Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   My Security Shield inaktiv? (https://www.trojaner-board.de/119340-my-security-shield-inaktiv.html)

jesseblue 12.07.2012 23:55
My Security Shield inaktiv?
 
Hallo,

habe vor zwei Wochen den Rechner meiner Mutter konfisziert, als ich bemerkt habe, dass sie sich den My Security Shield Trojaner eingefangen hat. Habe mich jetzt vorgestern daransetzen wollen und musste aber feststellen, dass jetzt keine Spur mehr von dem Trojaner aufzufinden ist. D.h. kein Lebenszeichen seit etwa 10 Neustarts. Windows läuft unauffällig und ich kann nichts annormales an dem System feststellen (keine leeren Ordner oder sonstiges). Glaube aber nicht wirklich daran, dass er sich in Luft aufgelöst hat und bräuchte deshalb Hilfe um sicherzustellen, dass meine Mutter den Rechner wieder nutzen kann.

Habe mich schon durch diverse Beiträge durchgelesen und habe schon mal ein paar der dort vorgeschlagenen Scans durchgeführt.


Zunächst drei Quick-Scans mit Malwarebytes
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zahra :: ZARI [Administrator]

09.07.2012 16:53:12
mbam-log-2012-07-09 (16-53-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223420
Laufzeit: 6 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zahra :: ZARI [Administrator]

09.07.2012 17:35:34
mbam-log-2012-07-09 (17-35-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 36274
Laufzeit: 2 Minute(n), 14 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zahra :: ZARI [Administrator]

09.07.2012 17:38:21
mbam-log-2012-07-09 (17-38-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222438
Laufzeit: 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Sowie ein vollständiger Suchlauf mit Malwarebytes
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zahra :: ZARI [Administrator]

11.07.2012 22:05:35
mbam-log-2012-07-11 (22-05-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 325389
Laufzeit: 53 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET-Online Scan
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3cc7c553c4bb6f4fbd47990f17ae6717
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-11 10:10:26
# local_time=2012-07-12 12:10:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 5621 78578906 0 0
# compatibility_mode=5893 16776574 66 85 23076944 93671935 0 0
# compatibility_mode=8192 67108863 100 0 160 160 0 0
# scanned=115363
# found=0
# cleaned=0
# scan_time=2541

Custom Scan mit OTL
Code:
OTL logfile created on: 12.07.2012 00:27:52 - Run 2
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Zahra\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 44,10% Memory free
3,71 Gb Paging File | 2,32 Gb Available in Paging File | 62,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 202,09 Gb Free Space | 67,82% Space Free | Partition Type: NTFS
 
Computer Name: ZARI | User Name: Zahra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.09 17:04:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTL.exe
PRC - [2011.06.29 11:25:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 00:05:32 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.23 15:33:51 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.08.17 15:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.06.09 10:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010.05.03 15:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.05.03 15:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.23 11:11:54 | 001,160,320 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
PRC - [2009.07.31 11:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.06.19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007.11.30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.10 08:27:37 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.10 08:27:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.10 08:27:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.10 08:26:54 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2010.08.31 03:38:48 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2010.08.31 03:34:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2010.08.31 03:33:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2010.08.31 03:33:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2010.08.31 03:33:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2010.08.31 03:33:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2010.08.31 03:32:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.02.23 16:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010.02.23 16:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010.02.23 16:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010.02.23 16:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010.02.23 16:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009.09.17 14:41:42 | 000,267,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll
MOD - [2009.09.15 17:45:58 | 000,228,864 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll
MOD - [2009.09.15 11:47:10 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll
MOD - [2009.09.11 17:40:20 | 000,084,992 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll
MOD - [2009.07.14 19:58:23 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.07.08 12:24:16 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll
MOD - [2009.07.03 14:40:34 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll
MOD - [2009.07.03 14:21:16 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll
MOD - [2009.07.03 14:13:56 | 000,297,984 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll
MOD - [2009.07.03 14:13:16 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll
MOD - [2009.07.03 14:12:32 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll
MOD - [2009.07.03 14:12:24 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll
MOD - [2009.07.03 14:12:14 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll
MOD - [2009.07.01 17:46:24 | 000,461,824 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll
MOD - [2007.11.30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.22 12:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 20:44:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.29 11:25:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 00:05:32 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009.12.15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.29 11:25:26 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 11:25:26 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.12.23 21:28:29 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.30 18:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.07.21 07:33:50 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.02 10:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.02.26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.25 05:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
DRV:64bit: - [2010.02.03 00:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.18 11:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.20 04:41:38 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.08.18 10:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.08.06 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.18 13:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2005.03.02 15:26:12 | 000,033,280 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2007.08.03 06:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C C2 34 8D 4A 04 CC 01  [binary data]
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No CLSID value found
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 5596999763966672
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 20:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 10:19:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.08 17:32:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 20:44:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 10:19:02 | 000,000,000 | ---D | M]
 
[2010.12.23 16:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zahra\AppData\Roaming\mozilla\Extensions
[2010.12.23 16:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zahra\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 11:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zahra\AppData\Roaming\mozilla\Firefox\Profiles\aphdyu1t.default\extensions
[2011.05.08 16:53:04 | 000,000,935 | ---- | M] () -- C:\Users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\aphdyu1t.default\searchplugins\conduit.xml
[2011.04.09 01:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.17 20:44:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.06 15:05:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.06 15:05:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.06 15:05:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.06 15:05:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.06 15:05:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.06 15:05:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.09 17:34:50 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\Toolbar\WebBrowser: (no name) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-633045147-4172091190-1306057544-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Zahra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk = C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{607C9648-2309-4237-AB6B-F6D42FFE67D8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0B25042-0B6B-4492-BE1F-04C382FF1296}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8c23f9b0-0ecc-11e0-8d0a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8c23f9b0-0ecc-11e0-8d0a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe - (Acresso Software Inc.)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: ETDWare - hkey= - key= - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
MsConfig:64bit - StartUpReg: SmartAudio - hkey= - key= - C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
MsConfig:64bit - StartUpReg: Wireless Console 3 - hkey= - key= - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.11 23:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.11 23:24:49 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Zahra\Desktop\esetsmartinstaller_enu.exe
[2012.07.11 21:44:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.07.09 17:34:29 | 000,000,000 | ---D | C] -- C:\Users\Zahra\Desktop\HostsXpert
[2012.07.09 17:33:16 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTH.scr
[2012.07.09 17:04:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTL.exe
[2012.07.09 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Zahra\AppData\Roaming\Malwarebytes
[2012.07.09 16:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.09 16:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.09 16:51:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.09 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.09 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\Zahra\Desktop\My Securit Shield entfernen
[2008.08.11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.12 00:28:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.11 23:24:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Zahra\Desktop\esetsmartinstaller_enu.exe
[2012.07.11 22:28:26 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.11 21:53:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 21:53:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 21:45:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.11 21:45:14 | 1494,663,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.09 17:33:16 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTH.scr
[2012.07.09 17:05:36 | 000,000,188 | ---- | M] () -- C:\Users\Zahra\defogger_reenable
[2012.07.09 17:04:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTL.exe
[2012.07.09 17:01:48 | 000,050,477 | ---- | M] () -- C:\Users\Zahra\Desktop\Defogger.exe
[2012.07.09 16:51:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.09 16:47:01 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.09 16:47:01 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.09 16:47:01 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.09 16:47:01 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.09 16:47:01 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.24 01:20:29 | 099,308,192 | ---- | M] () -- C:\Users\Zahra\Desktop\avira_free_antivirus_de.exe
[2012.06.14 23:21:18 | 000,231,518 | ---- | M] () -- C:\Users\Zahra\Desktop\26042012533.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 17:05:36 | 000,000,188 | ---- | C] () -- C:\Users\Zahra\defogger_reenable
[2012.07.09 17:01:46 | 000,050,477 | ---- | C] () -- C:\Users\Zahra\Desktop\Defogger.exe
[2012.07.09 16:51:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.24 01:19:34 | 099,308,192 | ---- | C] () -- C:\Users\Zahra\Desktop\avira_free_antivirus_de.exe
[2012.06.14 23:21:33 | 000,231,518 | ---- | C] () -- C:\Users\Zahra\Desktop\26042012533.jpg
[2012.05.08 22:45:23 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI
[2012.03.02 02:16:43 | 000,004,096 | -H-- | C] () -- C:\Users\Zahra\AppData\Local\keyfile3.drm
[2011.11.02 03:24:55 | 000,008,192 | ---- | C] () -- C:\Users\Zahra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.24 23:57:01 | 006,838,784 | ---- | C] () -- C:\Users\Zahra\Beautiful_pictures10-Consul_1.pps
[2011.07.07 17:52:39 | 000,000,000 | ---- | C] () -- C:\Users\Zahra\AppData\Local\{4412A8D9-DFB6-4BCC-A940-29EFB91F6F0C}
[2011.06.24 20:41:40 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011.05.22 11:31:23 | 000,746,665 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.22 11:31:23 | 000,441,344 | ---- | C] ( ) -- C:\Windows\SysWow64\SetACLx64.exe
[2011.05.22 11:31:23 | 000,303,616 | ---- | C] ( ) -- C:\Windows\SysWow64\SetACLx86.exe
[2011.05.22 11:31:23 | 000,269,824 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.05.22 11:31:23 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.05.22 11:31:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.05.22 11:31:23 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.05.22 11:31:23 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
[2011.05.22 11:31:22 | 003,830,577 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.05.22 11:31:22 | 001,523,712 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.05.22 11:31:22 | 000,914,034 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2011.05.22 11:31:22 | 000,331,241 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2011.05.22 11:31:22 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.05.22 11:31:22 | 000,210,432 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.05.22 11:31:22 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.05.22 11:31:22 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.02.11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.01.10 00:02:11 | 002,967,552 | ---- | C] () -- C:\Users\Zahra\behtarin khodahafezi.pps
[2010.12.23 21:36:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.23 15:23:46 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.08.25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009.04.08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2010.12.23 16:25:18 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Canneverbe Limited
[2010.12.23 21:32:57 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\DAEMON Tools Lite
[2011.06.24 20:43:20 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\EventGhost
[2011.04.08 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\ooVoo Details
[2010.12.23 16:40:27 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Thunderbird
[2012.06.13 09:49:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.23 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Adobe
[2010.12.23 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Avira
[2010.12.23 16:25:18 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Canneverbe Limited
[2010.12.23 21:32:57 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\DAEMON Tools Lite
[2012.02.13 01:47:16 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\dvdcss
[2011.06.24 20:43:20 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\EventGhost
[2010.12.23 15:09:06 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Identities
[2010.12.23 15:15:22 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\InstallShield
[2010.12.23 15:36:51 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Macromedia
[2012.07.09 16:52:24 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Media Center Programs
[2012.03.02 02:24:24 | 000,000,000 | --SD | M] -- C:\Users\Zahra\AppData\Roaming\Microsoft
[2010.12.23 15:48:09 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Mozilla
[2011.04.08 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\ooVoo Details
[2012.07.12 00:16:52 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Skype
[2010.12.23 16:40:27 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Thunderbird
[2012.02.13 01:47:20 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\vlc
[2010.12.23 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Winamp
[2010.12.23 21:53:46 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.08.06 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.08.06 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX3\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX4\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX5\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX6\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX7\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX8\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX4\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX5\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX6\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX7\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
========== Files - Unicode (All) ==========
[2011.01.10 23:12:45 | 000,028,672 | ---- | M] ()(C:\Users\Zahra\????? ?? ??..doc) -- C:\Users\Zahra\????? ?? ??..doc
[2011.01.10 23:12:45 | 000,028,672 | ---- | C] ()(C:\Users\Zahra\????? ?? ??..doc) -- C:\Users\Zahra\????? ?? ??..doc

< End of report >

AdwCleaner Scan
Code:
# AdwCleaner v1.701 - Logfile created 07/12/2012 at 00:41:04
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Zahra - ZARI
# Running from : C:\Users\Zahra\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Zahra\AppData\Local\Conduit
Folder Found : C:\Users\Zahra\AppData\LocalLow\Conduit
Folder Found : C:\Users\Zahra\AppData\LocalLow\PriceGong
File Found : C:\Users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\aphdyu1t.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1572363
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\aphdyu1t.default\prefs.js

Found : user_pref("browser.search.defaultthis.engineName", "ooVoo Video Chat Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&Sea[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=2&q=[...]

*************************

AdwCleaner[R1].txt - [2514 octets] - [12/07/2012 00:41:04]

########## EOF - C:\AdwCleaner[R1].txt - [2642 octets] ##########
Bin für jede Hilfe dankbar.

Gruß, Sebastian

markusg 13.07.2012 18:11
hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

jesseblue 13.07.2012 22:03
Hallo,

vielen Dank schon mal für die schnelle Antwort. Habe gerade Combofix wie beschrieben ausgeführt.

Combofix Logfile:
Code:
ComboFix 12-07-13.03 - Zahra 12.07.2012  22:42:17.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.1901.443 [GMT 2:00]
ausgeführt von:: c:\users\Zahra\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Common Files\Net4Switch.ico
c:\program files\Common Files\Net4Switch.ico
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2012-07-11 21:25 . 2012-07-11 21:25        --------        d-----w-        c:\program files (x86)\ESET
2012-07-09 14:52 . 2012-07-09 14:52        --------        d-----w-        c:\users\Zahra\AppData\Roaming\Malwarebytes
2012-07-09 14:51 . 2012-07-09 14:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-09 14:51 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-09 14:51 . 2012-07-09 14:51        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-19 20:58 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-19 20:58 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-19 20:58 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-19 20:58 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-19 20:57 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-19 20:57 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-19 20:57 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-19 20:57 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-19 20:57 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-15 22:01 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-15 22:01 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-15 22:01 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-15 22:01 . 2012-05-15 01:32        3146752        ----a-w-        c:\windows\system32\win32k.sys
2012-06-15 22:01 . 2012-05-04 11:06        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-06-15 22:01 . 2012-05-04 10:03        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-06-15 22:01 . 2012-05-04 10:03        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-06-15 22:00 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 02:06 . 2012-06-10 00:16        2311680        ----a-w-        c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-10 00:16        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-10 00:16        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-05-18 01:55 . 2012-06-10 00:16        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-05-18 01:51 . 2012-06-10 00:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-05-17 22:45 . 2012-06-10 00:16        1800192        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-10 00:16        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-10 00:16        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-10 00:16        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-10 00:16        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2009-04-08 09:31 . 2009-04-08 09:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-11 20:45 . 2008-08-11 20:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-05-11 22631608]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
.
c:\users\Zahra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EventGhost.lnk - c:\program files (x86)\EventGhost\EventGhost.exe [2011-6-24 31232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-12-23 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-23 834544]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 129024]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-11-30 35112]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 23:40]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 23:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\aphdyu1t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - (no file)
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-12  22:55:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-12 20:55
.
Vor Suchlauf: 10 Verzeichnis(se), 217.826.324.480 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 219.390.930.944 Bytes frei
.
- - End Of File - - BB37310608B60BA03B9AB33452F1CB9A
--- --- ---

markusg 15.07.2012 20:38
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

jesseblue 15.07.2012 22:39
Log File von TDSSKiller:

Code:
23:35:59.0937 5016        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
23:36:00.0188 5016        ============================================================
23:36:00.0189 5016        Current date / time: 2012/07/14 23:36:00.0188
23:36:00.0189 5016        SystemInfo:
23:36:00.0189 5016       
23:36:00.0189 5016        OS Version: 6.1.7601 ServicePack: 1.0
23:36:00.0189 5016        Product type: Workstation
23:36:00.0189 5016        ComputerName: ZARI
23:36:00.0189 5016        UserName: Zahra
23:36:00.0189 5016        Windows directory: C:\Windows
23:36:00.0189 5016        System windows directory: C:\Windows
23:36:00.0189 5016        Running under WOW64
23:36:00.0189 5016        Processor architecture: Intel x64
23:36:00.0189 5016        Number of processors: 2
23:36:00.0189 5016        Page size: 0x1000
23:36:00.0189 5016        Boot type: Normal boot
23:36:00.0189 5016        ============================================================
23:36:01.0474 5016        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:36:01.0482 5016        ============================================================
23:36:01.0482 5016        \Device\Harddisk0\DR0:
23:36:01.0483 5016        MBR partitions:
23:36:01.0483 5016        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:36:01.0483 5016        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
23:36:01.0483 5016        ============================================================
23:36:01.0520 5016        C: <-> \Device\Harddisk0\DR0\Partition1
23:36:01.0520 5016        ============================================================
23:36:01.0521 5016        Initialize success
23:36:01.0521 5016        ============================================================
23:36:30.0020 4608        ============================================================
23:36:30.0021 4608        Scan started
23:36:30.0021 4608        Mode: Manual; SigCheck; TDLFS;
23:36:30.0021 4608        ============================================================
23:36:31.0937 4608        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:36:32.0334 4608        1394ohci - ok
23:36:32.0415 4608        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:36:32.0456 4608        ACPI - ok
23:36:32.0500 4608        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:36:32.0571 4608        AcpiPmi - ok
23:36:32.0679 4608        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:36:32.0764 4608        adp94xx - ok
23:36:32.0849 4608        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:36:32.0895 4608        adpahci - ok
23:36:32.0927 4608        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:36:32.0965 4608        adpu320 - ok
23:36:33.0014 4608        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:36:33.0128 4608        AeLookupSvc - ok
23:36:33.0206 4608        AFBAgent        (734d1ba96be6ad8d04e6afead569ea8a) C:\Windows\system32\FBAgent.exe
23:36:34.0201 4608        AFBAgent - ok
23:36:34.0364 4608        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:36:34.0459 4608        AFD - ok
23:36:34.0513 4608        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:36:34.0537 4608        agp440 - ok
23:36:34.0564 4608        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:36:34.0654 4608        ALG - ok
23:36:34.0708 4608        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:36:34.0740 4608        aliide - ok
23:36:34.0772 4608        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:36:34.0794 4608        amdide - ok
23:36:34.0826 4608        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:36:34.0892 4608        AmdK8 - ok
23:36:34.0923 4608        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:36:34.0996 4608        AmdPPM - ok
23:36:35.0063 4608        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
23:36:35.0093 4608        amdsata - ok
23:36:35.0129 4608        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:36:35.0152 4608        amdsbs - ok
23:36:35.0192 4608        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
23:36:35.0238 4608        amdxata - ok
23:36:35.0480 4608        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:36:35.0538 4608        AntiVirSchedulerService - ok
23:36:35.0672 4608        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:36:35.0691 4608        AntiVirService - ok
23:36:35.0740 4608        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:36:35.0836 4608        AppID - ok
23:36:35.0868 4608        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:36:35.0937 4608        AppIDSvc - ok
23:36:35.0988 4608        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:36:36.0042 4608        Appinfo - ok
23:36:36.0094 4608        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:36:36.0181 4608        AppMgmt - ok
23:36:36.0202 4608        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:36:36.0223 4608        arc - ok
23:36:36.0241 4608        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:36:36.0262 4608        arcsas - ok
23:36:36.0329 4608        ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:36:36.0368 4608        ASLDRService - ok
23:36:36.0417 4608        ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:36:36.0450 4608        ASMMAP64 - ok
23:36:36.0486 4608        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:36:36.0563 4608        AsyncMac - ok
23:36:36.0645 4608        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:36:36.0668 4608        atapi - ok
23:36:36.0766 4608        athr            (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
23:36:36.0982 4608        athr - ok
23:36:37.0047 4608        ATKGFNEXSrv    (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:36:37.0087 4608        ATKGFNEXSrv - ok
23:36:37.0254 4608        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:36:37.0424 4608        AudioEndpointBuilder - ok
23:36:37.0432 4608        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:36:37.0483 4608        AudioSrv - ok
23:36:37.0597 4608        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
23:36:37.0644 4608        avgntflt - ok
23:36:37.0686 4608        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
23:36:37.0711 4608        avipbb - ok
23:36:37.0828 4608        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:36:37.0946 4608        AxInstSV - ok
23:36:37.0997 4608        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:36:38.0073 4608        b06bdrv - ok
23:36:38.0105 4608        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:36:38.0174 4608        b57nd60a - ok
23:36:38.0229 4608        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:36:38.0283 4608        BDESVC - ok
23:36:38.0306 4608        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:36:38.0415 4608        Beep - ok
23:36:38.0566 4608        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:36:38.0639 4608        BFE - ok
23:36:38.0838 4608        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:36:39.0046 4608        BITS - ok
23:36:39.0104 4608        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:36:39.0143 4608        blbdrive - ok
23:36:39.0179 4608        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:36:39.0204 4608        bowser - ok
23:36:39.0228 4608        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:36:39.0273 4608        BrFiltLo - ok
23:36:39.0277 4608        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:36:39.0299 4608        BrFiltUp - ok
23:36:39.0362 4608        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:36:39.0447 4608        BridgeMP - ok
23:36:39.0490 4608        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:36:39.0566 4608        Browser - ok
23:36:39.0592 4608        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:36:39.0668 4608        Brserid - ok
23:36:39.0691 4608        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:36:39.0746 4608        BrSerWdm - ok
23:36:39.0770 4608        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:36:39.0827 4608        BrUsbMdm - ok
23:36:39.0834 4608        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:36:39.0885 4608        BrUsbSer - ok
23:36:39.0905 4608        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:36:39.0939 4608        BTHMODEM - ok
23:36:40.0001 4608        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:36:40.0160 4608        bthserv - ok
23:36:40.0226 4608        catchme - ok
23:36:40.0260 4608        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:36:40.0360 4608        cdfs - ok
23:36:40.0456 4608        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:36:40.0503 4608        cdrom - ok
23:36:40.0565 4608        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:36:40.0654 4608        CertPropSvc - ok
23:36:40.0695 4608        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:36:40.0760 4608        circlass - ok
23:36:40.0804 4608        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:36:40.0841 4608        CLFS - ok
23:36:40.0885 4608        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:36:40.0933 4608        clr_optimization_v2.0.50727_32 - ok
23:36:40.0988 4608        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:36:41.0022 4608        clr_optimization_v2.0.50727_64 - ok
23:36:41.0061 4608        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:36:41.0099 4608        CmBatt - ok
23:36:41.0138 4608        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:36:41.0159 4608        cmdide - ok
23:36:41.0214 4608        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:36:41.0333 4608        CNG - ok
23:36:41.0472 4608        CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
23:36:41.0540 4608        CnxtHdAudService - ok
23:36:41.0582 4608        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:36:41.0613 4608        Compbatt - ok
23:36:41.0663 4608        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:36:41.0720 4608        CompositeBus - ok
23:36:41.0746 4608        COMSysApp - ok
23:36:41.0789 4608        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:36:41.0822 4608        crcdisk - ok
23:36:41.0875 4608        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:36:41.0969 4608        CryptSvc - ok
23:36:42.0032 4608        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:36:42.0137 4608        CSC - ok
23:36:42.0209 4608        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:36:42.0271 4608        CscService - ok
23:36:42.0424 4608        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:36:42.0503 4608        DcomLaunch - ok
23:36:42.0568 4608        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:36:42.0648 4608        defragsvc - ok
23:36:42.0727 4608        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:36:42.0822 4608        DfsC - ok
23:36:42.0876 4608        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:36:42.0965 4608        Dhcp - ok
23:36:42.0995 4608        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:36:43.0054 4608        discache - ok
23:36:43.0075 4608        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:36:43.0095 4608        Disk - ok
23:36:43.0142 4608        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:36:43.0214 4608        Dnscache - ok
23:36:43.0268 4608        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:36:43.0367 4608        dot3svc - ok
23:36:43.0433 4608        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:36:43.0493 4608        DPS - ok
23:36:43.0522 4608        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:36:43.0555 4608        drmkaud - ok
23:36:43.0695 4608        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:36:43.0797 4608        DXGKrnl - ok
23:36:43.0825 4608        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:36:43.0893 4608        EapHost - ok
23:36:44.0053 4608        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:36:44.0238 4608        ebdrv - ok
23:36:44.0344 4608        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:36:44.0392 4608        EFS - ok
23:36:44.0531 4608        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:36:44.0608 4608        ehRecvr - ok
23:36:44.0632 4608        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:36:44.0671 4608        ehSched - ok
23:36:44.0978 4608        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:36:45.0118 4608        elxstor - ok
23:36:45.0147 4608        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:36:45.0180 4608        ErrDev - ok
23:36:45.0409 4608        ETD            (38b0a3e42de9b36aa56f72a5ecb62331) C:\Windows\system32\DRIVERS\ETD.sys
23:36:45.0482 4608        ETD - ok
23:36:45.0526 4608        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:36:45.0614 4608        EventSystem - ok
23:36:45.0783 4608        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:36:45.0855 4608        exfat - ok
23:36:45.0884 4608        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:36:45.0965 4608        fastfat - ok
23:36:46.0054 4608        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:36:46.0219 4608        Fax - ok
23:36:46.0259 4608        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:36:46.0306 4608        fdc - ok
23:36:46.0344 4608        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:36:46.0427 4608        fdPHost - ok
23:36:46.0444 4608        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:36:46.0502 4608        FDResPub - ok
23:36:46.0524 4608        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:36:46.0543 4608        FileInfo - ok
23:36:46.0554 4608        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:36:46.0603 4608        Filetrace - ok
23:36:46.0677 4608        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:36:46.0693 4608        flpydisk - ok
23:36:46.0864 4608        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:36:46.0938 4608        FltMgr - ok
23:36:47.0019 4608        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:36:47.0137 4608        FontCache - ok
23:36:47.0217 4608        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:36:47.0237 4608        FontCache3.0.0.0 - ok
23:36:47.0293 4608        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:36:47.0325 4608        FsDepends - ok
23:36:47.0364 4608        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:36:47.0393 4608        Fs_Rec - ok
23:36:47.0454 4608        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:36:47.0486 4608        fvevol - ok
23:36:47.0497 4608        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:36:47.0517 4608        gagp30kx - ok
23:36:47.0587 4608        ghaio          (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
23:36:47.0613 4608        ghaio - ok
23:36:47.0767 4608        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:36:47.0949 4608        gpsvc - ok
23:36:48.0075 4608        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:48.0129 4608        gupdate - ok
23:36:48.0159 4608        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:48.0180 4608        gupdatem - ok
23:36:48.0201 4608        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:36:48.0289 4608        hcw85cir - ok
23:36:48.0355 4608        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:36:48.0414 4608        HdAudAddService - ok
23:36:48.0443 4608        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:36:48.0469 4608        HDAudBus - ok
23:36:48.0503 4608        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:36:48.0530 4608        HECIx64 - ok
23:36:48.0557 4608        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:36:48.0595 4608        HidBatt - ok
23:36:48.0618 4608        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:36:48.0652 4608        HidBth - ok
23:36:48.0664 4608        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:36:48.0696 4608        HidIr - ok
23:36:48.0717 4608        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:36:48.0784 4608        hidserv - ok
23:36:48.0858 4608        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:36:48.0914 4608        HidUsb - ok
23:36:49.0004 4608        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:36:49.0074 4608        hkmsvc - ok
23:36:49.0117 4608        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:36:49.0190 4608        HomeGroupListener - ok
23:36:49.0229 4608        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:36:49.0297 4608        HomeGroupProvider - ok
23:36:49.0336 4608        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:36:49.0372 4608        HpSAMD - ok
23:36:49.0453 4608        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:36:49.0571 4608        HTTP - ok
23:36:49.0610 4608        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:36:49.0637 4608        hwpolicy - ok
23:36:49.0679 4608        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:36:49.0714 4608        i8042prt - ok
23:36:49.0757 4608        iaStor          (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
23:36:49.0775 4608        iaStor - ok
23:36:49.0847 4608        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
23:36:49.0888 4608        iaStorV - ok
23:36:50.0083 4608        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:36:50.0173 4608        idsvc - ok
23:36:50.0647 4608        igfx            (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:36:51.0037 4608        igfx - ok
23:36:51.0176 4608        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:36:51.0209 4608        iirsp - ok
23:36:51.0283 4608        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:36:51.0399 4608        IKEEXT - ok
23:36:51.0448 4608        Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
23:36:51.0487 4608        Impcd - ok
23:36:51.0532 4608        IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:36:51.0591 4608        IntcDAud - ok
23:36:51.0635 4608        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:36:51.0664 4608        intelide - ok
23:36:51.0707 4608        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:36:51.0735 4608        intelppm - ok
23:36:51.0767 4608        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:36:51.0830 4608        IPBusEnum - ok
23:36:51.0901 4608        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:36:52.0027 4608        IpFilterDriver - ok
23:36:52.0208 4608        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:36:52.0299 4608        iphlpsvc - ok
23:36:52.0339 4608        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:36:52.0384 4608        IPMIDRV - ok
23:36:52.0407 4608        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:36:52.0476 4608        IPNAT - ok
23:36:52.0480 4608        ipswuio - ok
23:36:52.0510 4608        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:36:52.0537 4608        IRENUM - ok
23:36:52.0582 4608        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:36:52.0613 4608        isapnp - ok
23:36:52.0631 4608        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:36:52.0660 4608        iScsiPrt - ok
23:36:52.0713 4608        JMCR            (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
23:36:52.0743 4608        JMCR - ok
23:36:52.0762 4608        JME            (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
23:36:52.0802 4608        JME - ok
23:36:52.0851 4608        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:36:52.0879 4608        kbdclass - ok
23:36:52.0954 4608        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:36:53.0012 4608        kbdhid - ok
23:36:53.0054 4608        kbfiltr        (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
23:36:53.0081 4608        kbfiltr - ok
23:36:53.0126 4608        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:53.0139 4608        KeyIso - ok
23:36:53.0195 4608        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:36:53.0215 4608        KSecDD - ok
23:36:53.0250 4608        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:36:53.0273 4608        KSecPkg - ok
23:36:53.0306 4608        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:36:53.0360 4608        ksthunk - ok
23:36:53.0401 4608        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:36:53.0487 4608        KtmRm - ok
23:36:53.0545 4608        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:36:53.0647 4608        LanmanServer - ok
23:36:53.0704 4608        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:36:53.0795 4608        LanmanWorkstation - ok
23:36:53.0847 4608        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:36:53.0947 4608        lltdio - ok
23:36:53.0981 4608        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:36:54.0060 4608        lltdsvc - ok
23:36:54.0082 4608        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:36:54.0139 4608        lmhosts - ok
23:36:54.0235 4608        LMS            (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:36:54.0299 4608        LMS ( UnsignedFile.Multi.Generic ) - warning
23:36:54.0299 4608        LMS - detected UnsignedFile.Multi.Generic (1)
23:36:54.0342 4608        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:36:54.0372 4608        LSI_FC - ok
23:36:54.0399 4608        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:36:54.0420 4608        LSI_SAS - ok
23:36:54.0433 4608        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:36:54.0452 4608        LSI_SAS2 - ok
23:36:54.0471 4608        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:36:54.0491 4608        LSI_SCSI - ok
23:36:54.0520 4608        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:36:54.0593 4608        luafv - ok
23:36:54.0653 4608        lullaby        (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
23:36:54.0677 4608        lullaby - ok
23:36:54.0742 4608        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:36:54.0777 4608        Mcx2Svc - ok
23:36:54.0799 4608        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:36:54.0817 4608        megasas - ok
23:36:54.0904 4608        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:36:54.0951 4608        MegaSR - ok
23:36:55.0017 4608        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:36:55.0087 4608        MMCSS - ok
23:36:55.0124 4608        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:36:55.0185 4608        Modem - ok
23:36:55.0205 4608        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:36:55.0228 4608        monitor - ok
23:36:55.0274 4608        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:36:55.0292 4608        mouclass - ok
23:36:55.0310 4608        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:36:55.0344 4608        mouhid - ok
23:36:55.0378 4608        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:36:55.0392 4608        mountmgr - ok
23:36:55.0513 4608        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:36:55.0559 4608        MozillaMaintenance - ok
23:36:55.0621 4608        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:36:55.0664 4608        mpio - ok
23:36:55.0690 4608        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:36:55.0740 4608        mpsdrv - ok
23:36:55.0892 4608        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:36:56.0013 4608        MpsSvc - ok
23:36:56.0058 4608        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:36:56.0115 4608        MRxDAV - ok
23:36:56.0158 4608        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:36:56.0216 4608        mrxsmb - ok
23:36:56.0259 4608        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:36:56.0290 4608        mrxsmb10 - ok
23:36:56.0309 4608        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:36:56.0329 4608        mrxsmb20 - ok
23:36:56.0361 4608        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:36:56.0392 4608        msahci - ok
23:36:56.0411 4608        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:36:56.0435 4608        msdsm - ok
23:36:56.0468 4608        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:36:56.0503 4608        MSDTC - ok
23:36:56.0528 4608        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:36:56.0579 4608        Msfs - ok
23:36:56.0595 4608        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:36:56.0660 4608        mshidkmdf - ok
23:36:56.0699 4608        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:36:56.0716 4608        msisadrv - ok
23:36:56.0757 4608        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:36:56.0819 4608        MSiSCSI - ok
23:36:56.0823 4608        msiserver - ok
23:36:56.0868 4608        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:36:56.0937 4608        MSKSSRV - ok
23:36:56.0952 4608        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:36:57.0044 4608        MSPCLOCK - ok
23:36:57.0070 4608        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:36:57.0144 4608        MSPQM - ok
23:36:57.0194 4608        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:36:57.0234 4608        MsRPC - ok
23:36:57.0274 4608        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:36:57.0288 4608        mssmbios - ok
23:36:57.0333 4608        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:36:57.0399 4608        MSTEE - ok
23:36:57.0418 4608        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:36:57.0446 4608        MTConfig - ok
23:36:57.0470 4608        MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
23:36:57.0483 4608        MTsensor - ok
23:36:57.0510 4608        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:36:57.0536 4608        Mup - ok
23:36:57.0649 4608        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:36:57.0726 4608        napagent - ok
23:36:57.0770 4608        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:36:57.0817 4608        NativeWifiP - ok
23:36:57.0907 4608        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:36:57.0982 4608        NDIS - ok
23:36:58.0002 4608        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:36:58.0051 4608        NdisCap - ok
23:36:58.0077 4608        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:36:58.0136 4608        NdisTapi - ok
23:36:58.0180 4608        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:36:58.0238 4608        Ndisuio - ok
23:36:58.0284 4608        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:36:58.0373 4608        NdisWan - ok
23:36:58.0442 4608        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:36:58.0539 4608        NDProxy - ok
23:36:58.0580 4608        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:36:58.0648 4608        NetBIOS - ok
23:36:58.0699 4608        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:36:58.0766 4608        NetBT - ok
23:36:58.0794 4608        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:58.0807 4608        Netlogon - ok
23:36:58.0867 4608        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:36:58.0970 4608        Netman - ok
23:36:59.0008 4608        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:36:59.0131 4608        netprofm - ok
23:36:59.0267 4608        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:36:59.0297 4608        NetTcpPortSharing - ok
23:36:59.0321 4608        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:36:59.0340 4608        nfrd960 - ok
23:36:59.0495 4608        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:36:59.0584 4608        NlaSvc - ok
23:36:59.0627 4608        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:36:59.0676 4608        Npfs - ok
23:36:59.0702 4608        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:36:59.0765 4608        nsi - ok
23:36:59.0794 4608        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:36:59.0866 4608        nsiproxy - ok
23:36:59.0985 4608        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
23:37:00.0119 4608        Ntfs - ok
23:37:00.0245 4608        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:37:00.0340 4608        Null - ok
23:37:00.0414 4608        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
23:37:00.0436 4608        nvraid - ok
23:37:00.0453 4608        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
23:37:00.0476 4608        nvstor - ok
23:37:00.0523 4608        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:37:00.0545 4608        nv_agp - ok
23:37:00.0635 4608        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:37:00.0682 4608        ohci1394 - ok
23:37:00.0767 4608        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:37:00.0818 4608        ose - ok
23:37:00.0875 4608        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:37:00.0964 4608        p2pimsvc - ok
23:37:01.0015 4608        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:37:01.0076 4608        p2psvc - ok
23:37:01.0106 4608        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:37:01.0134 4608        Parport - ok
23:37:01.0173 4608        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:37:01.0194 4608        partmgr - ok
23:37:01.0224 4608        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:37:01.0264 4608        PcaSvc - ok
23:37:01.0307 4608        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:37:01.0348 4608        pci - ok
23:37:01.0383 4608        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:37:01.0403 4608        pciide - ok
23:37:01.0430 4608        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:37:01.0461 4608        pcmcia - ok
23:37:01.0474 4608        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:37:01.0492 4608        pcw - ok
23:37:01.0582 4608        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:37:01.0717 4608        PEAUTH - ok
23:37:01.0801 4608        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:37:01.0950 4608        PeerDistSvc - ok
23:37:02.0086 4608        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:37:02.0172 4608        PerfHost - ok
23:37:02.0341 4608        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:37:02.0530 4608        pla - ok
23:37:02.0633 4608        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:37:02.0676 4608        PlugPlay - ok
23:37:02.0743 4608        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:37:02.0793 4608        PNRPAutoReg - ok
23:37:02.0822 4608        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:37:02.0838 4608        PNRPsvc - ok
23:37:02.0898 4608        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:37:03.0018 4608        PolicyAgent - ok
23:37:03.0054 4608        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:37:03.0111 4608        Power - ok
23:37:03.0192 4608        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:37:03.0282 4608        PptpMiniport - ok
23:37:03.0316 4608        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:37:03.0364 4608        Processor - ok
23:37:03.0421 4608        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:37:03.0509 4608        ProfSvc - ok
23:37:03.0538 4608        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:37:03.0552 4608        ProtectedStorage - ok
23:37:03.0641 4608        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:37:03.0723 4608        Psched - ok
23:37:03.0856 4608        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:37:03.0973 4608        ql2300 - ok
23:37:04.0105 4608        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:37:04.0145 4608        ql40xx - ok
23:37:04.0179 4608        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:37:04.0222 4608        QWAVE - ok
23:37:04.0246 4608        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:37:04.0289 4608        QWAVEdrv - ok
23:37:04.0310 4608        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:37:04.0389 4608        RasAcd - ok
23:37:04.0434 4608        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:37:04.0494 4608        RasAgileVpn - ok
23:37:04.0530 4608        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:37:04.0582 4608        RasAuto - ok
23:37:04.0664 4608        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:37:04.0732 4608        Rasl2tp - ok
23:37:04.0828 4608        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:37:04.0950 4608        RasMan - ok
23:37:04.0990 4608        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:37:05.0050 4608        RasPppoe - ok
23:37:05.0085 4608        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:37:05.0146 4608        RasSstp - ok
23:37:05.0207 4608        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:37:05.0292 4608        rdbss - ok
23:37:05.0318 4608        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:37:05.0346 4608        rdpbus - ok
23:37:05.0365 4608        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:37:05.0420 4608        RDPCDD - ok
23:37:05.0467 4608        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:37:05.0502 4608        RDPDR - ok
23:37:05.0538 4608        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:37:05.0614 4608        RDPENCDD - ok
23:37:05.0663 4608        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:37:05.0751 4608        RDPREFMP - ok
23:37:05.0860 4608        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:37:05.0949 4608        RDPWD - ok
23:37:06.0006 4608        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:37:06.0042 4608        rdyboost - ok
23:37:06.0064 4608        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:37:06.0116 4608        RemoteAccess - ok
23:37:06.0157 4608        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:37:06.0228 4608        RemoteRegistry - ok
23:37:06.0265 4608        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:37:06.0336 4608        RpcEptMapper - ok
23:37:06.0356 4608        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:37:06.0398 4608        RpcLocator - ok
23:37:06.0463 4608        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:37:06.0529 4608        RpcSs - ok
23:37:06.0568 4608        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:37:06.0664 4608        rspndr - ok
23:37:06.0694 4608        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:37:06.0780 4608        s3cap - ok
23:37:06.0807 4608        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:37:06.0820 4608        SamSs - ok
23:37:06.0910 4608        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:37:06.0934 4608        sbp2port - ok
23:37:06.0983 4608        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:37:07.0062 4608        SCardSvr - ok
23:37:07.0103 4608        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:37:07.0178 4608        scfilter - ok
23:37:07.0258 4608        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:37:07.0415 4608        Schedule - ok
23:37:07.0452 4608        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:37:07.0496 4608        SCPolicySvc - ok
23:37:07.0549 4608        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:37:07.0621 4608        sdbus - ok
23:37:07.0707 4608        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:37:07.0806 4608        SDRSVC - ok
23:37:07.0875 4608        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:37:07.0943 4608        secdrv - ok
23:37:07.0977 4608        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:37:08.0053 4608        seclogon - ok
23:37:08.0149 4608        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:37:08.0204 4608        SENS - ok
23:37:08.0223 4608        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:37:08.0273 4608        SensrSvc - ok
23:37:08.0291 4608        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:37:08.0309 4608        Serenum - ok
23:37:08.0338 4608        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:37:08.0374 4608        Serial - ok
23:37:08.0419 4608        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:37:08.0458 4608        sermouse - ok
23:37:08.0525 4608        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:37:08.0619 4608        SessionEnv - ok
23:37:08.0650 4608        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:37:08.0690 4608        sffdisk - ok
23:37:08.0703 4608        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:37:08.0728 4608        sffp_mmc - ok
23:37:08.0744 4608        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:37:08.0777 4608        sffp_sd - ok
23:37:08.0804 4608        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:37:08.0844 4608        sfloppy - ok
23:37:08.0935 4608        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:37:09.0030 4608        SharedAccess - ok
23:37:09.0172 4608        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:37:09.0254 4608        ShellHWDetection - ok
23:37:09.0279 4608        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:37:09.0298 4608        SiSRaid2 - ok
23:37:09.0314 4608        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:37:09.0346 4608        SiSRaid4 - ok
23:37:09.0373 4608        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:37:09.0443 4608        Smb - ok
23:37:09.0495 4608        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:37:09.0530 4608        SNMPTRAP - ok
23:37:09.0686 4608        SNP2UVC        (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
23:37:09.0805 4608        SNP2UVC - ok
23:37:09.0983 4608        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:37:10.0005 4608        spldr - ok
23:37:10.0139 4608        spmgr          (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
23:37:10.0231 4608        spmgr - ok
23:37:10.0290 4608        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:37:10.0370 4608        Spooler - ok
23:37:10.0554 4608        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:37:10.0727 4608        sppsvc - ok
23:37:10.0839 4608        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:37:10.0937 4608        sppuinotify - ok
23:37:11.0135 4608        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
23:37:11.0339 4608        sptd - ok
23:37:11.0429 4608        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:37:11.0492 4608        srv - ok
23:37:11.0546 4608        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:37:11.0605 4608        srv2 - ok
23:37:11.0627 4608        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:37:11.0663 4608        srvnet - ok
23:37:11.0715 4608        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:37:11.0785 4608        SSDPSRV - ok
23:37:11.0799 4608        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:37:11.0851 4608        SstpSvc - ok
23:37:11.0871 4608        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:37:11.0890 4608        stexstor - ok
23:37:11.0959 4608        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:37:12.0074 4608        stisvc - ok
23:37:12.0115 4608        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:37:12.0145 4608        storflt - ok
23:37:12.0200 4608        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
23:37:12.0228 4608        StorSvc - ok
23:37:12.0239 4608        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:37:12.0257 4608        storvsc - ok
23:37:12.0265 4608        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:37:12.0282 4608        swenum - ok
23:37:12.0415 4608        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:37:12.0502 4608        swprv - ok
23:37:12.0609 4608        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:37:12.0709 4608        SysMain - ok
23:37:12.0807 4608        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:37:12.0850 4608        TabletInputService - ok
23:37:12.0880 4608        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:37:12.0961 4608        TapiSrv - ok
23:37:12.0977 4608        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:37:13.0029 4608        TBS - ok
23:37:13.0212 4608        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:37:13.0367 4608        Tcpip - ok
23:37:13.0667 4608        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:37:13.0723 4608        TCPIP6 - ok
23:37:13.0875 4608        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:37:13.0984 4608        tcpipreg - ok
23:37:14.0023 4608        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:37:14.0093 4608        TDPIPE - ok
23:37:14.0128 4608        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:37:14.0169 4608        TDTCP - ok
23:37:14.0227 4608        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:37:14.0296 4608        tdx - ok
23:37:14.0536 4608        TeamViewer6    (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
23:37:14.0705 4608        TeamViewer6 - ok
23:37:14.0843 4608        teamviewervpn  (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:37:14.0868 4608        teamviewervpn - ok
23:37:14.0915 4608        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:37:14.0937 4608        TermDD - ok
23:37:14.0997 4608        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:37:15.0123 4608        TermService - ok
23:37:15.0164 4608        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:37:15.0207 4608        Themes - ok
23:37:15.0235 4608        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:37:15.0281 4608        THREADORDER - ok
23:37:15.0313 4608        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:37:15.0375 4608        TrkWks - ok
23:37:15.0493 4608        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:37:15.0557 4608        TrustedInstaller - ok
23:37:15.0618 4608        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:37:15.0684 4608        tssecsrv - ok
23:37:15.0758 4608        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:37:15.0825 4608        TsUsbFlt - ok
23:37:15.0883 4608        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:37:15.0952 4608        tunnel - ok
23:37:15.0979 4608        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:37:16.0015 4608        uagp35 - ok
23:37:16.0061 4608        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:37:16.0132 4608        udfs - ok
23:37:16.0161 4608        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:37:16.0188 4608        UI0Detect - ok
23:37:16.0230 4608        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:37:16.0258 4608        uliagpkx - ok
23:37:16.0296 4608        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:37:16.0331 4608        umbus - ok
23:37:16.0358 4608        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:37:16.0375 4608        UmPass - ok
23:37:16.0421 4608        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:37:16.0481 4608        UmRdpService - ok
23:37:16.0730 4608        UNS            (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:37:16.0840 4608        UNS ( UnsignedFile.Multi.Generic ) - warning
23:37:16.0840 4608        UNS - detected UnsignedFile.Multi.Generic (1)
23:37:16.0953 4608        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:37:17.0025 4608        upnphost - ok
23:37:17.0078 4608        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
23:37:17.0112 4608        usbccgp - ok
23:37:17.0162 4608        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:37:17.0211 4608        usbcir - ok
23:37:17.0225 4608        usbehci        (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
23:37:17.0276 4608        usbehci - ok
23:37:17.0333 4608        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
23:37:17.0394 4608        usbhub - ok
23:37:17.0430 4608        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
23:37:17.0454 4608        usbohci - ok
23:37:17.0485 4608        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:37:17.0523 4608        usbprint - ok
23:37:17.0545 4608        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:37:17.0574 4608        USBSTOR - ok
23:37:17.0591 4608        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
23:37:17.0645 4608        usbuhci - ok
23:37:17.0742 4608        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:37:17.0806 4608        usbvideo - ok
23:37:17.0895 4608        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:37:17.0966 4608        UxSms - ok
23:37:18.0032 4608        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:37:18.0045 4608        VaultSvc - ok
23:37:18.0095 4608        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:37:18.0136 4608        vdrvroot - ok
23:37:18.0196 4608        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:37:18.0291 4608        vds - ok
23:37:18.0324 4608        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:37:18.0345 4608        vga - ok
23:37:18.0354 4608        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:37:18.0412 4608        VgaSave - ok
23:37:18.0440 4608        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:37:18.0466 4608        vhdmp - ok
23:37:18.0498 4608        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:37:18.0529 4608        viaide - ok
23:37:18.0573 4608        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:37:18.0599 4608        vmbus - ok
23:37:18.0639 4608        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:37:18.0679 4608        VMBusHID - ok
23:37:18.0708 4608        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:37:18.0730 4608        volmgr - ok
23:37:18.0956 4608        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:37:18.0989 4608        volmgrx - ok
23:37:19.0098 4608        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:37:19.0125 4608        volsnap - ok
23:37:19.0151 4608        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:37:19.0174 4608        vsmraid - ok
23:37:19.0271 4608        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:37:19.0398 4608        VSS - ok
23:37:19.0521 4608        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:37:19.0574 4608        vwifibus - ok
23:37:19.0601 4608        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:37:19.0627 4608        vwififlt - ok
23:37:19.0663 4608        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:37:19.0746 4608        W32Time - ok
23:37:19.0776 4608        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:37:19.0800 4608        WacomPen - ok
23:37:19.0917 4608        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:37:19.0987 4608        WANARP - ok
23:37:19.0991 4608        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:37:20.0033 4608        Wanarpv6 - ok
23:37:20.0167 4608        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:37:20.0320 4608        wbengine - ok
23:37:20.0416 4608        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:37:20.0459 4608        WbioSrvc - ok
23:37:20.0508 4608        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:37:20.0558 4608        wcncsvc - ok
23:37:20.0569 4608        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:37:20.0598 4608        WcsPlugInService - ok
23:37:20.0637 4608        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:37:20.0665 4608        Wd - ok
23:37:20.0704 4608        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:37:20.0773 4608        Wdf01000 - ok
23:37:20.0792 4608        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:37:20.0903 4608        WdiServiceHost - ok
23:37:20.0909 4608        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:37:20.0931 4608        WdiSystemHost - ok
23:37:21.0021 4608        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:37:21.0076 4608        WebClient - ok
23:37:21.0137 4608        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:37:21.0220 4608        Wecsvc - ok
23:37:21.0250 4608        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:37:21.0316 4608        wercplsupport - ok
23:37:21.0349 4608        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:37:21.0413 4608        WerSvc - ok
23:37:21.0475 4608        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:37:21.0538 4608        WfpLwf - ok
23:37:21.0597 4608        WimFltr        (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
23:37:21.0621 4608        WimFltr - ok
23:37:21.0639 4608        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:37:21.0656 4608        WIMMount - ok
23:37:21.0686 4608        WinDefend - ok
23:37:21.0693 4608        WinHttpAutoProxySvc - ok
23:37:21.0760 4608        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:37:21.0828 4608        Winmgmt - ok
23:37:22.0205 4608        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:37:22.0317 4608        WinRM - ok
23:37:22.0487 4608        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:37:22.0541 4608        WinUsb - ok
23:37:22.0605 4608        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:37:22.0700 4608        Wlansvc - ok
23:37:22.0722 4608        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:37:22.0749 4608        WmiAcpi - ok
23:37:22.0809 4608        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:37:22.0864 4608        wmiApSrv - ok
23:37:22.0927 4608        WMPNetworkSvc - ok
23:37:22.0974 4608        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:37:23.0044 4608        WPCSvc - ok
23:37:23.0079 4608        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:37:23.0178 4608        WPDBusEnum - ok
23:37:23.0237 4608        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:37:23.0304 4608        ws2ifsl - ok
23:37:23.0321 4608        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:37:23.0358 4608        wscsvc - ok
23:37:23.0362 4608        WSearch - ok
23:37:23.0504 4608        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:37:23.0667 4608        wuauserv - ok
23:37:23.0809 4608        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:37:23.0901 4608        WudfPf - ok
23:37:23.0946 4608        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:37:24.0009 4608        WUDFRd - ok
23:37:24.0076 4608        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:37:24.0145 4608        wudfsvc - ok
23:37:24.0184 4608        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:37:24.0216 4608        WwanSvc - ok
23:37:24.0408 4608        x10nets        (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
23:37:24.0444 4608        x10nets ( UnsignedFile.Multi.Generic ) - warning
23:37:24.0444 4608        x10nets - detected UnsignedFile.Multi.Generic (1)
23:37:24.0475 4608        XUIF            (1fa025e95f0af58f6ed439a83b84903a) C:\Windows\system32\Drivers\x10ufx2.sys
23:37:24.0511 4608        XUIF - ok
23:37:24.0540 4608        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:37:24.0848 4608        \Device\Harddisk0\DR0 - ok
23:37:24.0853 4608        Boot (0x1200)  (dc53e0c3ceaaf8b04e2e186b5b709622) \Device\Harddisk0\DR0\Partition0
23:37:24.0857 4608        \Device\Harddisk0\DR0\Partition0 - ok
23:37:24.0891 4608        Boot (0x1200)  (fc9d7424d524cad2eb9e32d0e2673b4d) \Device\Harddisk0\DR0\Partition1
23:37:24.0894 4608        \Device\Harddisk0\DR0\Partition1 - ok
23:37:24.0895 4608        ============================================================
23:37:24.0895 4608        Scan finished
23:37:24.0895 4608        ============================================================
23:37:24.0914 1388        Detected object count: 3
23:37:24.0914 1388        Actual detected object count: 3
23:37:37.0337 1388        LMS ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:37.0338 1388        LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:37.0338 1388        UNS ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:37.0338 1388        UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:37.0341 1388        x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:37.0341 1388        x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:17.0815 4460        Deinitialize success

markusg 17.07.2012 21:53
sieht gut aus.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

jesseblue 17.07.2012 22:25
Habe mal so gut es geht versucht die Programme zu kategorisieren:

Code:
Acrobat.com        Adobe Systems Incorporated        23.12.2010        1,58MB        1.1.377                -->unbekannt
Adobe AIR        Adobe Systems Inc.        23.12.2010                1.5.0.7220                -->unbekannt
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        23.12.2010        6,00MB        10.1.102.64        -->notwendig
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        22.05.2011        6,00MB        10.3.181.14        -->unbekannt
Adobe Reader 9.0.1        Adobe Systems Incorporated        23.12.2010        202MB        9.0.1        -->notwendig
ASUS CopyProtect        ASUS        23.12.2010        3,62MB        1.0.0015        -->unnötig
ASUS FancyStart        ASUSTeK Computer Inc.        23.12.2010        12,0MB        1.0.8        -->unbekannt
ASUS LifeFrame3        ASUS        23.12.2010        27,7MB        3.0.20        -->unbekannt
ASUS Live Update        ASUS        23.12.2010                2.5.9        -->unbekannt
ASUS MultiFrame        ASUS        23.12.2010                1.0.0021        -->unbekannt
ASUS Power4Gear Hybrid        ASUS        23.12.2010        12,2MB        1.1.37        -->notwendig
ASUS SmartLogon        ASUS        23.12.2010        10,9MB        1.0.0008        -->unbekannt
ASUS Splendid Video Enhancement Technology        ASUS        23.12.2010        24,4MB        1.02.0028        -->unbekannt
ASUS Virtual Camera        asus        23.12.2010        3,12MB        1.0.20        -->notwendig
ATK Package        ASUS        23.12.2010        12,3MB        1.0.0006        -->unbekannt
Avira AntiVir Personal - Free Antivirus        Avira GmbH        16.02.2012        76,8MB        10.2.0.707        -->notwendig
CCleaner        Piriform        22.06.2012                3.20        -->neu zum Trojaner-Suchen
CDBurnerXP        CDBurnerXP        23.12.2010        11,1MB        4.3.8.2474        -->unnötig
CDBurnerXP        CDBurnerXP        01.03.2012        17,2MB        4.3.9.2762        -->notwendig
Compatibility Pack für 2007 Office System        Microsoft Corporation        31.08.2010        113MB        12.0.6612.1000        -->notwendig
Conexant HD Audio        Conexant        23.12.2010                4.111.0.63        -->unbekannt
ControlDeck        ASUS        23.12.2010        1,81MB        1.0.8        -->unbekannt
ESET Online Scanner v3                11.07.2012        -->neu zum Trojaner-Suchen               
ETDWare PS/2-x64 7.0.5.13_WHQL        ELAN Microelectronics Corp.        23.12.2010                7.0.5.13        -->unbekannt
EventGhost 0.4.1.r1509        EventGhost Project        24.06.2011                0.4.1.r1509        -->notwendig
Fast Boot        ASUS        23.12.2010        1,46MB        1.0.6        -->unbekannt
Google Earth Plug-in        Google        02.12.2010        40,8MB        6.1.0.5001        -->notwendig
Intel(R) Control Center        Intel Corporation        23.12.2010                1.2.1.1007        -->notwendig
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        22.05.2011                8.15.10.2125        -->notwendig
Intel(R) Management Engine Components        Intel Corporation        23.12.2010                6.0.0.1179        -->notwendig
JMicron Ethernet Adapter NDIS Driver        JMicron Technology Corp.        23.12.2010                6.0.17.1        -->unbekannt
JMicron Flash Media Controller Driver        JMicron Technology Corp.        23.12.2010                1.0.33.2        -->unbekannt
K_Series_ScreenSaver_EN                23.12.2010        -->unnötig               
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        09.07.2012        18,0MB        1.61.0.1400        -->neu zum Trojaner-Suchen
Microsoft Office File Validation Add-In        Microsoft Corporation        20.10.2011        7,95MB        14.0.5130.5003        -->notwendig
Microsoft Office Professional Edition 2003        Microsoft Corporation        13.07.2012        1,06GB        11.0.8173.0        -->notwendig
Microsoft Silverlight        Microsoft Corporation        12.05.2012        50,6MB        5.1.10411.0        -->unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        18.08.2011        300KB        8.0.61001        -->unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        23.12.2010        596KB        9.0.30729.4148        -->unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        18.08.2011        600KB        9.0.30729.6161        -->unbekannt
Mozilla Firefox 13.0.1 (x86 de)        Mozilla        17.06.2012        35,8MB        13.0.1        -->notwendig
Mozilla Maintenance Service        Mozilla        17.06.2012        309KB        13.0.1        -->unbekannt
Mozilla Thunderbird (3.1.20)        Mozilla        08.06.2012                3.1.20 (de)        -->notwendig
NB Probe                23.12.2010        -->unbekannt               
Need For Speed™ World        Electronic Arts        27.12.2011        12,4MB        1.0.0.722        -->unnötig
Net4Switch        ASUS        23.12.2010                1.00.0020        -->unbekannt
ooVoo        ooVoo LLC.        19.05.2010        108KB        3.0.4038        -->notwendig
Skype™ 5.3        Skype Technologies S.A.        12.05.2010        16,4MB        5.3.111        -->notwendig
SRS Premium Sound Control Panel        SRS Labs, Inc.        23.12.2010        1,82MB        1.8.5700        -->unbekannt
TeamViewer 6        TeamViewer GmbH        23.12.2010                6.0.9947        -->notwendig
USB2.0 UVC VGA WebCam        Sonix        23.12.2010                5.8.54000.207        -->notwendig
VLC media player 1.1.5        VideoLAN        23.12.2010                1.1.5        -->notwendig
Winamp        Nullsoft, Inc        23.12.2010                5.601        -->notwendig
WinFlash        ASUS        23.12.2010        852KB        2.30.3        -->unbekannt
Wireless Console 3        ASUS        23.12.2010        2,43MB        3.0.18        -->unbekannt
X10 Hardware(TM)                24.06.2011        -->notwendig               
Yahoo! Messenger        Yahoo! Inc.        23.12.2010        -->unnötig

markusg 19.07.2012 20:37
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
http://filepony.de/download-adobe_reader/
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ESET
K_Series_ScreenSaver_EN
Need For Speed™
Yahoo

öffne ccleaner analysieren starten
öffne otl, cleanup pc startet neu, testen wie er läuft

jesseblue 19.07.2012 21:16
So, erledigt.

Hab jetzt ein paar mal neu gestartet und ein paar der Standard-Programme gestartet. Scheint alles normal zu laufen soweit. Gibt es noch etwas, was ich tun sollte? Wurde durch einen der durchgeführten Schritte der Trojaner entfernt oder ist er noch immer da und versteckt sich nur sehr gut?

markusg 19.07.2012 22:59
der trojaner ist weg, sehe nichts mehr in den logs.
jetzt den pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19