E851 -> HOOKED (Unknown @ 0x91AE83AB)
SSDT[370] : NtTerminateProcess @ 0x8329BD86 -> HOOKED (Unknown @ 0x91AE8347)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x91AE83B0)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x91AE83B5)

¤¤¤ Infektion : Root.Necurs ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST3250820AS ATA Device +++++
--- User ---
[MBR] f6b5b46509c1705a59fbc926182d68c3
[BSP] 2ec69806dad941cfeb81dcac729f44a6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102402048 | Size: 188470 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] d1724993157bf51f40183df561929d50
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 248 | Size: 1925 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[2]_D_05062013_02d1313.txt >>
RKreport[1]_S_05062013_02d1312.txt ; RKreport[2]_D_05062013_02d1313.txt

Code:

ATTFilter

RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestartet in : Normaler Modus
Benutzer : Adgoha [Admin Rechte]
Funktion : Scannen -- Datum : 05/06/2013 13:14:34
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 1 ¤¤¤
[Root.Necurs][SERVICE] fd3323c75793f310 -- C:\Windows\\SystemRoot\System32\Drivers\fd3323c75793f310.sys [x] -> GESTOPPT

¤¤¤ Registry-Einträge : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [GELADEN] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8326413D -> HOOKED (Unknown @ 0x91AE83A6)
SSDT[316] : NtSetContextThread @ 0x8331E851 -> HOOKED (Unknown @ 0x91AE83AB)
SSDT[370] : NtTerminateProcess @ 0x8329BD86 -> HOOKED (Unknown @ 0x91AE8347)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x91AE83B0)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x91AE83B5)

¤¤¤ Infektion : Root.Necurs ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST3250820AS ATA Device +++++
--- User ---
[MBR] f6b5b46509c1705a59fbc926182d68c3
[BSP] 2ec69806dad941cfeb81dcac729f44a6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102402048 | Size: 188470 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] d1724993157bf51f40183df561929d50
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 248 | Size: 1925 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[3]_S_05062013_02d1314.txt >>
RKreport[1]_S_05062013_02d1312.txt ; RKreport[2]_D_05062013_02d1313.txt ; RKreport[3]_S_05062013_02d1314.txt

Code:

ATTFilter

RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestartet in : Normaler Modus
Benutzer : Adgoha [Admin Rechte]
Funktion : Scannen -- Datum : 05/06/2013 13:15:30
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 1 ¤¤¤
[Root.Necurs][SERVICE] fd3323c75793f310 -- C:\Windows\\SystemRoot\System32\Drivers\fd3323c75793f310.sys [x] -> GESTOPPT

¤¤¤ Registry-Einträge : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [GELADEN] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8326413D -> HOOKED (Unknown @ 0x91AE83A6)
SSDT[316] : NtSetContextThread @ 0x8331E851 -> HOOKED (Unknown @ 0x91AE83AB)
SSDT[370] : NtTerminateProcess @ 0x8329BD86 -> HOOKED (Unknown @ 0x91AE8347)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x91AE83B0)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x91AE83B5)

¤¤¤ Infektion : Root.Necurs ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST3250820AS ATA Device +++++
--- User ---
[MBR] f6b5b46509c1705a59fbc926182d68c3
[BSP] 2ec69806dad941cfeb81dcac729f44a6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102402048 | Size: 188470 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] d1724993157bf51f40183df561929d50
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 248 | Size: 1925 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[4]_S_05062013_02d1315.txt >>
RKreport[1]_S_05062013_02d1312.txt ; RKreport[2]_D_05062013_02d1313.txt ; RKreport[3]_S_05062013_02d1314.txt ; RKreport[4]_S_05062013_02d1315.txt

avira hat irgendwann einfach mal angefangen andauernt virenmeldungen von necurs zu bringen

habe dann mit verschiedenen programmen versucht den rootkit zu beseitigen aber mbar, aswmbr, tdsskiller haben nix gefunden
combofix hängt sich vor der ersten stufe einfach auf

(auch im abgesicherten)

als letztes habe ich roguekiller benutzt der den schädling dann endlich gefunden hat aber den treiber wohl nicht löschen kann

ich lasse gerade GMER laufen und werde mich dann mit dem logfile melden

ich hoffe auf hilfe

mfg HardStylerx3

aharonov · 06.05.2013, 18:50

Hi,

Zitat:

aber mbar, aswmbr, tdsskiller haben nix gefunden
combofix hängt sich vor der ersten stufe einfach auf

Davon, einfach mal diese Spezialprogramme laufen zu lassen, raten wir ab.

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun in die System Reparatur Option booten:

Variante 1 - Über den Boot Manager
Starte den Rechner neu auf.

Während des Hochfahrens drücke mehrmals die F8 Taste.

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

oder

Variante 2 - Mit Windows CD/DVD
Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu auf und boote von der CD.

Wähle die Spracheinstellungen und klicke Weiter.

Klicke auf Computerreparaturoptionen.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.

Gib nun bitte notepad ein und drücke Enter.
- Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
- Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
- Schliesse Notepad wieder.
Gib nun bitte folgenden Befehl ein und drücke Enter:
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
Akzeptiere den Disclaimer mit Yes und klicke Scan.

Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.

HardStylerx3 · 07.05.2013, 09:33

Guten Morgen

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2013
Ran by SYSTEM on 07-05-2013 10:17:07
Running from G:\
Windows 7 Ultimate (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2010-11-03] (Avira GmbH)
HKLM\...\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [11680400 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-30] (Advanced Micro Devices, Inc.)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] (Avira GmbH)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-28] (Avira GmbH)
S2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [368640 2009-05-07] (AVM Berlin)
S4 PEVSystemStart; C:\NoMBR.exe\SWREG.3XE [518144 2000-08-31] (SteelWerX)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] ()

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-06-28] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-06-28] (Avira GmbH)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872320 2009-05-22] (C-Media Inc)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2009-05-07] (AVM GmbH)
S3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [82944 2009-07-23] ()
S3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2008-12-19] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [648808 2010-08-06] (Realtek Semiconductor Corporation                           )
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
S3 catchme; \??\C:\Users\Adgoha\AppData\Local\Temp\catchme.sys [x]
S1 jsobystp; \??\C:\Windows\system32\drivers\jsobystp.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 04F09923A393E4E0E8453A8F78361E73
C:\Windows\System32\DRIVERS\atikmpag.sys C541DA5B72FA638469E8DC1E66079330
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 04F09923A393E4E0E8453A8F78361E73
C:\Windows\System32\DRIVERS\AtiPcie.sys B73C832088DD54B55E04FF6F9646AD8C
C:\Windows\System32\DRIVERS\avgntflt.sys 1E4114685DE1FFA9675E09C6A1FB3F4B
C:\Windows\System32\DRIVERS\avipbb.sys 0F78D3DAE6DEDD99AE54C9491C62ADF2
C:\Windows\System32\drivers\avmeject.sys 263CF9D248FD5E020A1333ED4F7EAA88
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\DRIVERS\BrSerIb.sys 08C7E41FF10F56E83B4F10B5E8B1E8B6
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerIf.sys 1A5FC78E41840EDF79D65EC16EFF2787
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys A24C7B39602218F8DBDB2B6704325FC7
C:\Windows\System32\DRIVERS\BrUsbSIb.sys 2132A117160F2A96A13C044AE9BCED91
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmudax3.sys 2F2B02C025538CDD2E2D7155B3150602
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\System32\DRIVERS\fwlanusb.sys FF12FA487265DA2AC7DE4BE53F72FF1A
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 52EE480B541CA61025BC504B0348FAB8
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PciPPorts.sys 86F4ACF0EAB9B275D1D71E3A6540D2F5
C:\Windows\System32\DRIVERS\PciSPorts.sys F1CD23597C138F9D5D87CEBD7CF59771
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtnicxp.sys 4E20765744BFBC16F6D6E5BD5598786B
C:\Windows\System32\DRIVERS\Rt86win7.sys 7DFD48E24479B68B258D8770121155A0
C:\Windows\System32\DRIVERS\RTL8192cu.sys 08E0B15F88CBFFEE0BB18D321C42E1B4
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SISGRKMD.sys 74B370FD8B9C60B083A3460A64353F3B
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snpstd3.sys 11BB0E11D42CC3A43D741D9B30839BE1
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ssmdrv.sys A36EE93698802CD899F98BFD553D8185
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\DRIVERS\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbfilter.sys 0150B06D3E73F6C27AFCB963FD931820
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\System32\DRIVERS\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-07 10:16 - 2013-05-07 10:16 - 00000000 ____D C:\FRST
2013-05-07 08:10 - 2013-05-07 08:10 - 00001077 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-05-07 08:10 - 2013-05-07 08:10 - 00000000 ____D C:\Users\Adgoha\AppData\Roaming\Malwarebytes
2013-05-07 08:10 - 2013-05-07 08:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-07 08:10 - 2013-05-07 08:09 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Adgoha\Desktop\mbam-setup-1.75.0.1300.exe
2013-05-07 08:10 - 2013-04-04 13:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-06 16:06 - 2013-05-06 16:07 - 00000000 ___SD C:\NoMBR.exe
2013-05-06 15:29 - 2013-05-06 14:47 - 00377856 ____A C:\Users\Adgoha\Desktop\3zgqtgpz.exe
2013-05-06 15:17 - 2013-05-06 16:06 - 00001114 ____A C:\Users\Adgoha\Desktop\gmer.txt.txt
2013-05-06 14:44 - 2013-05-06 16:06 - 00000000 ___SD C:\ComboFix
2013-05-06 14:44 - 2013-05-06 14:44 - 00000000 ____D C:\Qoobox
2013-05-06 12:48 - 2013-05-06 16:21 - 00000000 ____D C:\Users\Adgoha\Desktop\RK_Quarantine
2013-05-06 12:38 - 2013-05-06 14:46 - 00000000 ____D C:\Users\Adgoha\Desktop\Neuer Ordner
2013-05-06 12:34 - 2013-05-06 16:20 - 00000024 ____A C:\Users\Adgoha\Desktop\CFScript.txt.txt
2013-05-06 12:08 - 2013-04-24 11:21 - 00816128 ____A C:\Users\Adgoha\Desktop\RogueKiller.exe
2013-05-06 10:56 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-06 10:56 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-06 10:56 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-06 10:56 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-06 10:56 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-06 10:56 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-06 10:56 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-06 10:56 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-06 10:55 - 2013-05-06 10:55 - 00000000 ____D C:\Windows\erdnt
2013-05-06 10:53 - 2013-05-06 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-03 17:26 - 2013-05-03 17:26 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-03 17:26 - 2013-04-04 04:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-03 17:26 - 2013-04-04 04:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-03 17:26 - 2013-04-04 04:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-03 17:25 - 2013-05-03 17:26 - 00004020 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-03 10:59 - 2006-04-08 12:45 - 00397312 ____A (Bluescreen) C:\Users\Adgoha\Desktop\ImgResize.exe
2013-05-03 10:55 - 2013-05-03 11:02 - 00000000 ____D C:\Users\Adgoha\Desktop\Büro Bodenfliese Original
2013-05-02 14:07 - 2013-05-02 14:07 - 00000000 ____D C:\Users\Adgoha\AppData\Roaming\Haufe
2013-05-02 13:25 - 2013-05-02 13:25 - 00000000 ____D C:\Users\Adgoha\Desktop\Neuer Ordner (2)
2013-04-26 11:27 - 2013-04-26 11:27 - 00617353 ____A C:\Users\Adgoha\Desktop\Hochzeitsdeko Flieder  Tischdeko für Hochzeit.mht
2013-04-25 18:14 - 2013-04-12 14:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-25 18:14 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-25 18:14 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-25 18:14 - 2013-03-19 05:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-25 18:14 - 2013-03-19 03:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-25 18:14 - 2013-03-02 05:58 - 01231872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-25 18:14 - 2013-03-02 05:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-25 18:14 - 2013-03-02 05:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-25 18:14 - 2013-03-02 05:54 - 06032384 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-25 18:14 - 2013-03-02 05:54 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-25 18:14 - 2013-03-02 05:54 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-25 18:14 - 2013-03-02 05:53 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-25 18:14 - 2013-03-02 05:52 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-25 18:14 - 2013-03-02 05:52 - 02078208 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-25 18:14 - 2013-03-02 05:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-25 18:14 - 2013-03-02 04:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-25 18:14 - 2013-03-01 04:09 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-25 18:14 - 2013-02-15 05:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-25 18:14 - 2013-02-15 05:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-25 18:14 - 2013-02-15 04:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-25 18:14 - 2013-01-24 05:47 - 00196328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-09 16:56 - 2013-05-03 17:26 - 00000000 ____D C:\Program Files\Java
2013-04-09 12:44 - 2013-04-09 12:44 - 00000609 ____A C:\Users\Adgoha\Documents\Freundschaft.txt

==================== One Month Modified Files and Folders ========

2013-05-07 10:16 - 2013-05-07 10:16 - 00000000 ____D C:\FRST
2013-05-07 09:12 - 2010-10-22 15:32 - 01913079 ____A C:\Windows\WindowsUpdate.log
2013-05-07 09:08 - 2009-07-14 05:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-07 09:08 - 2009-07-14 05:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-07 09:07 - 2009-11-10 19:44 - 01507106 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-07 09:03 - 2013-02-18 13:10 - 00004416 ____A C:\Windows\PFRO.log
2013-05-07 09:03 - 2013-02-06 17:13 - 00009086 ____A C:\Windows\setupact.log
2013-05-07 09:03 - 2011-04-13 13:16 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-07 09:03 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-07 09:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\IME
2013-05-07 09:01 - 2011-04-13 13:16 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-07 08:48 - 2012-04-24 14:17 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-07 08:10 - 2013-05-07 08:10 - 00001077 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-05-07 08:10 - 2013-05-07 08:10 - 00000000 ____D C:\Users\Adgoha\AppData\Roaming\Malwarebytes
2013-05-07 08:10 - 2013-05-07 08:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-07 08:09 - 2013-05-07 08:10 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Adgoha\Desktop\mbam-setup-1.75.0.1300.exe
2013-05-06 16:21 - 2013-05-06 12:48 - 00000000 ____D C:\Users\Adgoha\Desktop\RK_Quarantine
2013-05-06 16:20 - 2013-05-06 12:34 - 00000024 ____A C:\Users\Adgoha\Desktop\CFScript.txt.txt
2013-05-06 16:07 - 2013-05-06 16:06 - 00000000 ___SD C:\NoMBR.exe
2013-05-06 16:06 - 2013-05-06 15:17 - 00001114 ____A C:\Users\Adgoha\Desktop\gmer.txt.txt
2013-05-06 16:06 - 2013-05-06 14:44 - 00000000 ___SD C:\ComboFix
2013-05-06 14:47 - 2013-05-06 15:29 - 00377856 ____A C:\Users\Adgoha\Desktop\3zgqtgpz.exe
2013-05-06 14:46 - 2013-05-06 12:38 - 00000000 ____D C:\Users\Adgoha\Desktop\Neuer Ordner
2013-05-06 14:44 - 2013-05-06 14:44 - 00000000 ____D C:\Qoobox
2013-05-06 14:44 - 2011-09-07 17:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-06 12:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-06 10:55 - 2013-05-06 10:55 - 00000000 ____D C:\Windows\erdnt
2013-05-06 10:55 - 2009-07-14 05:53 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-06 10:53 - 2013-05-06 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-06 10:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
2013-05-03 21:53 - 2012-04-09 22:20 - 00000000 ____D C:\Users\Adgoha\Documents\Kissen- FOTOS
2013-05-03 21:49 - 2011-03-20 15:16 - 00000000 ____D C:\Users\Adgoha\Documents\GLückwunsch-Karten-Diverses
2013-05-03 21:28 - 2011-07-21 21:32 - 00000000 ____D C:\Users\Adgoha\Documents\Diverses
2013-05-03 17:26 - 2013-05-03 17:26 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-03 17:26 - 2013-05-03 17:25 - 00004020 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-03 17:26 - 2013-04-09 16:56 - 00000000 ____D C:\Program Files\Java
2013-05-03 11:02 - 2013-05-03 10:55 - 00000000 ____D C:\Users\Adgoha\Desktop\Büro Bodenfliese Original
2013-05-02 14:07 - 2013-05-02 14:07 - 00000000 ____D C:\Users\Adgoha\AppData\Roaming\Haufe
2013-05-02 13:25 - 2013-05-02 13:25 - 00000000 ____D C:\Users\Adgoha\Desktop\Neuer Ordner (2)
2013-05-02 01:06 - 2009-10-14 03:21 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 17:55 - 2011-02-16 18:46 - 00000000 ____D C:\Users\Adgoha\Desktop\EBAY
2013-04-28 20:08 - 2010-12-25 22:51 - 00000000 ____D C:\Users\Adgoha\AppData\Roaming\Skype
2013-04-26 11:27 - 2013-04-26 11:27 - 00617353 ____A C:\Users\Adgoha\Desktop\Hochzeitsdeko Flieder  Tischdeko für Hochzeit.mht
2013-04-26 08:36 - 2013-02-06 17:13 - 00449792 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-25 22:07 - 2009-10-14 03:21 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-24 11:21 - 2013-05-06 12:08 - 00816128 ____A C:\Users\Adgoha\Desktop\RogueKiller.exe
2013-04-12 14:45 - 2013-04-25 18:14 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-09 16:56 - 2013-02-06 15:45 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-04-09 16:56 - 2010-10-22 16:30 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-04-09 12:44 - 2013-04-09 12:44 - 00000609 ____A C:\Users\Adgoha\Documents\Freundschaft.txt

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-06 10:56:40
Restore point made on: 2013-05-06 12:04:12
Restore point made on: 2013-05-06 13:42:51
Restore point made on: 2013-05-06 14:06:40

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 4094.49 MB
Available physical RAM: 3599.69 MB
Total Pagefile: 4092.77 MB
Available Pagefile: 3594.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:48.73 GB) (Free:18.49 GB) NTFS
Drive e: (Daten) (Fixed) (Total:184.05 GB) (Free:156.86 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:1.88 GB) (Free:1.79 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0455991F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184 GB) - (Type=07 NTFS)

====================================================================
Disk: 1 (Size: 2 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)


Last Boot: 2013-05-04 15:58

==================== End Of Log ============================

aharonov · 07.05.2013, 11:34

Hi,

Zitat:

C:\Users\Adgoha\Desktop\CFScript.txt.txt

Was genau wolltest du denn hier versuchen...?!

Der Necurs-Treiber scheint nicht mehr vorhanden zu sein. Oder warum denkst du, dass der immer noch läuft?

HardStylerx3 · 07.05.2013, 11:46

Zitat:

Zitat von aharonov

Hi,

Was genau wolltest du denn hier versuchen...?!

Der Necurs-Treiber scheint nicht mehr vorhanden zu sein. Oder warum denkst du, dass der immer noch läuft?

hmm ok dann hat roguekiller ihn wohl doch gelöscht mir kommt es blos komisch vor das combofix einfach nicht laufen will

öhm..^^ noch garnix

Code:

ATTFilter

Driver::
fd3323c75793f310

File::
C:\Windows\System32\Drivers\fd3323c75793f310.sys

das steht da drin aber da roguekiller ihn wohl schon gelöscht hat ist das wohl überflüssig

mfg HardStylerx3

aharonov · 07.05.2013, 12:00

Hey,

wenn CF nicht durchläuft, ist es möglicherweise nicht die beste Idee zu skripten.. Und mit diesem Dateinamen..

Poste bitte alle Logs, die bereits vorhanden sind (auch wenn ergebnislos).
Und mach dazu noch einen OTL-Scan:

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

HardStylerx3 · 07.05.2013, 12:04

deswegen hab ichs ja auch nicht gemacht

noch ne frage warum hat eig kein programm diesen rootkit gefunden also mbar,aswmbr,tdsskiller

aber roguekiller schon und vorallem sogar noch in einer älteren version den treiber sogar gefunden?

mfg HardStylerx3

logs kommen gleich

so es ist noch ein problem dazugekommen das ich vergessen habe zu erwähnen :x

wenn man sich dateien downloaded und z.b. auf dem desktop speichert sind diese einfach nicht da
dies passiert bei firefox und beim internet explorer
beim firefox wenn sich das downloadfenster dann öffnet und man da drauß die datei starten könnte dann geht es einfach nicht :/

Code:

ATTFilter

OTL logfile created on: 07.05.2013 13:18:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adgoha\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 71,93% Memory free
6,50 Gb Paging File | 5,45 Gb Available in Paging File | 83,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 19,36 Gb Free Space | 39,73% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 156,86 Gb Free Space | 85,22% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 1,79 Gb Free Space | 95,05% Space Free | Partition Type: NTFS
 
Computer Name: ADGOHA-PC | User Name: Adgoha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Adgoha\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3497.43127__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.43097__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.43002__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.43023__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.43077__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.43011__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.43057__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.43098__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.43017__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.43047__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.43011__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3497.43108__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.43062__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.43063__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3497.43107__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.43062__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.43096__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.43123__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.43050__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.43024__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.43071__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.43023__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.43054__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.43049__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.43054__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.43028__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.43055__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.43048__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.43048__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.43048__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3496.37256__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3496.37255__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3496.37269__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3496.37313__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3496.37309__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3496.37267__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3496.37309__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3496.37252__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3496.37251__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3496.37252__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3496.37369__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3496.37258__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3496.37258__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3496.37264__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3496.37279__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3496.37260__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3496.37259__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3496.37286__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3496.37303__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3496.37302__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3496.37253__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3496.37281__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3496.37261__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3496.37312__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3496.37283__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3496.37282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3496.37284__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3496.37267__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3496.37286__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3496.37283__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3496.37283__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3496.37286__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3496.37269__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3496.37279__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3496.37265__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3496.37266__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3496.37257__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3497.43122__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.43091__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.43102__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3496.37254__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3496.37255__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3496.37262__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.42999__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3497.43086__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.43017__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.43090__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.43001__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.43000__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3496.37261__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3496.37253__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3496.37263__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3496.37264__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.43007__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3497.42997__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.42998__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3496.37258__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3496.37287__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.43091__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PEVSystemStart) -- C:\NoMBR.exe\pev.3XE ()
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll ()
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (nvlddmkm) -- system32\DRIVERS\nvlddmkm.sys File not found
DRV - (jsobystp) -- C:\Windows\system32\drivers\jsobystp.sys File not found
DRV - (catchme) -- C:\Users\Adgoha\AppData\Local\Temp\catchme.sys File not found
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (RTL8192cu) -- C:\Windows\System32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (PciPPorts) -- C:\Windows\System32\drivers\PciPPorts.sys ()
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (PciSPorts) -- C:\Windows\System32\drivers\PciSPorts.sys ()
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 57 31 2F 69 43 CE 01  [binary data]
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.17 18:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 18:40:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.09.07 18:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adgoha\AppData\Roaming\mozilla\Extensions
[2013.05.06 15:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adgoha\AppData\Roaming\mozilla\Firefox\Profiles\kchi31yz.default\extensions
[2013.05.06 15:44:37 | 000,491,479 | ---- | M] () (No name found) -- C:\Users\Adgoha\AppData\Roaming\mozilla\firefox\profiles\kchi31yz.default\extensions\abb@amazon.com.xpi
[2013.02.18 14:11:07 | 000,002,845 | ---- | M] () -- C:\Users\Adgoha\AppData\Roaming\mozilla\firefox\profiles\kchi31yz.default\searchplugins\amazon-distro.xml
[2013.04.09 17:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.17 18:39:25 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1659139977-3496495749-1538144296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4A5D384-6C53-4F3A-8A4F-5BA0D6A654A9} hxxp://hd-cam.dyndns.org:1024/img/DDCViewer.cab (Viewer Control)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DA6253E-FF6B-4E25-B943-A53EDD72B69A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36C4C296-9A0C-44A5-986A-E54B95E433E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AB99881-D290-43F4-BD46-4670A1FCA1F8}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC06CD8D-9521-4D02-B362-3E1C4C97B95C}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6A1629C-0CF3-4E43-AAFA-D725F9C65F73}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{37361aac-ddf9-11df-ba80-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{37361aac-ddf9-11df-ba80-806e6f6e6963}\Shell\AutoRun\command - "" = L:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.07 13:17:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adgoha\Desktop\OTL.exe
[2013.05.07 12:22:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.07 12:11:03 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.05.07 12:11:03 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\AppData\Local\Temp
[2013.05.07 11:16:30 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.07 09:10:46 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\AppData\Roaming\Malwarebytes
[2013.05.07 09:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.07 09:10:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.07 09:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.07 09:10:34 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\AppData\Local\Programs
[2013.05.07 09:10:29 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Adgoha\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.06 17:06:39 | 000,000,000 | --SD | C] -- C:\NoMBR.exe
[2013.05.06 15:44:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.06 15:44:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.06 13:48:23 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\Desktop\RK_Quarantine
[2013.05.06 13:38:55 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\Desktop\Neuer Ordner
[2013.05.06 11:56:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.06 11:56:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.06 11:56:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.06 11:55:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.06 11:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.03 18:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.03 18:26:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.03 18:26:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.03 18:26:16 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.03 11:59:07 | 000,397,312 | ---- | C] (Bluescreen) -- C:\Users\Adgoha\Desktop\ImgResize.exe
[2013.05.03 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\Desktop\Büro Bodenfliese Original
[2013.05.02 15:07:19 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\AppData\Roaming\Haufe
[2013.05.02 14:25:33 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\Desktop\Neuer Ordner (2)
[2013.05.01 11:40:42 | 000,000,000 | ---D | C] -- C:\Users\Adgoha\AppData\Local\ElevatedDiagnostics
[2013.04.25 19:14:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.25 19:14:34 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.25 19:14:34 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.25 19:14:34 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.25 19:14:27 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.25 19:14:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.25 19:14:17 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.25 19:14:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.25 19:14:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.25 19:14:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.25 19:14:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.09 17:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2 C:\Users\Adgoha\Documents\*.tmp files -> C:\Users\Adgoha\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.07 13:16:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adgoha\Desktop\OTL.exe
[2013.05.07 13:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.07 12:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.07 12:26:55 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 12:26:55 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 12:26:02 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.07 12:26:02 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.07 12:26:02 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.07 12:26:02 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.07 12:21:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.07 12:21:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.07 12:21:44 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.07 12:06:37 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.05.07 11:18:53 | 001,269,060 | ---- | M] () -- C:\Users\Adgoha\Desktop\zoek.exe
[2013.05.07 09:10:40 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.07 09:09:16 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Adgoha\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.06 15:47:36 | 000,377,856 | ---- | M] () -- C:\Users\Adgoha\Desktop\3zgqtgpz.exe
[2013.05.03 10:34:22 | 000,414,433 | ---- | M] () -- C:\Users\Adgoha\Documents\001.jpg
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.28 12:03:45 | 000,027,010 | ---- | M] () -- C:\Users\Adgoha\Desktop\$T2eC16F,!ykE9s7twBM+BRc+cc4,0!~~48_72.jpg
[2013.04.26 12:27:53 | 000,617,353 | ---- | M] () -- C:\Users\Adgoha\Desktop\Hochzeitsdeko Flieder  Tischdeko für Hochzeit.mht
[2013.04.26 09:36:15 | 000,449,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.24 12:21:20 | 000,816,128 | ---- | M] () -- C:\Users\Adgoha\Desktop\RogueKiller.exe
[2013.04.09 17:56:35 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.04.09 17:56:35 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2 C:\Users\Adgoha\Documents\*.tmp files -> C:\Users\Adgoha\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.07 12:11:04 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.05.07 12:06:32 | 001,269,060 | ---- | C] () -- C:\Users\Adgoha\Desktop\zoek.exe
[2013.05.07 09:10:40 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.06 16:29:15 | 000,377,856 | ---- | C] () -- C:\Users\Adgoha\Desktop\3zgqtgpz.exe
[2013.05.06 13:08:21 | 000,816,128 | ---- | C] () -- C:\Users\Adgoha\Desktop\RogueKiller.exe
[2013.05.06 11:56:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.06 11:56:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.06 11:56:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.06 11:56:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.06 11:56:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.03 10:34:22 | 000,414,433 | ---- | C] () -- C:\Users\Adgoha\Documents\001.jpg
[2013.04.28 12:08:27 | 000,027,010 | ---- | C] () -- C:\Users\Adgoha\Desktop\$T2eC16F,!ykE9s7twBM+BRc+cc4,0!~~48_72.jpg
[2013.04.26 12:27:52 | 000,617,353 | ---- | C] () -- C:\Users\Adgoha\Desktop\Hochzeitsdeko Flieder  Tischdeko für Hochzeit.mht
[2013.02.06 18:13:27 | 000,449,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.06 16:53:26 | 000,369,117 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013.02.06 16:51:42 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2013.02.06 16:51:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2012.05.13 14:09:37 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.03.09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.01.11 21:23:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.06 15:24:05 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\autobingooo
[2013.02.24 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\Canneverbe Limited
[2013.02.17 18:39:40 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\DVDVideoSoft
[2013.02.17 18:39:32 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.02 15:07:19 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\Haufe
[2012.06.04 20:20:42 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\OpenOffice.org
[2011.08.12 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\PhotoScape
[2012.12.20 19:52:55 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\TeamViewer
[2011.04.13 15:04:32 | 000,000,000 | ---D | M] -- C:\Users\Adgoha\AppData\Roaming\Thinstall
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 07.05.2013 13:18:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adgoha\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 71,93% Memory free
6,50 Gb Paging File | 5,45 Gb Available in Paging File | 83,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 19,36 Gb Free Space | 39,73% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 156,86 Gb Free Space | 85,22% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 1,79 Gb Free Space | 95,05% Space Free | Partition Type: NTFS
 
Computer Name: ADGOHA-PC | User Name: Adgoha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Onlineprint24-Fotowelt\Onlineprint24 Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Onlineprint24 Fotowelt] -- "C:\Program Files\Onlineprint24-Fotowelt\Onlineprint24 Fotowelt\Onlineprint24 Fotowelt.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09182B7B-D443-70B8-92D9-266488C4C3E9}" = CCC Help Polish
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0BBBCFAA-49F3-4529-9FDB-803190E2C243}" = Haufe Formular-Manager
"{139B4B5D-549D-7280-FB5B-0B0D518D28CF}" = Catalyst Control Center Localization All
"{15D460E5-ECB3-255D-001A-806575640865}" = CCC Help Czech
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1E350845-7320-46EB-3D8C-F67D1DA0B436}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21B9B239-6DBC-40D4-80AB-7793AED4ED13}_is1" = TOPP Vorlagen-Druckstudio (5556)
"{23A5DCDE-DB07-9C0E-F28A-2821CB43126B}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{27CF8B42-90FC-ADCF-F90E-1F3A16291CAE}" = CCC Help Japanese
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3155D2AD-2D20-905B-BDE1-15C662BCB409}" = ccc-core-static
"{38B789BB-8431-C184-6528-A71C8366D1E7}" = Catalyst Control Center Graphics Full Existing
"{3A5D2635-EB31-AFCA-FEB1-FEB87851542D}" = CCC Help English
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46EE2498-853A-FF8C-12E9-06E0FE279536}" = AMD Catalyst Install Manager
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B260A66-BFA5-43FC-EFD3-BD0376030A40}" = CCC Help Spanish
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CFB49E5-D87D-8589-4E42-B87EEA6AFCCC}" = CCC Help Greek
"{509C8895-C103-9577-5A51-3845E37290DD}" = CCC Help Dutch
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DE1C976-9DA6-41A0-BBD9-7681EAD571D3}_is1" = TOPP Vorlagen-Druckstudio (Karten)
"{5EE12106-EFAB-1821-49EA-3FE597418F78}" = CCC Help Finnish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{663E6E69-EC14-9358-FC44-A202C4939070}" = CCC Help Turkish
"{675FF79E-2393-6173-1C23-95193DE47717}" = CCC Help German
"{6B5C74C0-5FC1-5884-132C-5F989B1A1DEB}" = Catalyst Control Center Graphics Full New
"{6D7E93A6-C909-4D22-4A6E-42099DE3531D}" = CCC Help Korean
"{7384F571-27BF-E416-9CB9-BBAA9B6E450C}" = CCC Help French
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{841BDA3F-7AFE-ED2B-9124-CB2BC7F85822}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9C528E-92CD-B75E-0188-822FB9FF6268}" = CCC Help Russian
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{955D892E-3527-6D12-0288-5AA4D773569D}" = Catalyst Control Center Graphics Light
"{9D6CE795-0D61-AA78-2E46-C363C3F36417}" = CCC Help Italian
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A413359F-4F40-83CB-53F9-8DB630FA40F6}" = Catalyst Control Center Graphics Previews Vista
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{BA6AD888-43B6-DDF5-8FFB-22185BD9FAB2}" = CCC Help Norwegian
"{C53F58DE-9CDA-4FA5-4B19-C81D8740E9A1}" = CCC Help Hungarian
"{D6203F46-A94F-0241-259A-C2F6DC7A7468}" = CCC Help Thai
"{D6CD0F28-B2DD-A0D4-08E4-B1655A064E16}" = CCC Help Swedish
"{D817ED21-9BFF-10CB-77EB-556787716836}" = ccc-utility
"{DCF49320-EABF-A0AD-D199-B72F9D79048D}" = CCC Help Chinese Traditional
"{DD79DC22-C6D7-BD6A-3A23-2D0D97EDBF8E}" = CCC Help Chinese Standard
"{EBBCBC9A-1281-D33E-4AD2-C3E8A36D9E1F}" = Catalyst Control Center Graphics Previews Common
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = Aureon 5.1 PCI
"EH_Vorso" = Die Vorsorgemappe
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Onlineprint24 Fotowelt" = Onlineprint24 Fotowelt
"PhotoScape" = PhotoScape
"VLC media player" = VLC media player 1.1.4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2013 10:53:45 | Computer Name = Adgoha-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
 
Error - 06.02.2013 11:11:45 | Computer Name = Adgoha-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
 
Error - 23.02.2013 18:41:45 | Computer Name = Adgoha-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
 Zeitstempel: 0x4e58702a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001df17  ID des fehlerhaften
 Prozesses: 0x278  Startzeit der fehlerhaften Anwendung: 0x01ce1211328fd55e  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll  Berichtskennung: 33095024-7e0a-11e2-8411-00241dd3114d
 
Error - 27.04.2013 12:50:01 | Computer Name = Adgoha-PC | Source = Application Hang | ID = 1002
Description = Programm POWERPNT.EXE, Version 12.0.4518.1014 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 75c    Startzeit: 01ce4367323f3224    Endzeit: 16    Anwendungspfad: 
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE    Berichts-ID: 7bf8b466-af5a-11e2-a163-00241dd3114d

 
Error - 01.05.2013 14:10:56 | Computer Name = Adgoha-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: ea0    Startzeit: 01ce4695e701c162    Endzeit: 31    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: bcf6bd15-b289-11e2-8e46-00241dd3114d

 
Error - 03.05.2013 03:47:08 | Computer Name = Adgoha-PC | Source = VSS | ID = 8194
Description = 
 
Error - 03.05.2013 03:47:19 | Computer Name = Adgoha-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 Intelligenter Hintergrundübertragungsdienst since QueryServiceConfig API failed

System
 Error: Zugriff verweigert  .
 
Error - 03.05.2013 03:47:19 | Computer Name = Adgoha-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 Windows Defender since QueryServiceConfig API failed  System Error: Das System kann
 die angegebene Datei nicht finden.  .
 
Error - 03.05.2013 03:47:19 | Computer Name = Adgoha-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 Windows Update since QueryServiceConfig API failed  System Error: Zugriff verweigert
.
 
Error - 03.05.2013 03:47:19 | Computer Name = Adgoha-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 syshost32 since QueryServiceConfig API failed  System Error: Zugriff verweigert  .
 
[ OSession Events ]
Error - 24.01.2011 13:36:55 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24006
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2011 15:46:30 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21366
 seconds with 7380 seconds of active time.  This session ended with a crash.
 
Error - 19.03.2011 14:52:15 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1977
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
Error - 21.04.2011 16:58:10 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21776
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 04:21:05 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 64
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 23.09.2011 05:59:20 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1555
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 16.04.2012 17:47:29 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47319
 seconds with 8640 seconds of active time.  This session ended with a crash.
 
Error - 16.05.2012 17:26:41 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5350
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 18.06.2012 17:33:50 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3572
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 29.07.2012 11:03:57 | Computer Name = Adgoha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11386
 seconds with 8100 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.05.2013 11:19:59 | Computer Name = Adgoha-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WinDefend" wurde mit folgendem Fehler beendet:   %%5
 
Error - 07.05.2013 04:03:29 | Computer Name = Adgoha-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 07.05.2013 04:03:29 | Computer Name = Adgoha-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.05.2013 04:03:35 | Computer Name = Adgoha-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WinDefend" wurde mit folgendem Fehler beendet:   %%5
 
Error - 07.05.2013 04:24:55 | Computer Name = Adgoha-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 07.05.2013 04:24:55 | Computer Name = Adgoha-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.05.2013 04:25:01 | Computer Name = Adgoha-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WinDefend" wurde mit folgendem Fehler beendet:   %%5
 
Error - 07.05.2013 06:21:48 | Computer Name = Adgoha-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 07.05.2013 06:21:48 | Computer Name = Adgoha-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.05.2013 06:21:53 | Computer Name = Adgoha-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WinDefend" wurde mit folgendem Fehler beendet:   %%5
 
 
< End of report >

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-06 17:06:08
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3 ST3250820AS rev.3.AAD 232,88GB
Running: 3zgqtgpz.exe; Driver: C:\Users\Adgoha\AppData\Local\Temp\fwliqpog.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                  8248FA09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                    824C91F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                  fltmgr.sys

---- Files - GMER 2.1 ----

File            C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui  44544 bytes executable
File            C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui   16896 bytes executable
File            C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui   54272 bytes executable

---- EOF - GMER 2.1 ----

Code:

ATTFilter

Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Adgoha on 07.05.2013 at 12:06:39,78.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

Deleted from C:\Users\Adgoha\AppData\Roaming\Mozilla\Firefox\Profiles\kchi31yz.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_5f13fd452c8041af8fcdb68cccf73e6a_18_38_20130218_DE_ff_sp_OC1");
user_pref("browser.search.selectedEngine", "Amazon");
user_pref("keyword.URL", "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p18_serp_ff_de_display?ie=UTF8&tag=bds-p18-serp-de-ff-21&tagbase=bds-p18&tbrId=v1_abb-channel-18_5f13fd452c8041af8fcdb68cccf73e6a_18_38_20130218_DE_ff_ab_OC1&query=");

Added to C:\Users\Adgoha\AppData\Roaming\Mozilla\Firefox\Profiles\kchi31yz.default\prefs.js:

==== Deleting Files \ Folders ======================

"C:\Users\Public\AlexaNSISPlugin.2744.dll" deleted
"C:\Users\Adgoha\AppData\Roaming\OpenCandy" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Adgoha\AppData\Roaming\Mozilla\Firefox\Profiles\kchi31yz.default
- DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
- Amazon Browser Apps - %ProfilePath%\extensions\abb@amazon.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Adgoha\AppData\Roaming\Mozilla\Firefox\Profiles\kchi31yz.default
ECD88CDFC178E6A84DB1346EABF9F03F	- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
E0FF893763BA82BAABB869A351F0C455	- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll -	Google Update
36A0F250C766D27BFE5A953C1A65B696	- C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll -	Silverlight Plug-In
8F24103AB984847AA2939F58F19CCC98	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U21
E971E06DDE68684CB3957C5D0E133CB0	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
4676A8E1EE37E71486717ECD1E61C17B	- C:\Windows\system32\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
62059985AF996F4FFE5451CB0D5924BF	- C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll -	Shockwave Flash
ECD88CDFC178E6A84DB1346EABF9F03F	- C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
64CE864482A941C006AC430640DE4DB3	- C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrlui.dll -	Microsoft® Silverlight


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1659139977-3496495749-1538144296-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_USERS\S-1-5-21-1659139977-3496495749-1538144296-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Adgoha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Adgoha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Adgoha\AppData\Local\Mozilla\Firefox\Profiles\kchi31yz.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Adgoha\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Adgoha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

HardStylerx3 · 07.05.2013, 12:36

Code:

ATTFilter

15:42:45.0776 1788  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:42:45.0776 1788  ============================================================
15:42:45.0776 1788  Current date / time: 2013/05/06 15:42:45.0776
15:42:45.0776 1788  SystemInfo:
15:42:45.0776 1788  
15:42:45.0776 1788  OS Version: 6.1.7601 ServicePack: 1.0
15:42:45.0776 1788  Product type: Workstation
15:42:45.0776 1788  ComputerName: ADGOHA-PC
15:42:45.0776 1788  UserName: Adgoha
15:42:45.0776 1788  Windows directory: C:\Windows
15:42:45.0776 1788  System windows directory: C:\Windows
15:42:45.0776 1788  Processor architecture: Intel x86
15:42:45.0776 1788  Number of processors: 2
15:42:45.0776 1788  Page size: 0x1000
15:42:45.0776 1788  Boot type: Safe boot with network
15:42:45.0776 1788  ============================================================
15:42:49.0613 1788  Drive \Device\Harddisk0\DR0 - Size: 0x3A38725E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:42:49.0676 1788  ============================================================
15:42:49.0676 1788  \Device\Harddisk0\DR0:
15:42:49.0676 1788  MBR partitions:
15:42:49.0676 1788  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:42:49.0676 1788  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6176000
15:42:49.0676 1788  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61A8800, BlocksNum 0x1701B130
15:42:49.0676 1788  ============================================================
15:42:49.0722 1788  C: <-> \Device\Harddisk0\DR0\Partition2
15:42:49.0738 1788  D: <-> \Device\Harddisk0\DR0\Partition3
15:42:49.0738 1788  ============================================================
15:42:49.0738 1788  Initialize success
15:42:49.0738 1788  ============================================================
15:43:24.0869 0304  ============================================================
15:43:24.0869 0304  Scan started
15:43:24.0869 0304  Mode: Manual; SigCheck; TDLFS; 
15:43:24.0869 0304  ============================================================
15:43:27.0443 0304  ================ Scan system memory ========================
15:43:27.0443 0304  System memory - ok
15:43:27.0443 0304  ================ Scan services =============================
15:43:27.0568 0304  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:43:27.0693 0304  1394ohci - ok
15:43:27.0724 0304  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:43:27.0740 0304  ACPI - ok
15:43:27.0771 0304  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:43:27.0802 0304  AcpiPmi - ok
15:43:27.0865 0304  [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:27.0880 0304  AdobeFlashPlayerUpdateSvc - ok
15:43:27.0911 0304  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:27.0927 0304  adp94xx - ok
15:43:27.0943 0304  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:43:27.0958 0304  adpahci - ok
15:43:27.0974 0304  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:43:27.0989 0304  adpu320 - ok
15:43:28.0021 0304  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:43:28.0067 0304  AeLookupSvc - ok
15:43:28.0099 0304  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:43:28.0145 0304  AFD - ok
15:43:28.0208 0304  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:43:28.0208 0304  agp440 - ok
15:43:28.0239 0304  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:43:28.0255 0304  aic78xx - ok
15:43:28.0286 0304  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:43:28.0317 0304  ALG - ok
15:43:28.0348 0304  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:43:28.0348 0304  aliide - ok
15:43:28.0379 0304  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:43:28.0442 0304  AMD External Events Utility - ok
15:43:28.0457 0304  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:43:28.0473 0304  amdagp - ok
15:43:28.0489 0304  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:43:28.0489 0304  amdide - ok
15:43:28.0520 0304  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:43:28.0551 0304  AmdK8 - ok
15:43:28.0691 0304  [ 04F09923A393E4E0E8453A8F78361E73 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:43:28.0863 0304  amdkmdag - ok
15:43:28.0894 0304  [ C541DA5B72FA638469E8DC1E66079330 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:43:28.0941 0304  amdkmdap - ok
15:43:28.0972 0304  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:43:29.0003 0304  AmdPPM - ok
15:43:29.0035 0304  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:43:29.0035 0304  amdsata - ok
15:43:29.0066 0304  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:29.0066 0304  amdsbs - ok
15:43:29.0081 0304  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:43:29.0097 0304  amdxata - ok
15:43:29.0175 0304  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:43:29.0175 0304  AntiVirSchedulerService - ok
15:43:29.0206 0304  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:43:29.0206 0304  AntiVirService - ok
15:43:29.0253 0304  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:43:29.0362 0304  AppID - ok
15:43:29.0378 0304  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:43:29.0393 0304  AppIDSvc - ok
15:43:29.0425 0304  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:43:29.0456 0304  Appinfo - ok
15:43:29.0487 0304  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:43:29.0518 0304  AppMgmt - ok
15:43:29.0534 0304  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:43:29.0549 0304  arc - ok
15:43:29.0565 0304  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:43:29.0581 0304  arcsas - ok
15:43:29.0596 0304  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:29.0690 0304  AsyncMac - ok
15:43:29.0705 0304  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:43:29.0705 0304  atapi - ok
15:43:29.0846 0304  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:43:29.0893 0304  atikmdag - ok
15:43:29.0924 0304  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
15:43:29.0939 0304  AtiPcie - ok
15:43:29.0986 0304  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:30.0017 0304  AudioEndpointBuilder - ok
15:43:30.0033 0304  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:43:30.0064 0304  Audiosrv - ok
15:43:30.0095 0304  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:43:30.0095 0304  avgntflt - ok
15:43:30.0111 0304  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:43:30.0111 0304  avipbb - ok
15:43:30.0173 0304  [ D1A9AE485FFF7C72CA50D8949B2210B9 ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
15:43:30.0189 0304  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
15:43:30.0189 0304  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
15:43:30.0205 0304  [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject        C:\Windows\system32\drivers\avmeject.sys
15:43:30.0220 0304  avmeject ( UnsignedFile.Multi.Generic ) - warning
15:43:30.0220 0304  avmeject - detected UnsignedFile.Multi.Generic (1)
15:43:30.0251 0304  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:43:30.0298 0304  AxInstSV - ok
15:43:30.0345 0304  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:43:30.0361 0304  b06bdrv - ok
15:43:30.0392 0304  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:43:30.0407 0304  b57nd60x - ok
15:43:30.0454 0304  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:43:30.0485 0304  BDESVC - ok
15:43:30.0501 0304  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:43:30.0548 0304  Beep - ok
15:43:30.0595 0304  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:43:30.0626 0304  BFE - ok
15:43:30.0673 0304  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
15:43:30.0719 0304  BITS - ok
15:43:30.0735 0304  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:30.0751 0304  blbdrive - ok
15:43:30.0766 0304  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:43:30.0813 0304  bowser - ok
15:43:30.0829 0304  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:30.0875 0304  BrFiltLo - ok
15:43:30.0875 0304  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:30.0907 0304  BrFiltUp - ok
15:43:30.0938 0304  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:43:30.0969 0304  BridgeMP - ok
15:43:31.0000 0304  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:43:31.0031 0304  Browser - ok
15:43:31.0063 0304  [ 08C7E41FF10F56E83B4F10B5E8B1E8B6 ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
15:43:31.0094 0304  BrSerIb - ok
15:43:31.0125 0304  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:43:31.0156 0304  Brserid - ok
15:43:31.0187 0304  [ 1A5FC78E41840EDF79D65EC16EFF2787 ] BrSerIf         C:\Windows\system32\Drivers\BrSerIf.sys
15:43:31.0234 0304  BrSerIf - ok
15:43:31.0234 0304  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:31.0265 0304  BrSerWdm - ok
15:43:31.0265 0304  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:31.0281 0304  BrUsbMdm - ok
15:43:31.0312 0304  [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer        C:\Windows\system32\Drivers\BrUsbSer.sys
15:43:31.0328 0304  BrUsbSer - ok
15:43:31.0359 0304  [ 2132A117160F2A96A13C044AE9BCED91 ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
15:43:31.0375 0304  BrUsbSIb - ok
15:43:31.0390 0304  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:31.0421 0304  BTHMODEM - ok
15:43:31.0453 0304  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:43:31.0609 0304  bthserv - ok
15:43:31.0687 0304  [ D94B86AD01A3CC323619D4FF512ED6FA ] catchme         C:\Users\Adgoha\AppData\Local\Temp\catchme.sys
15:43:31.0702 0304  catchme ( UnsignedFile.Multi.Generic ) - warning
15:43:31.0702 0304  catchme - detected UnsignedFile.Multi.Generic (1)
15:43:31.0733 0304  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:43:31.0765 0304  cdfs - ok
15:43:31.0827 0304  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:43:31.0843 0304  cdrom - ok
15:43:31.0874 0304  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:43:31.0905 0304  CertPropSvc - ok
15:43:31.0936 0304  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:43:31.0952 0304  circlass - ok
15:43:31.0967 0304  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:43:31.0983 0304  CLFS - ok
15:43:32.0030 0304  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:32.0045 0304  clr_optimization_v2.0.50727_32 - ok
15:43:32.0108 0304  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:32.0155 0304  clr_optimization_v4.0.30319_32 - ok
15:43:32.0170 0304  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:32.0186 0304  CmBatt - ok
15:43:32.0201 0304  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:43:32.0217 0304  cmdide - ok
15:43:32.0295 0304  [ 2F2B02C025538CDD2E2D7155B3150602 ] cmuda3          C:\Windows\system32\drivers\cmudax3.sys
15:43:32.0373 0304  cmuda3 ( UnsignedFile.Multi.Generic ) - warning
15:43:32.0373 0304  cmuda3 - detected UnsignedFile.Multi.Generic (1)
15:43:32.0404 0304  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:43:32.0435 0304  CNG - ok
15:43:32.0467 0304  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:43:32.0482 0304  Compbatt - ok
15:43:32.0498 0304  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:43:32.0513 0304  CompositeBus - ok
15:43:32.0529 0304  COMSysApp - ok
15:43:32.0545 0304  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:32.0545 0304  crcdisk - ok
15:43:32.0591 0304  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:43:32.0638 0304  CryptSvc - ok
15:43:32.0685 0304  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
15:43:32.0716 0304  CSC - ok
15:43:32.0732 0304  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
15:43:32.0763 0304  CscService - ok
15:43:32.0779 0304  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:43:32.0810 0304  DcomLaunch - ok
15:43:32.0825 0304  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:43:32.0872 0304  defragsvc - ok
15:43:32.0919 0304  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:43:32.0950 0304  DfsC - ok
15:43:32.0997 0304  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:43:33.0044 0304  Dhcp - ok
15:43:33.0091 0304  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:43:33.0122 0304  discache - ok
15:43:33.0153 0304  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:43:33.0169 0304  Disk - ok
15:43:33.0215 0304  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:43:33.0247 0304  Dnscache - ok
15:43:33.0262 0304  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:43:33.0293 0304  dot3svc - ok
15:43:33.0325 0304  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:43:33.0356 0304  DPS - ok
15:43:33.0387 0304  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:43:33.0403 0304  drmkaud - ok
15:43:33.0434 0304  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:43:33.0465 0304  DXGKrnl - ok
15:43:33.0481 0304  [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:43:33.0512 0304  E1G60 - ok
15:43:33.0527 0304  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:43:33.0559 0304  EapHost - ok
15:43:33.0637 0304  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:43:33.0761 0304  ebdrv - ok
15:43:33.0777 0304  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:43:33.0808 0304  EFS - ok
15:43:33.0855 0304  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:43:33.0917 0304  ehRecvr - ok
15:43:33.0933 0304  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
15:43:33.0964 0304  ehSched - ok
15:43:33.0995 0304  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:43:34.0011 0304  elxstor - ok
15:43:34.0027 0304  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:43:34.0042 0304  ErrDev - ok
15:43:34.0073 0304  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:43:34.0105 0304  EventSystem - ok
15:43:34.0136 0304  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:43:34.0167 0304  exfat - ok
15:43:34.0183 0304  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:43:34.0229 0304  fastfat - ok
15:43:34.0261 0304  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:43:34.0323 0304  Fax - ok
15:43:34.0339 0304  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:43:34.0354 0304  fdc - ok
15:43:34.0385 0304  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:43:34.0417 0304  fdPHost - ok
15:43:34.0417 0304  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:43:34.0448 0304  FDResPub - ok
15:43:34.0463 0304  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:43:34.0463 0304  FileInfo - ok
15:43:34.0479 0304  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:43:34.0510 0304  Filetrace - ok
15:43:34.0526 0304  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:34.0541 0304  flpydisk - ok
15:43:34.0573 0304  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:43:34.0588 0304  FltMgr - ok
15:43:34.0635 0304  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
15:43:34.0697 0304  FontCache - ok
15:43:34.0729 0304  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:43:34.0744 0304  FontCache3.0.0.0 - ok
15:43:34.0760 0304  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:43:34.0775 0304  FsDepends - ok
15:43:34.0807 0304  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:43:34.0807 0304  Fs_Rec - ok
15:43:34.0853 0304  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:43:34.0869 0304  fvevol - ok
15:43:34.0885 0304  [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
15:43:34.0931 0304  FWLANUSB - ok
15:43:34.0963 0304  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:34.0963 0304  gagp30kx - ok
15:43:35.0009 0304  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:43:35.0056 0304  gpsvc - ok
15:43:35.0150 0304  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:43:35.0150 0304  gupdate - ok
15:43:35.0181 0304  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:43:35.0197 0304  gupdatem - ok
15:43:35.0212 0304  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:43:35.0243 0304  hcw85cir - ok
15:43:35.0290 0304  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:35.0306 0304  HdAudAddService - ok
15:43:35.0337 0304  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:35.0368 0304  HDAudBus - ok
15:43:35.0384 0304  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:35.0415 0304  HidBatt - ok
15:43:35.0415 0304  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:43:35.0431 0304  HidBth - ok
15:43:35.0462 0304  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:43:35.0462 0304  HidIr - ok
15:43:35.0493 0304  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
15:43:35.0524 0304  hidserv - ok
15:43:35.0571 0304  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:43:35.0587 0304  HidUsb - ok
15:43:35.0618 0304  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:43:35.0649 0304  hkmsvc - ok
15:43:35.0680 0304  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:35.0711 0304  HomeGroupListener - ok
15:43:35.0727 0304  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:35.0758 0304  HomeGroupProvider - ok
15:43:35.0789 0304  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:43:35.0805 0304  HpSAMD - ok
15:43:35.0836 0304  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:43:35.0867 0304  HTTP - ok
15:43:35.0883 0304  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:43:35.0883 0304  hwpolicy - ok
15:43:35.0914 0304  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:35.0945 0304  i8042prt - ok
15:43:35.0977 0304  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:43:35.0992 0304  iaStorV - ok
15:43:36.0070 0304  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:43:36.0086 0304  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:43:36.0086 0304  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:43:36.0148 0304  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:43:36.0179 0304  idsvc - ok
15:43:36.0211 0304  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:43:36.0226 0304  iirsp - ok
15:43:36.0257 0304  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:43:36.0304 0304  IKEEXT - ok
15:43:36.0429 0304  [ 52EE480B541CA61025BC504B0348FAB8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:43:36.0538 0304  IntcAzAudAddService - ok
15:43:36.0569 0304  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:43:36.0569 0304  intelide - ok
15:43:36.0601 0304  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:43:36.0616 0304  intelppm - ok
15:43:36.0632 0304  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:43:36.0663 0304  IPBusEnum - ok
15:43:36.0679 0304  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:36.0710 0304  IpFilterDriver - ok
15:43:36.0741 0304  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
15:43:36.0788 0304  IpHlpSvc - ok
15:43:36.0803 0304  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:43:36.0819 0304  IPMIDRV - ok
15:43:36.0835 0304  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:43:36.0881 0304  IPNAT - ok
15:43:36.0897 0304  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:43:36.0928 0304  IRENUM - ok
15:43:36.0944 0304  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:43:36.0959 0304  isapnp - ok
15:43:36.0991 0304  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:43:36.0991 0304  iScsiPrt - ok
15:43:37.0006 0304  jsobystp - ok
15:43:37.0022 0304  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:37.0037 0304  kbdclass - ok
15:43:37.0053 0304  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:43:37.0069 0304  kbdhid - ok
15:43:37.0084 0304  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:43:37.0100 0304  KeyIso - ok
15:43:37.0131 0304  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:43:37.0131 0304  KSecDD - ok
15:43:37.0147 0304  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:43:37.0162 0304  KSecPkg - ok
15:43:37.0178 0304  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:43:37.0209 0304  KtmRm - ok
15:43:37.0240 0304  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:43:37.0271 0304  LanmanServer - ok
15:43:37.0287 0304  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:37.0318 0304  LanmanWorkstation - ok
15:43:37.0349 0304  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:43:37.0381 0304  lltdio - ok
15:43:37.0412 0304  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:43:37.0459 0304  lltdsvc - ok
15:43:37.0474 0304  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:43:37.0505 0304  lmhosts - ok
15:43:37.0521 0304  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:37.0521 0304  LSI_FC - ok
15:43:37.0552 0304  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:37.0552 0304  LSI_SAS - ok
15:43:37.0568 0304  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:37.0583 0304  LSI_SAS2 - ok
15:43:37.0583 0304  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:37.0599 0304  LSI_SCSI - ok
15:43:37.0615 0304  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:43:37.0646 0304  luafv - ok
15:43:37.0661 0304  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:43:37.0677 0304  Mcx2Svc - ok
15:43:37.0708 0304  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:43:37.0708 0304  megasas - ok
15:43:37.0739 0304  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:37.0755 0304  MegaSR - ok
15:43:37.0802 0304  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:43:37.0817 0304  Microsoft Office Groove Audit Service - ok
15:43:37.0833 0304  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:43:37.0880 0304  MMCSS - ok
15:43:37.0895 0304  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:43:37.0927 0304  Modem - ok
15:43:37.0958 0304  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:43:37.0973 0304  monitor - ok
15:43:38.0005 0304  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:43:38.0020 0304  mouclass - ok
15:43:38.0051 0304  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:43:38.0083 0304  mouhid - ok
15:43:38.0129 0304  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:43:38.0129 0304  mountmgr - ok
15:43:38.0176 0304  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:43:38.0192 0304  mpio - ok
15:43:38.0223 0304  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:43:38.0254 0304  mpsdrv - ok
15:43:38.0285 0304  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:43:38.0332 0304  MpsSvc - ok
15:43:38.0363 0304  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:43:38.0395 0304  MRxDAV - ok
15:43:38.0410 0304  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:38.0457 0304  mrxsmb - ok
15:43:38.0488 0304  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:38.0504 0304  mrxsmb10 - ok
15:43:38.0535 0304  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:38.0551 0304  mrxsmb20 - ok
15:43:38.0582 0304  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:43:38.0597 0304  msahci - ok
15:43:38.0629 0304  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:43:38.0629 0304  msdsm - ok
15:43:38.0660 0304  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:43:38.0675 0304  MSDTC - ok
15:43:38.0722 0304  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:43:38.0738 0304  Msfs - ok
15:43:38.0753 0304  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:43:38.0785 0304  mshidkmdf - ok
15:43:38.0816 0304  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:43:38.0816 0304  msisadrv - ok
15:43:38.0847 0304  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:43:38.0878 0304  MSiSCSI - ok
15:43:38.0894 0304  msiserver - ok
15:43:38.0925 0304  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:43:38.0956 0304  MSKSSRV - ok
15:43:38.0972 0304  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:39.0003 0304  MSPCLOCK - ok
15:43:39.0003 0304  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:43:39.0034 0304  MSPQM - ok
15:43:39.0050 0304  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:43:39.0065 0304  MsRPC - ok
15:43:39.0097 0304  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:43:39.0112 0304  mssmbios - ok
15:43:39.0143 0304  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:43:39.0159 0304  MSTEE - ok
15:43:39.0175 0304  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:39.0190 0304  MTConfig - ok
15:43:39.0206 0304  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:43:39.0221 0304  Mup - ok
15:43:39.0253 0304  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:43:39.0284 0304  napagent - ok
15:43:39.0315 0304  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:43:39.0331 0304  NativeWifiP - ok
15:43:39.0393 0304  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:43:39.0424 0304  NDIS - ok
15:43:39.0440 0304  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:39.0471 0304  NdisCap - ok
15:43:39.0487 0304  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:39.0518 0304  NdisTapi - ok
15:43:39.0549 0304  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:39.0565 0304  Ndisuio - ok
15:43:39.0596 0304  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:39.0627 0304  NdisWan - ok
15:43:39.0643 0304  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:43:39.0658 0304  NDProxy - ok
15:43:39.0689 0304  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:43:39.0721 0304  NetBIOS - ok
15:43:39.0767 0304  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:43:39.0799 0304  NetBT - ok
15:43:39.0799 0304  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:43:39.0814 0304  Netlogon - ok
15:43:39.0845 0304  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:43:39.0892 0304  Netman - ok
15:43:39.0908 0304  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:43:39.0955 0304  netprofm - ok
15:43:39.0970 0304  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:39.0986 0304  NetTcpPortSharing - ok
15:43:40.0017 0304  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:40.0017 0304  nfrd960 - ok
15:43:40.0048 0304  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:43:40.0064 0304  NlaSvc - ok
15:43:40.0064 0304  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:43:40.0095 0304  Npfs - ok
15:43:40.0126 0304  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:43:40.0157 0304  nsi - ok
15:43:40.0173 0304  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:43:40.0204 0304  nsiproxy - ok
15:43:40.0251 0304  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:43:40.0298 0304  Ntfs - ok
15:43:40.0313 0304  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:43:40.0345 0304  Null - ok
15:43:40.0360 0304  nvlddmkm - ok
15:43:40.0391 0304  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:43:40.0407 0304  nvraid - ok
15:43:40.0423 0304  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:43:40.0438 0304  nvstor - ok
15:43:40.0454 0304  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:43:40.0469 0304  nv_agp - ok
15:43:40.0532 0304  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:43:40.0547 0304  odserv - ok
15:43:40.0563 0304  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:43:40.0579 0304  ohci1394 - ok
15:43:40.0594 0304  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:40.0610 0304  ose - ok
15:43:40.0641 0304  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:43:40.0672 0304  p2pimsvc - ok
15:43:40.0703 0304  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:43:40.0719 0304  p2psvc - ok
15:43:40.0750 0304  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:43:40.0766 0304  Parport - ok
15:43:40.0797 0304  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:43:40.0797 0304  partmgr - ok
15:43:40.0813 0304  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:43:40.0828 0304  Parvdm - ok
15:43:40.0859 0304  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:43:40.0875 0304  PcaSvc - ok
15:43:40.0906 0304  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:43:40.0922 0304  pci - ok
15:43:40.0937 0304  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:43:40.0953 0304  pciide - ok
15:43:40.0984 0304  [ 86F4ACF0EAB9B275D1D71E3A6540D2F5 ] PciPPorts       C:\Windows\system32\DRIVERS\PciPPorts.sys
15:43:41.0000 0304  PciPPorts - ok
15:43:41.0015 0304  [ F1CD23597C138F9D5D87CEBD7CF59771 ] PciSPorts       C:\Windows\system32\DRIVERS\PciSPorts.sys
15:43:41.0031 0304  PciSPorts - ok
15:43:41.0047 0304  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:41.0062 0304  pcmcia - ok
15:43:41.0078 0304  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:43:41.0093 0304  pcw - ok
15:43:41.0109 0304  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:43:41.0140 0304  PEAUTH - ok
15:43:41.0171 0304  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:43:41.0234 0304  PeerDistSvc - ok
15:43:41.0296 0304  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:43:41.0359 0304  pla - ok
15:43:41.0405 0304  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:43:41.0437 0304  PlugPlay - ok
15:43:41.0452 0304  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:43:41.0483 0304  PNRPAutoReg - ok
15:43:41.0499 0304  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:43:41.0499 0304  PNRPsvc - ok
15:43:41.0530 0304  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:43:41.0577 0304  PolicyAgent - ok
15:43:41.0608 0304  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:43:41.0624 0304  Power - ok
15:43:41.0671 0304  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:43:41.0702 0304  PptpMiniport - ok
15:43:41.0717 0304  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:43:41.0733 0304  Processor - ok
15:43:41.0764 0304  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:43:41.0795 0304  ProfSvc - ok
15:43:41.0811 0304  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:41.0811 0304  ProtectedStorage - ok
15:43:41.0842 0304  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:43:41.0858 0304  Psched - ok
15:43:41.0905 0304  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:43:41.0967 0304  ql2300 - ok
15:43:41.0983 0304  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:42.0014 0304  ql40xx - ok
15:43:42.0045 0304  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:43:42.0076 0304  QWAVE - ok
15:43:42.0123 0304  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:43:42.0123 0304  QWAVEdrv - ok
15:43:42.0154 0304  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:43:42.0201 0304  RasAcd - ok
15:43:42.0217 0304  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:42.0248 0304  RasAgileVpn - ok
15:43:42.0279 0304  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:43:42.0310 0304  RasAuto - ok
15:43:42.0310 0304  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:42.0341 0304  Rasl2tp - ok
15:43:42.0373 0304  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:43:42.0419 0304  RasMan - ok
15:43:42.0435 0304  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:42.0451 0304  RasPppoe - ok
15:43:42.0482 0304  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:43:42.0513 0304  RasSstp - ok
15:43:42.0544 0304  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:43:42.0575 0304  rdbss - ok
15:43:42.0591 0304  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:42.0607 0304  rdpbus - ok
15:43:42.0638 0304  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:42.0669 0304  RDPCDD - ok
15:43:42.0700 0304  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:43:42.0716 0304  RDPDR - ok
15:43:42.0731 0304  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:43:42.0778 0304  RDPENCDD - ok
15:43:42.0794 0304  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:43:42.0809 0304  RDPREFMP - ok
15:43:42.0872 0304  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:43:42.0903 0304  RdpVideoMiniport - ok
15:43:42.0934 0304  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:43:42.0965 0304  RDPWD - ok
15:43:42.0997 0304  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:43:43.0012 0304  rdyboost - ok
15:43:43.0043 0304  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:43:43.0075 0304  RemoteAccess - ok
15:43:43.0106 0304  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:43:43.0137 0304  RemoteRegistry - ok
15:43:43.0168 0304  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:43:43.0215 0304  RpcEptMapper - ok
15:43:43.0246 0304  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:43:43.0262 0304  RpcLocator - ok
15:43:43.0293 0304  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:43:43.0309 0304  RpcSs - ok
15:43:43.0340 0304  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:43:43.0371 0304  rspndr - ok
15:43:43.0418 0304  [ 4E20765744BFBC16F6D6E5BD5598786B ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
15:43:43.0433 0304  RTL8023xp - ok
15:43:43.0465 0304  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
15:43:43.0480 0304  RTL8167 - ok
15:43:43.0527 0304  [ 08E0B15F88CBFFEE0BB18D321C42E1B4 ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
15:43:43.0558 0304  RTL8192cu - ok
15:43:43.0574 0304  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:43:43.0605 0304  s3cap - ok
15:43:43.0621 0304  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:43:43.0636 0304  SamSs - ok
15:43:43.0652 0304  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:43:43.0667 0304  sbp2port - ok
15:43:43.0683 0304  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:43:43.0714 0304  SCardSvr - ok
15:43:43.0730 0304  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:43:43.0761 0304  scfilter - ok
15:43:43.0792 0304  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:43:43.0839 0304  Schedule - ok
15:43:43.0855 0304  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:43:43.0886 0304  SCPolicySvc - ok
15:43:43.0901 0304  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:43:43.0933 0304  SDRSVC - ok
15:43:43.0964 0304  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:43:43.0995 0304  secdrv - ok
15:43:44.0026 0304  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:43:44.0057 0304  seclogon - ok
15:43:44.0073 0304  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:43:44.0104 0304  SENS - ok
15:43:44.0120 0304  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:43:44.0151 0304  SensrSvc - ok
15:43:44.0167 0304  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:43:44.0182 0304  Serenum - ok
15:43:44.0198 0304  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:43:44.0229 0304  Serial - ok
15:43:44.0245 0304  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:43:44.0260 0304  sermouse - ok
15:43:44.0291 0304  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:43:44.0338 0304  SessionEnv - ok
15:43:44.0354 0304  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:43:44.0369 0304  sffdisk - ok
15:43:44.0385 0304  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:43:44.0401 0304  sffp_mmc - ok
15:43:44.0416 0304  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:43:44.0432 0304  sffp_sd - ok
15:43:44.0463 0304  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:44.0463 0304  sfloppy - ok
15:43:44.0494 0304  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:43:44.0525 0304  SharedAccess - ok
15:43:44.0541 0304  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:44.0572 0304  ShellHWDetection - ok
15:43:44.0619 0304  [ 74B370FD8B9C60B083A3460A64353F3B ] SiS6350         C:\Windows\system32\DRIVERS\SISGRKMD.sys
15:43:44.0635 0304  SiS6350 - ok
15:43:44.0666 0304  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:43:44.0681 0304  sisagp - ok
15:43:44.0697 0304  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:44.0713 0304  SiSRaid2 - ok
15:43:44.0728 0304  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:44.0744 0304  SiSRaid4 - ok
15:43:44.0759 0304  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:43:44.0791 0304  Smb - ok
15:43:44.0822 0304  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:43:44.0837 0304  SNMPTRAP - ok
15:43:45.0056 0304  [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
15:43:45.0337 0304  SNPSTD3 - ok
15:43:45.0352 0304  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:43:45.0352 0304  spldr - ok
15:43:45.0383 0304  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:43:45.0415 0304  Spooler - ok
15:43:45.0508 0304  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:43:45.0602 0304  sppsvc - ok
15:43:45.0633 0304  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:43:45.0664 0304  sppuinotify - ok
15:43:45.0695 0304  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:43:45.0727 0304  srv - ok
15:43:45.0742 0304  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:43:45.0758 0304  srv2 - ok
15:43:45.0773 0304  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:43:45.0789 0304  srvnet - ok
15:43:45.0820 0304  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:43:45.0851 0304  SSDPSRV - ok
15:43:45.0883 0304  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:43:45.0883 0304  ssmdrv - ok
15:43:45.0898 0304  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:43:45.0929 0304  SstpSvc - ok
15:43:45.0945 0304  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:43:45.0961 0304  stexstor - ok
15:43:45.0992 0304  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:43:46.0039 0304  StiSvc - ok
15:43:46.0054 0304  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:43:46.0070 0304  storflt - ok
15:43:46.0085 0304  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:43:46.0101 0304  storvsc - ok
15:43:46.0117 0304  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:43:46.0117 0304  swenum - ok
15:43:46.0148 0304  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:43:46.0179 0304  swprv - ok
15:43:46.0210 0304  Synth3dVsc - ok
15:43:46.0273 0304  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:43:46.0304 0304  SysMain - ok
15:43:46.0335 0304  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:43:46.0366 0304  TabletInputService - ok
15:43:46.0397 0304  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:43:46.0413 0304  TapiSrv - ok
15:43:46.0444 0304  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:43:46.0475 0304  TBS - ok
15:43:46.0522 0304  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:43:46.0569 0304  Tcpip - ok
15:43:46.0616 0304  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:43:46.0647 0304  TCPIP6 - ok
15:43:46.0678 0304  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:43:46.0709 0304  tcpipreg - ok
15:43:46.0725 0304  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:43:46.0756 0304  TDPIPE - ok
15:43:46.0772 0304  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:43:46.0787 0304  TDTCP - ok
15:43:46.0819 0304  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:43:46.0850 0304  tdx - ok
15:43:46.0881 0304  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:43:46.0897 0304  TermDD - ok
15:43:46.0928 0304  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:43:46.0959 0304  TermService - ok
15:43:46.0975 0304  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:43:46.0990 0304  Themes - ok
15:43:47.0006 0304  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:43:47.0021 0304  THREADORDER - ok
15:43:47.0037 0304  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:43:47.0084 0304  TrkWks - ok
15:43:47.0131 0304  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:43:47.0162 0304  TrustedInstaller - ok
15:43:47.0193 0304  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:47.0224 0304  tssecsrv - ok
15:43:47.0255 0304  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:43:47.0287 0304  TsUsbFlt - ok
15:43:47.0302 0304  tsusbhub - ok
15:43:47.0333 0304  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:43:47.0365 0304  tunnel - ok
15:43:47.0380 0304  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:43:47.0396 0304  uagp35 - ok
15:43:47.0411 0304  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:43:47.0443 0304  udfs - ok
15:43:47.0474 0304  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:43:47.0505 0304  UI0Detect - ok
15:43:47.0521 0304  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:43:47.0536 0304  uliagpkx - ok
15:43:47.0567 0304  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
15:43:47.0583 0304  umbus - ok
15:43:47.0599 0304  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:43:47.0599 0304  UmPass - ok
15:43:47.0645 0304  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:43:47.0661 0304  UmRdpService - ok
15:43:47.0692 0304  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:43:47.0723 0304  upnphost - ok
15:43:47.0739 0304  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:47.0786 0304  usbccgp - ok
15:43:47.0801 0304  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:43:47.0833 0304  usbcir - ok
15:43:47.0848 0304  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:43:47.0864 0304  usbehci - ok
15:43:47.0895 0304  [ 0150B06D3E73F6C27AFCB963FD931820 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
15:43:47.0911 0304  usbfilter - ok
15:43:47.0942 0304  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:43:47.0973 0304  usbhub - ok
15:43:47.0989 0304  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:43:48.0004 0304  usbohci - ok
15:43:48.0035 0304  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:43:48.0051 0304  usbprint - ok
15:43:48.0067 0304  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:43:48.0098 0304  usbscan - ok
15:43:48.0113 0304  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:48.0129 0304  USBSTOR - ok
15:43:48.0145 0304  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:43:48.0160 0304  usbuhci - ok
15:43:48.0207 0304  [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
15:43:48.0238 0304  usb_rndisx - ok
15:43:48.0269 0304  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:43:48.0316 0304  UxSms - ok
15:43:48.0332 0304  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:43:48.0347 0304  VaultSvc - ok
15:43:48.0379 0304  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:43:48.0394 0304  vdrvroot - ok
15:43:48.0441 0304  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:43:48.0488 0304  vds - ok
15:43:48.0519 0304  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:48.0535 0304  vga - ok
15:43:48.0566 0304  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:43:48.0597 0304  VgaSave - ok
15:43:48.0628 0304  VGPU - ok
15:43:48.0675 0304  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:43:48.0691 0304  vhdmp - ok
15:43:48.0737 0304  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:43:48.0753 0304  viaagp - ok
15:43:48.0784 0304  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:43:48.0800 0304  ViaC7 - ok
15:43:48.0815 0304  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:43:48.0815 0304  viaide - ok
15:43:48.0831 0304  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:43:48.0847 0304  vmbus - ok
15:43:48.0862 0304  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:43:48.0878 0304  VMBusHID - ok
15:43:48.0893 0304  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:43:48.0909 0304  volmgr - ok
15:43:48.0925 0304  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:43:48.0940 0304  volmgrx - ok
15:43:48.0971 0304  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:43:48.0987 0304  volsnap - ok
15:43:49.0018 0304  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:43:49.0018 0304  vsmraid - ok
15:43:49.0065 0304  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:43:49.0127 0304  VSS - ok
15:43:49.0127 0304  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:43:49.0143 0304  vwifibus - ok
15:43:49.0174 0304  [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:43:49.0205 0304  VWiFiFlt - ok
15:43:49.0237 0304  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:43:49.0252 0304  vwifimp - ok
15:43:49.0315 0304  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:43:49.0377 0304  W32Time - ok
15:43:49.0393 0304  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:43:49.0424 0304  WacomPen - ok
15:43:49.0439 0304  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:43:49.0486 0304  WANARP - ok
15:43:49.0486 0304  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:43:49.0502 0304  Wanarpv6 - ok
15:43:49.0611 0304  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:43:49.0720 0304  wbengine - ok
15:43:49.0751 0304  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:43:49.0783 0304  WbioSrvc - ok
15:43:49.0845 0304  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:43:49.0892 0304  wcncsvc - ok
15:43:49.0923 0304  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:43:49.0985 0304  WcsPlugInService - ok
15:43:50.0001 0304  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:43:50.0017 0304  Wd - ok
15:43:50.0110 0304  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:43:50.0141 0304  Wdf01000 - ok
15:43:50.0173 0304  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:43:50.0219 0304  WdiServiceHost - ok
15:43:50.0235 0304  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:43:50.0251 0304  WdiSystemHost - ok
15:43:50.0266 0304  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:43:50.0297 0304  WebClient - ok
15:43:50.0329 0304  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:43:50.0360 0304  Wecsvc - ok
15:43:50.0375 0304  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:43:50.0391 0304  wercplsupport - ok
15:43:50.0422 0304  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:43:50.0453 0304  WerSvc - ok
15:43:50.0485 0304  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:50.0500 0304  WfpLwf - ok
15:43:50.0516 0304  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:43:50.0531 0304  WIMMount - ok
15:43:50.0547 0304  WinDefend - ok
15:43:50.0563 0304  WinHttpAutoProxySvc - ok
15:43:50.0609 0304  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:43:50.0641 0304  Winmgmt - ok
15:43:50.0703 0304  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:43:50.0765 0304  WinRM - ok
15:43:50.0812 0304  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:43:50.0828 0304  WinUsb - ok
15:43:50.0875 0304  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:43:50.0906 0304  Wlansvc - ok
15:43:50.0953 0304  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:43:50.0968 0304  WmiAcpi - ok
15:43:50.0999 0304  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:43:51.0015 0304  wmiApSrv - ok
15:43:51.0077 0304  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:43:51.0124 0304  WMPNetworkSvc - ok
15:43:51.0155 0304  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:43:51.0171 0304  WPCSvc - ok
15:43:51.0202 0304  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:43:51.0233 0304  WPDBusEnum - ok
15:43:51.0249 0304  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:43:51.0296 0304  ws2ifsl - ok
15:43:51.0311 0304  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
15:43:51.0327 0304  wscsvc - ok
15:43:51.0327 0304  WSearch - ok
15:43:51.0405 0304  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:43:51.0483 0304  wuauserv - ok
15:43:51.0499 0304  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:43:51.0514 0304  WudfPf - ok
15:43:51.0545 0304  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:51.0561 0304  WUDFRd - ok
15:43:51.0577 0304  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:43:51.0592 0304  wudfsvc - ok
15:43:51.0623 0304  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:43:51.0655 0304  WwanSvc - ok
15:43:51.0701 0304  ================ Scan global ===============================
15:43:51.0733 0304  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:43:51.0764 0304  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:43:51.0764 0304  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:43:51.0795 0304  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:43:51.0811 0304  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:43:51.0811 0304  [Global] - ok
15:43:51.0811 0304  ================ Scan MBR ==================================
15:43:51.0826 0304  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:43:51.0951 0304  \Device\Harddisk0\DR0 - ok
15:43:51.0951 0304  ================ Scan VBR ==================================
15:43:51.0951 0304  [ 1C89A1810D62FFB9B8C62968A96DFEAB ] \Device\Harddisk0\DR0\Partition1
15:43:51.0951 0304  \Device\Harddisk0\DR0\Partition1 - ok
15:43:51.0982 0304  [ A25496D312A0796FD078AE59D6FC70E4 ] \Device\Harddisk0\DR0\Partition2
15:43:51.0982 0304  \Device\Harddisk0\DR0\Partition2 - ok
15:43:51.0998 0304  [ 6DD90A36C576EF913B10393A1B051A95 ] \Device\Harddisk0\DR0\Partition3
15:43:51.0998 0304  \Device\Harddisk0\DR0\Partition3 - ok
15:43:51.0998 0304  ============================================================
15:43:51.0998 0304  Scan finished
15:43:51.0998 0304  ============================================================
15:43:52.0013 0544  Detected object count: 5
15:43:52.0013 0544  Actual detected object count: 5
15:43:53.0948 0544  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:43:53.0948 0544  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:43:53.0948 0544  avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
15:43:53.0948 0544  avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:43:53.0948 0544  catchme ( UnsignedFile.Multi.Generic ) - skipped by user
15:43:53.0948 0544  catchme ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:43:53.0948 0544  cmuda3 ( UnsignedFile.Multi.Generic ) - skipped by user
15:43:53.0948 0544  cmuda3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:43:53.0948 0544  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:43:53.0948 0544  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:43:55.0570 1780  Deinitialize success

aharonov · 08.05.2013, 11:51

Hi,

Zitat:

noch ne frage warum hat eig kein programm diesen rootkit gefunden also mbar,aswmbr,tdsskiller

Die Logs, die ich hier sehe, wurden ja alle nach dem RogueKiller erstellt...

Darf ich noch nachfragen: Du bist schon zum zweiten Mal in kurzer Zeit hier mit einem Rechner, an welchem bereits diese Spezialtools eingesetzt wurden. Was ist hier der Hintergrund..?

Versuch nochmals, ob Combofix durchläuft. Und falls nicht, dann sag mir, wo es sich aufhängt.
Altes Combofix löschen und neues herunterladen.

Schritt 1

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste in deiner nächsten Antwort:

Log von Combofix

HardStylerx3 · 08.05.2013, 14:57

ich habe den rechner inzwischen neu aufgesetzt da mir viel zu viel verquer war mit dem rechner was auch schon vorher war und da hab ich mir gedacht schlag ich 2 fliegen mit einer klappe aber trotzdem danke für deine hilfe

mfg HardStylerx3

ich wünsche dir noch nen schönen tag und morgen einen schönen entspannten feiertag

der hintergrund ist das ich zu euch komme wenn mir was sehr komisch vorkommt was mein wissen übersteigt oder wobei ich mir sehr unsicher bin

aharonov · 08.05.2013, 14:59

Das ist sicher eine gute Entscheidung, danke für die Mitteilung.
Dir ebenfalls einen schönen Feiertag.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Root.Necurs

Log-Analyse und Auswertung: Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Root.Necurs

Ähnliche Themen: Root.Necurs