| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: My Security Shield inaktiv?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2012, 23:55
| #1 |
| |  My Security Shield inaktiv? Hallo, habe vor zwei Wochen den Rechner meiner Mutter konfisziert, als ich bemerkt habe, dass sie sich den My Security Shield Trojaner eingefangen hat. Habe mich jetzt vorgestern daransetzen wollen und musste aber feststellen, dass jetzt keine Spur mehr von dem Trojaner aufzufinden ist. D.h. kein Lebenszeichen seit etwa 10 Neustarts. Windows läuft unauffällig und ich kann nichts annormales an dem System feststellen (keine leeren Ordner oder sonstiges). Glaube aber nicht wirklich daran, dass er sich in Luft aufgelöst hat und bräuchte deshalb Hilfe um sicherzustellen, dass meine Mutter den Rechner wieder nutzen kann. Habe mich schon durch diverse Beiträge durchgelesen und habe schon mal ein paar der dort vorgeschlagenen Scans durchgeführt. Zunächst drei Quick-Scans mit Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zahra :: ZARI [Administrator] 09.07.2012 16:53:12 mbam-log-2012-07-09 (16-53-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223420 Laufzeit: 6 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zahra :: ZARI [Administrator] 09.07.2012 17:35:34 mbam-log-2012-07-09 (17-35-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 36274 Laufzeit: 2 Minute(n), 14 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zahra :: ZARI [Administrator] 09.07.2012 17:38:21 mbam-log-2012-07-09 (17-38-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222438 Laufzeit: 3 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Sowie ein vollständiger Suchlauf mit Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zahra :: ZARI [Administrator] 11.07.2012 22:05:35 mbam-log-2012-07-11 (22-05-35).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 325389 Laufzeit: 53 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET-Online Scan Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3cc7c553c4bb6f4fbd47990f17ae6717
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-11 10:10:26
# local_time=2012-07-12 12:10:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 5621 78578906 0 0
# compatibility_mode=5893 16776574 66 85 23076944 93671935 0 0
# compatibility_mode=8192 67108863 100 0 160 160 0 0
# scanned=115363
# found=0
# cleaned=0
# scan_time=2541
Custom Scan mit OTL Code:
ATTFilter OTL logfile created on: 12.07.2012 00:27:52 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Zahra\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,86 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 44,10% Memory free 3,71 Gb Paging File | 2,32 Gb Available in Paging File | 62,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 202,09 Gb Free Space | 67,82% Space Free | Partition Type: NTFS Computer Name: ZARI | User Name: Zahra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.09 17:04:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTL.exe PRC - [2011.06.29 11:25:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.29 00:05:32 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.23 15:33:51 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.08.17 15:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.06.09 10:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010.05.03 15:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.05.03 15:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.12.15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.23 11:11:54 | 001,160,320 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe PRC - [2009.07.31 11:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2007.11.30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe ========== Modules (No Company Name) ========== MOD - [2012.06.10 08:27:37 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.10 08:27:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.10 08:27:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.10 08:26:54 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2010.08.31 03:38:48 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2010.08.31 03:34:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2010.08.31 03:33:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2010.08.31 03:33:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2010.08.31 03:33:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2010.08.31 03:33:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2010.08.31 03:32:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.02.23 16:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010.02.23 16:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010.02.23 16:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll MOD - [2010.02.23 16:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010.02.23 16:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2009.09.17 14:41:42 | 000,267,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll MOD - [2009.09.15 17:45:58 | 000,228,864 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll MOD - [2009.09.15 11:47:10 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll MOD - [2009.09.11 17:40:20 | 000,084,992 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll MOD - [2009.07.14 19:58:23 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.07.08 12:24:16 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll MOD - [2009.07.03 14:40:34 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll MOD - [2009.07.03 14:21:16 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll MOD - [2009.07.03 14:13:56 | 000,297,984 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll MOD - [2009.07.03 14:13:16 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll MOD - [2009.07.03 14:12:32 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll MOD - [2009.07.03 14:12:24 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll MOD - [2009.07.03 14:12:14 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll MOD - [2009.07.01 17:46:24 | 000,461,824 | ---- | M] () -- C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll MOD - [2007.11.30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.06.22 12:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.17 20:44:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.06.29 11:25:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 00:05:32 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2009.12.15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.29 11:25:26 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 11:25:26 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.12.23 21:28:29 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.30 18:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.07.21 07:33:50 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.02 10:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.25 05:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) DRV:64bit: - [2010.02.03 00:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.01.18 11:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.20 04:41:38 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.08.18 10:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.08.06 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.18 13:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2005.03.02 15:26:12 | 000,033,280 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2007.08.03 06:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363 IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C C2 34 8D 4A 04 CC 01 [binary data] IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No CLSID value found IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363 IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 5596999763966672 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 20:44:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 10:19:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.08 17:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 20:44:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 10:19:02 | 000,000,000 | ---D | M] [2010.12.23 16:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zahra\AppData\Roaming\mozilla\Extensions [2010.12.23 16:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zahra\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.02 11:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zahra\AppData\Roaming\mozilla\Firefox\Profiles\aphdyu1t.default\extensions [2011.05.08 16:53:04 | 000,000,935 | ---- | M] () -- C:\Users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\aphdyu1t.default\searchplugins\conduit.xml [2011.04.09 01:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.17 20:44:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.06 15:05:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.06 15:05:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.06 15:05:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.06 15:05:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.06 15:05:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.06 15:05:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.09 17:34:50 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\S-1-5-21-633045147-4172091190-1306057544-1000\..\Toolbar\WebBrowser: (no name) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-633045147-4172091190-1306057544-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Zahra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk = C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{607C9648-2309-4237-AB6B-F6D42FFE67D8}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0B25042-0B6B-4492-BE1F-04C382FF1296}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{8c23f9b0-0ecc-11e0-8d0a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8c23f9b0-0ecc-11e0-8d0a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe - (Acresso Software Inc.) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: ETDWare - hkey= - key= - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) MsConfig:64bit - StartUpReg: SmartAudio - hkey= - key= - C:\Program Files\CONEXANT\SAII\SAIICpl.exe () MsConfig:64bit - StartUpReg: Wireless Console 3 - hkey= - key= - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.11 23:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.11 23:24:49 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Zahra\Desktop\esetsmartinstaller_enu.exe [2012.07.11 21:44:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.09 17:34:29 | 000,000,000 | ---D | C] -- C:\Users\Zahra\Desktop\HostsXpert [2012.07.09 17:33:16 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTH.scr [2012.07.09 17:04:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTL.exe [2012.07.09 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Zahra\AppData\Roaming\Malwarebytes [2012.07.09 16:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.09 16:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.09 16:51:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.09 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.09 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\Zahra\Desktop\My Securit Shield entfernen [2008.08.11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.12 00:28:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.11 23:24:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Zahra\Desktop\esetsmartinstaller_enu.exe [2012.07.11 22:28:26 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.11 21:53:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 21:53:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 21:45:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.11 21:45:14 | 1494,663,168 | -HS- | M] () -- C:\hiberfil.sys [2012.07.09 17:33:16 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTH.scr [2012.07.09 17:05:36 | 000,000,188 | ---- | M] () -- C:\Users\Zahra\defogger_reenable [2012.07.09 17:04:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zahra\Desktop\OTL.exe [2012.07.09 17:01:48 | 000,050,477 | ---- | M] () -- C:\Users\Zahra\Desktop\Defogger.exe [2012.07.09 16:51:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.09 16:47:01 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.09 16:47:01 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.09 16:47:01 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.09 16:47:01 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.09 16:47:01 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.24 01:20:29 | 099,308,192 | ---- | M] () -- C:\Users\Zahra\Desktop\avira_free_antivirus_de.exe [2012.06.14 23:21:18 | 000,231,518 | ---- | M] () -- C:\Users\Zahra\Desktop\26042012533.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.09 17:05:36 | 000,000,188 | ---- | C] () -- C:\Users\Zahra\defogger_reenable [2012.07.09 17:01:46 | 000,050,477 | ---- | C] () -- C:\Users\Zahra\Desktop\Defogger.exe [2012.07.09 16:51:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 01:19:34 | 099,308,192 | ---- | C] () -- C:\Users\Zahra\Desktop\avira_free_antivirus_de.exe [2012.06.14 23:21:33 | 000,231,518 | ---- | C] () -- C:\Users\Zahra\Desktop\26042012533.jpg [2012.05.08 22:45:23 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI [2012.03.02 02:16:43 | 000,004,096 | -H-- | C] () -- C:\Users\Zahra\AppData\Local\keyfile3.drm [2011.11.02 03:24:55 | 000,008,192 | ---- | C] () -- C:\Users\Zahra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.24 23:57:01 | 006,838,784 | ---- | C] () -- C:\Users\Zahra\Beautiful_pictures10-Consul_1.pps [2011.07.07 17:52:39 | 000,000,000 | ---- | C] () -- C:\Users\Zahra\AppData\Local\{4412A8D9-DFB6-4BCC-A940-29EFB91F6F0C} [2011.06.24 20:41:40 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2011.05.22 11:31:23 | 000,746,665 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.05.22 11:31:23 | 000,441,344 | ---- | C] ( ) -- C:\Windows\SysWow64\SetACLx64.exe [2011.05.22 11:31:23 | 000,303,616 | ---- | C] ( ) -- C:\Windows\SysWow64\SetACLx86.exe [2011.05.22 11:31:23 | 000,269,824 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2011.05.22 11:31:23 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2011.05.22 11:31:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2011.05.22 11:31:23 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2011.05.22 11:31:23 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll [2011.05.22 11:31:22 | 003,830,577 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2011.05.22 11:31:22 | 001,523,712 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2011.05.22 11:31:22 | 000,914,034 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll [2011.05.22 11:31:22 | 000,331,241 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll [2011.05.22 11:31:22 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2011.05.22 11:31:22 | 000,210,432 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2011.05.22 11:31:22 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2011.05.22 11:31:22 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2011.02.11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.01.10 00:02:11 | 002,967,552 | ---- | C] () -- C:\Users\Zahra\behtarin khodahafezi.pps [2010.12.23 21:36:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.12.23 15:23:46 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.08.25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.08.25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2009.04.08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.05.22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== LOP Check ========== [2010.12.23 16:25:18 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Canneverbe Limited [2010.12.23 21:32:57 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\DAEMON Tools Lite [2011.06.24 20:43:20 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\EventGhost [2011.04.08 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\ooVoo Details [2010.12.23 16:40:27 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Thunderbird [2012.06.13 09:49:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.23 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Adobe [2010.12.23 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Avira [2010.12.23 16:25:18 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Canneverbe Limited [2010.12.23 21:32:57 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\DAEMON Tools Lite [2012.02.13 01:47:16 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\dvdcss [2011.06.24 20:43:20 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\EventGhost [2010.12.23 15:09:06 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Identities [2010.12.23 15:15:22 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\InstallShield [2010.12.23 15:36:51 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Macromedia [2012.07.09 16:52:24 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Media Center Programs [2012.03.02 02:24:24 | 000,000,000 | --SD | M] -- C:\Users\Zahra\AppData\Roaming\Microsoft [2010.12.23 15:48:09 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Mozilla [2011.04.08 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\ooVoo Details [2012.07.12 00:16:52 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Skype [2010.12.23 16:40:27 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Thunderbird [2012.02.13 01:47:20 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\vlc [2010.12.23 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Winamp [2010.12.23 21:53:46 | 000,000,000 | ---D | M] -- C:\Users\Zahra\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.08.06 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.08.06 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX0\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX1\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX3\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX4\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX5\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX6\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX7\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX8\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX0\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX2\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX3\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX4\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX5\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX6\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX7\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Zahra\AppData\Local\Temp\RarSFX8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll ========== Files - Unicode (All) ========== [2011.01.10 23:12:45 | 000,028,672 | ---- | M] ()(C:\Users\Zahra\????? ?? ??..doc) -- C:\Users\Zahra\????? ?? ??..doc [2011.01.10 23:12:45 | 000,028,672 | ---- | C] ()(C:\Users\Zahra\????? ?? ??..doc) -- C:\Users\Zahra\????? ?? ??..doc < End of report > AdwCleaner Scan Code:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/12/2012 at 00:41:04
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Zahra - ZARI
# Running from : C:\Users\Zahra\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Zahra\AppData\Local\Conduit
Folder Found : C:\Users\Zahra\AppData\LocalLow\Conduit
Folder Found : C:\Users\Zahra\AppData\LocalLow\PriceGong
File Found : C:\Users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\aphdyu1t.default\searchplugins\Conduit.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1572363
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\aphdyu1t.default\prefs.js
Found : user_pref("browser.search.defaultthis.engineName", "ooVoo Video Chat Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&Sea[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=2&q=[...]
*************************
AdwCleaner[R1].txt - [2514 octets] - [12/07/2012 00:41:04]
########## EOF - C:\AdwCleaner[R1].txt - [2642 octets] ##########
Gruß, Sebastian |
|
13.07.2012, 18:11
| #2 | |
| /// Malware-holic   | My Security Shield inaktiv? hi
__________________Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
13.07.2012, 22:03
| #3 |
| | My Security Shield inaktiv? Hallo,
__________________vielen Dank schon mal für die schnelle Antwort. Habe gerade Combofix wie beschrieben ausgeführt. Combofix Logfile: Code:
ATTFilter ComboFix 12-07-13.03 - Zahra 12.07.2012 22:42:17.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1901.443 [GMT 2:00]
ausgeführt von:: c:\users\Zahra\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Common Files\Net4Switch.ico
c:\program files\Common Files\Net4Switch.ico
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-12 bis 2012-07-12 ))))))))))))))))))))))))))))))
.
.
2012-07-11 21:25 . 2012-07-11 21:25 -------- d-----w- c:\program files (x86)\ESET
2012-07-09 14:52 . 2012-07-09 14:52 -------- d-----w- c:\users\Zahra\AppData\Roaming\Malwarebytes
2012-07-09 14:51 . 2012-07-09 14:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 14:51 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 14:51 . 2012-07-09 14:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-19 20:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 20:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 20:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 20:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 20:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 20:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 20:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 20:57 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 20:57 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-15 22:01 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-15 22:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-15 22:01 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-15 22:01 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-15 22:01 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-15 22:01 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-15 22:01 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-15 22:00 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 02:06 . 2012-06-10 00:16 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-10 00:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-10 00:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:55 . 2012-06-10 00:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:51 . 2012-06-10 00:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-17 22:45 . 2012-06-10 00:16 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-10 00:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-10 00:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-10 00:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-10 00:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2009-04-08 09:31 . 2009-04-08 09:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-11 20:45 . 2008-08-11 20:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-05-11 22631608]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
.
c:\users\Zahra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EventGhost.lnk - c:\program files (x86)\EventGhost\EventGhost.exe [2011-6-24 31232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-12-23 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-23 834544]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 129024]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-11-30 35112]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 23:40]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 23:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Zahra\AppData\Roaming\Mozilla\Firefox\Profiles\aphdyu1t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - (no file)
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-12 22:55:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-12 20:55
.
Vor Suchlauf: 10 Verzeichnis(se), 217.826.324.480 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 219.390.930.944 Bytes frei
.
- - End Of File - - BB37310608B60BA03B9AB33452F1CB9A
|
|
15.07.2012, 20:38
| #4 |
| /// Malware-holic | My Security Shield inaktiv? download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.07.2012, 22:39
| #5 |
| | My Security Shield inaktiv? Log File von TDSSKiller: Code:
ATTFilter 23:35:59.0937 5016 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:36:00.0188 5016 ============================================================
23:36:00.0189 5016 Current date / time: 2012/07/14 23:36:00.0188
23:36:00.0189 5016 SystemInfo:
23:36:00.0189 5016
23:36:00.0189 5016 OS Version: 6.1.7601 ServicePack: 1.0
23:36:00.0189 5016 Product type: Workstation
23:36:00.0189 5016 ComputerName: ZARI
23:36:00.0189 5016 UserName: Zahra
23:36:00.0189 5016 Windows directory: C:\Windows
23:36:00.0189 5016 System windows directory: C:\Windows
23:36:00.0189 5016 Running under WOW64
23:36:00.0189 5016 Processor architecture: Intel x64
23:36:00.0189 5016 Number of processors: 2
23:36:00.0189 5016 Page size: 0x1000
23:36:00.0189 5016 Boot type: Normal boot
23:36:00.0189 5016 ============================================================
23:36:01.0474 5016 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:36:01.0482 5016 ============================================================
23:36:01.0482 5016 \Device\Harddisk0\DR0:
23:36:01.0483 5016 MBR partitions:
23:36:01.0483 5016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:36:01.0483 5016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
23:36:01.0483 5016 ============================================================
23:36:01.0520 5016 C: <-> \Device\Harddisk0\DR0\Partition1
23:36:01.0520 5016 ============================================================
23:36:01.0521 5016 Initialize success
23:36:01.0521 5016 ============================================================
23:36:30.0020 4608 ============================================================
23:36:30.0021 4608 Scan started
23:36:30.0021 4608 Mode: Manual; SigCheck; TDLFS;
23:36:30.0021 4608 ============================================================
23:36:31.0937 4608 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:36:32.0334 4608 1394ohci - ok
23:36:32.0415 4608 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:36:32.0456 4608 ACPI - ok
23:36:32.0500 4608 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:36:32.0571 4608 AcpiPmi - ok
23:36:32.0679 4608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:36:32.0764 4608 adp94xx - ok
23:36:32.0849 4608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:36:32.0895 4608 adpahci - ok
23:36:32.0927 4608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:36:32.0965 4608 adpu320 - ok
23:36:33.0014 4608 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:36:33.0128 4608 AeLookupSvc - ok
23:36:33.0206 4608 AFBAgent (734d1ba96be6ad8d04e6afead569ea8a) C:\Windows\system32\FBAgent.exe
23:36:34.0201 4608 AFBAgent - ok
23:36:34.0364 4608 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:36:34.0459 4608 AFD - ok
23:36:34.0513 4608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:36:34.0537 4608 agp440 - ok
23:36:34.0564 4608 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:36:34.0654 4608 ALG - ok
23:36:34.0708 4608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:36:34.0740 4608 aliide - ok
23:36:34.0772 4608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:36:34.0794 4608 amdide - ok
23:36:34.0826 4608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:36:34.0892 4608 AmdK8 - ok
23:36:34.0923 4608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:36:34.0996 4608 AmdPPM - ok
23:36:35.0063 4608 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
23:36:35.0093 4608 amdsata - ok
23:36:35.0129 4608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:36:35.0152 4608 amdsbs - ok
23:36:35.0192 4608 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
23:36:35.0238 4608 amdxata - ok
23:36:35.0480 4608 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:36:35.0538 4608 AntiVirSchedulerService - ok
23:36:35.0672 4608 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:36:35.0691 4608 AntiVirService - ok
23:36:35.0740 4608 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:36:35.0836 4608 AppID - ok
23:36:35.0868 4608 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:36:35.0937 4608 AppIDSvc - ok
23:36:35.0988 4608 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:36:36.0042 4608 Appinfo - ok
23:36:36.0094 4608 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:36:36.0181 4608 AppMgmt - ok
23:36:36.0202 4608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:36:36.0223 4608 arc - ok
23:36:36.0241 4608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:36:36.0262 4608 arcsas - ok
23:36:36.0329 4608 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:36:36.0368 4608 ASLDRService - ok
23:36:36.0417 4608 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:36:36.0450 4608 ASMMAP64 - ok
23:36:36.0486 4608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:36:36.0563 4608 AsyncMac - ok
23:36:36.0645 4608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:36:36.0668 4608 atapi - ok
23:36:36.0766 4608 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
23:36:36.0982 4608 athr - ok
23:36:37.0047 4608 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:36:37.0087 4608 ATKGFNEXSrv - ok
23:36:37.0254 4608 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:36:37.0424 4608 AudioEndpointBuilder - ok
23:36:37.0432 4608 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:36:37.0483 4608 AudioSrv - ok
23:36:37.0597 4608 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
23:36:37.0644 4608 avgntflt - ok
23:36:37.0686 4608 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
23:36:37.0711 4608 avipbb - ok
23:36:37.0828 4608 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:36:37.0946 4608 AxInstSV - ok
23:36:37.0997 4608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:36:38.0073 4608 b06bdrv - ok
23:36:38.0105 4608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:36:38.0174 4608 b57nd60a - ok
23:36:38.0229 4608 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:36:38.0283 4608 BDESVC - ok
23:36:38.0306 4608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:36:38.0415 4608 Beep - ok
23:36:38.0566 4608 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:36:38.0639 4608 BFE - ok
23:36:38.0838 4608 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:36:39.0046 4608 BITS - ok
23:36:39.0104 4608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:36:39.0143 4608 blbdrive - ok
23:36:39.0179 4608 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:36:39.0204 4608 bowser - ok
23:36:39.0228 4608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:36:39.0273 4608 BrFiltLo - ok
23:36:39.0277 4608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:36:39.0299 4608 BrFiltUp - ok
23:36:39.0362 4608 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:36:39.0447 4608 BridgeMP - ok
23:36:39.0490 4608 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:36:39.0566 4608 Browser - ok
23:36:39.0592 4608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:36:39.0668 4608 Brserid - ok
23:36:39.0691 4608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:36:39.0746 4608 BrSerWdm - ok
23:36:39.0770 4608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:36:39.0827 4608 BrUsbMdm - ok
23:36:39.0834 4608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:36:39.0885 4608 BrUsbSer - ok
23:36:39.0905 4608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:36:39.0939 4608 BTHMODEM - ok
23:36:40.0001 4608 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:36:40.0160 4608 bthserv - ok
23:36:40.0226 4608 catchme - ok
23:36:40.0260 4608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:36:40.0360 4608 cdfs - ok
23:36:40.0456 4608 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:36:40.0503 4608 cdrom - ok
23:36:40.0565 4608 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:36:40.0654 4608 CertPropSvc - ok
23:36:40.0695 4608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:36:40.0760 4608 circlass - ok
23:36:40.0804 4608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:36:40.0841 4608 CLFS - ok
23:36:40.0885 4608 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:36:40.0933 4608 clr_optimization_v2.0.50727_32 - ok
23:36:40.0988 4608 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:36:41.0022 4608 clr_optimization_v2.0.50727_64 - ok
23:36:41.0061 4608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:36:41.0099 4608 CmBatt - ok
23:36:41.0138 4608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:36:41.0159 4608 cmdide - ok
23:36:41.0214 4608 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:36:41.0333 4608 CNG - ok
23:36:41.0472 4608 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
23:36:41.0540 4608 CnxtHdAudService - ok
23:36:41.0582 4608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:36:41.0613 4608 Compbatt - ok
23:36:41.0663 4608 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:36:41.0720 4608 CompositeBus - ok
23:36:41.0746 4608 COMSysApp - ok
23:36:41.0789 4608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:36:41.0822 4608 crcdisk - ok
23:36:41.0875 4608 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:36:41.0969 4608 CryptSvc - ok
23:36:42.0032 4608 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:36:42.0137 4608 CSC - ok
23:36:42.0209 4608 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:36:42.0271 4608 CscService - ok
23:36:42.0424 4608 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:36:42.0503 4608 DcomLaunch - ok
23:36:42.0568 4608 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:36:42.0648 4608 defragsvc - ok
23:36:42.0727 4608 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:36:42.0822 4608 DfsC - ok
23:36:42.0876 4608 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:36:42.0965 4608 Dhcp - ok
23:36:42.0995 4608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:36:43.0054 4608 discache - ok
23:36:43.0075 4608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:36:43.0095 4608 Disk - ok
23:36:43.0142 4608 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:36:43.0214 4608 Dnscache - ok
23:36:43.0268 4608 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:36:43.0367 4608 dot3svc - ok
23:36:43.0433 4608 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:36:43.0493 4608 DPS - ok
23:36:43.0522 4608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:36:43.0555 4608 drmkaud - ok
23:36:43.0695 4608 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:36:43.0797 4608 DXGKrnl - ok
23:36:43.0825 4608 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:36:43.0893 4608 EapHost - ok
23:36:44.0053 4608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:36:44.0238 4608 ebdrv - ok
23:36:44.0344 4608 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:36:44.0392 4608 EFS - ok
23:36:44.0531 4608 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:36:44.0608 4608 ehRecvr - ok
23:36:44.0632 4608 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:36:44.0671 4608 ehSched - ok
23:36:44.0978 4608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:36:45.0118 4608 elxstor - ok
23:36:45.0147 4608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:36:45.0180 4608 ErrDev - ok
23:36:45.0409 4608 ETD (38b0a3e42de9b36aa56f72a5ecb62331) C:\Windows\system32\DRIVERS\ETD.sys
23:36:45.0482 4608 ETD - ok
23:36:45.0526 4608 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:36:45.0614 4608 EventSystem - ok
23:36:45.0783 4608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:36:45.0855 4608 exfat - ok
23:36:45.0884 4608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:36:45.0965 4608 fastfat - ok
23:36:46.0054 4608 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:36:46.0219 4608 Fax - ok
23:36:46.0259 4608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:36:46.0306 4608 fdc - ok
23:36:46.0344 4608 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:36:46.0427 4608 fdPHost - ok
23:36:46.0444 4608 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:36:46.0502 4608 FDResPub - ok
23:36:46.0524 4608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:36:46.0543 4608 FileInfo - ok
23:36:46.0554 4608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:36:46.0603 4608 Filetrace - ok
23:36:46.0677 4608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:36:46.0693 4608 flpydisk - ok
23:36:46.0864 4608 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:36:46.0938 4608 FltMgr - ok
23:36:47.0019 4608 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:36:47.0137 4608 FontCache - ok
23:36:47.0217 4608 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:36:47.0237 4608 FontCache3.0.0.0 - ok
23:36:47.0293 4608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:36:47.0325 4608 FsDepends - ok
23:36:47.0364 4608 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:36:47.0393 4608 Fs_Rec - ok
23:36:47.0454 4608 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:36:47.0486 4608 fvevol - ok
23:36:47.0497 4608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:36:47.0517 4608 gagp30kx - ok
23:36:47.0587 4608 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
23:36:47.0613 4608 ghaio - ok
23:36:47.0767 4608 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:36:47.0949 4608 gpsvc - ok
23:36:48.0075 4608 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:48.0129 4608 gupdate - ok
23:36:48.0159 4608 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:48.0180 4608 gupdatem - ok
23:36:48.0201 4608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:36:48.0289 4608 hcw85cir - ok
23:36:48.0355 4608 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:36:48.0414 4608 HdAudAddService - ok
23:36:48.0443 4608 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:36:48.0469 4608 HDAudBus - ok
23:36:48.0503 4608 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:36:48.0530 4608 HECIx64 - ok
23:36:48.0557 4608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:36:48.0595 4608 HidBatt - ok
23:36:48.0618 4608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:36:48.0652 4608 HidBth - ok
23:36:48.0664 4608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:36:48.0696 4608 HidIr - ok
23:36:48.0717 4608 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:36:48.0784 4608 hidserv - ok
23:36:48.0858 4608 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:36:48.0914 4608 HidUsb - ok
23:36:49.0004 4608 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:36:49.0074 4608 hkmsvc - ok
23:36:49.0117 4608 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:36:49.0190 4608 HomeGroupListener - ok
23:36:49.0229 4608 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:36:49.0297 4608 HomeGroupProvider - ok
23:36:49.0336 4608 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:36:49.0372 4608 HpSAMD - ok
23:36:49.0453 4608 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:36:49.0571 4608 HTTP - ok
23:36:49.0610 4608 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:36:49.0637 4608 hwpolicy - ok
23:36:49.0679 4608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:36:49.0714 4608 i8042prt - ok
23:36:49.0757 4608 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
23:36:49.0775 4608 iaStor - ok
23:36:49.0847 4608 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
23:36:49.0888 4608 iaStorV - ok
23:36:50.0083 4608 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:36:50.0173 4608 idsvc - ok
23:36:50.0647 4608 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:36:51.0037 4608 igfx - ok
23:36:51.0176 4608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:36:51.0209 4608 iirsp - ok
23:36:51.0283 4608 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:36:51.0399 4608 IKEEXT - ok
23:36:51.0448 4608 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
23:36:51.0487 4608 Impcd - ok
23:36:51.0532 4608 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:36:51.0591 4608 IntcDAud - ok
23:36:51.0635 4608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:36:51.0664 4608 intelide - ok
23:36:51.0707 4608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:36:51.0735 4608 intelppm - ok
23:36:51.0767 4608 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:36:51.0830 4608 IPBusEnum - ok
23:36:51.0901 4608 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:36:52.0027 4608 IpFilterDriver - ok
23:36:52.0208 4608 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:36:52.0299 4608 iphlpsvc - ok
23:36:52.0339 4608 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:36:52.0384 4608 IPMIDRV - ok
23:36:52.0407 4608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:36:52.0476 4608 IPNAT - ok
23:36:52.0480 4608 ipswuio - ok
23:36:52.0510 4608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:36:52.0537 4608 IRENUM - ok
23:36:52.0582 4608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:36:52.0613 4608 isapnp - ok
23:36:52.0631 4608 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:36:52.0660 4608 iScsiPrt - ok
23:36:52.0713 4608 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
23:36:52.0743 4608 JMCR - ok
23:36:52.0762 4608 JME (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
23:36:52.0802 4608 JME - ok
23:36:52.0851 4608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:36:52.0879 4608 kbdclass - ok
23:36:52.0954 4608 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:36:53.0012 4608 kbdhid - ok
23:36:53.0054 4608 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
23:36:53.0081 4608 kbfiltr - ok
23:36:53.0126 4608 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:53.0139 4608 KeyIso - ok
23:36:53.0195 4608 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:36:53.0215 4608 KSecDD - ok
23:36:53.0250 4608 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:36:53.0273 4608 KSecPkg - ok
23:36:53.0306 4608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:36:53.0360 4608 ksthunk - ok
23:36:53.0401 4608 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:36:53.0487 4608 KtmRm - ok
23:36:53.0545 4608 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:36:53.0647 4608 LanmanServer - ok
23:36:53.0704 4608 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:36:53.0795 4608 LanmanWorkstation - ok
23:36:53.0847 4608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:36:53.0947 4608 lltdio - ok
23:36:53.0981 4608 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:36:54.0060 4608 lltdsvc - ok
23:36:54.0082 4608 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:36:54.0139 4608 lmhosts - ok
23:36:54.0235 4608 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:36:54.0299 4608 LMS ( UnsignedFile.Multi.Generic ) - warning
23:36:54.0299 4608 LMS - detected UnsignedFile.Multi.Generic (1)
23:36:54.0342 4608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:36:54.0372 4608 LSI_FC - ok
23:36:54.0399 4608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:36:54.0420 4608 LSI_SAS - ok
23:36:54.0433 4608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:36:54.0452 4608 LSI_SAS2 - ok
23:36:54.0471 4608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:36:54.0491 4608 LSI_SCSI - ok
23:36:54.0520 4608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:36:54.0593 4608 luafv - ok
23:36:54.0653 4608 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
23:36:54.0677 4608 lullaby - ok
23:36:54.0742 4608 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:36:54.0777 4608 Mcx2Svc - ok
23:36:54.0799 4608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:36:54.0817 4608 megasas - ok
23:36:54.0904 4608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:36:54.0951 4608 MegaSR - ok
23:36:55.0017 4608 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:36:55.0087 4608 MMCSS - ok
23:36:55.0124 4608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:36:55.0185 4608 Modem - ok
23:36:55.0205 4608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:36:55.0228 4608 monitor - ok
23:36:55.0274 4608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:36:55.0292 4608 mouclass - ok
23:36:55.0310 4608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:36:55.0344 4608 mouhid - ok
23:36:55.0378 4608 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:36:55.0392 4608 mountmgr - ok
23:36:55.0513 4608 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:36:55.0559 4608 MozillaMaintenance - ok
23:36:55.0621 4608 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:36:55.0664 4608 mpio - ok
23:36:55.0690 4608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:36:55.0740 4608 mpsdrv - ok
23:36:55.0892 4608 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:36:56.0013 4608 MpsSvc - ok
23:36:56.0058 4608 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:36:56.0115 4608 MRxDAV - ok
23:36:56.0158 4608 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:36:56.0216 4608 mrxsmb - ok
23:36:56.0259 4608 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:36:56.0290 4608 mrxsmb10 - ok
23:36:56.0309 4608 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:36:56.0329 4608 mrxsmb20 - ok
23:36:56.0361 4608 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:36:56.0392 4608 msahci - ok
23:36:56.0411 4608 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:36:56.0435 4608 msdsm - ok
23:36:56.0468 4608 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:36:56.0503 4608 MSDTC - ok
23:36:56.0528 4608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:36:56.0579 4608 Msfs - ok
23:36:56.0595 4608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:36:56.0660 4608 mshidkmdf - ok
23:36:56.0699 4608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:36:56.0716 4608 msisadrv - ok
23:36:56.0757 4608 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:36:56.0819 4608 MSiSCSI - ok
23:36:56.0823 4608 msiserver - ok
23:36:56.0868 4608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:36:56.0937 4608 MSKSSRV - ok
23:36:56.0952 4608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:36:57.0044 4608 MSPCLOCK - ok
23:36:57.0070 4608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:36:57.0144 4608 MSPQM - ok
23:36:57.0194 4608 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:36:57.0234 4608 MsRPC - ok
23:36:57.0274 4608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:36:57.0288 4608 mssmbios - ok
23:36:57.0333 4608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:36:57.0399 4608 MSTEE - ok
23:36:57.0418 4608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:36:57.0446 4608 MTConfig - ok
23:36:57.0470 4608 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
23:36:57.0483 4608 MTsensor - ok
23:36:57.0510 4608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:36:57.0536 4608 Mup - ok
23:36:57.0649 4608 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:36:57.0726 4608 napagent - ok
23:36:57.0770 4608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:36:57.0817 4608 NativeWifiP - ok
23:36:57.0907 4608 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:36:57.0982 4608 NDIS - ok
23:36:58.0002 4608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:36:58.0051 4608 NdisCap - ok
23:36:58.0077 4608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:36:58.0136 4608 NdisTapi - ok
23:36:58.0180 4608 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:36:58.0238 4608 Ndisuio - ok
23:36:58.0284 4608 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:36:58.0373 4608 NdisWan - ok
23:36:58.0442 4608 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:36:58.0539 4608 NDProxy - ok
23:36:58.0580 4608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:36:58.0648 4608 NetBIOS - ok
23:36:58.0699 4608 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:36:58.0766 4608 NetBT - ok
23:36:58.0794 4608 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:58.0807 4608 Netlogon - ok
23:36:58.0867 4608 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:36:58.0970 4608 Netman - ok
23:36:59.0008 4608 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:36:59.0131 4608 netprofm - ok
23:36:59.0267 4608 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:36:59.0297 4608 NetTcpPortSharing - ok
23:36:59.0321 4608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:36:59.0340 4608 nfrd960 - ok
23:36:59.0495 4608 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:36:59.0584 4608 NlaSvc - ok
23:36:59.0627 4608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:36:59.0676 4608 Npfs - ok
23:36:59.0702 4608 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:36:59.0765 4608 nsi - ok
23:36:59.0794 4608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:36:59.0866 4608 nsiproxy - ok
23:36:59.0985 4608 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
23:37:00.0119 4608 Ntfs - ok
23:37:00.0245 4608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:37:00.0340 4608 Null - ok
23:37:00.0414 4608 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
23:37:00.0436 4608 nvraid - ok
23:37:00.0453 4608 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
23:37:00.0476 4608 nvstor - ok
23:37:00.0523 4608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:37:00.0545 4608 nv_agp - ok
23:37:00.0635 4608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:37:00.0682 4608 ohci1394 - ok
23:37:00.0767 4608 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:37:00.0818 4608 ose - ok
23:37:00.0875 4608 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:37:00.0964 4608 p2pimsvc - ok
23:37:01.0015 4608 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:37:01.0076 4608 p2psvc - ok
23:37:01.0106 4608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:37:01.0134 4608 Parport - ok
23:37:01.0173 4608 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:37:01.0194 4608 partmgr - ok
23:37:01.0224 4608 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:37:01.0264 4608 PcaSvc - ok
23:37:01.0307 4608 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:37:01.0348 4608 pci - ok
23:37:01.0383 4608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:37:01.0403 4608 pciide - ok
23:37:01.0430 4608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:37:01.0461 4608 pcmcia - ok
23:37:01.0474 4608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:37:01.0492 4608 pcw - ok
23:37:01.0582 4608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:37:01.0717 4608 PEAUTH - ok
23:37:01.0801 4608 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:37:01.0950 4608 PeerDistSvc - ok
23:37:02.0086 4608 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:37:02.0172 4608 PerfHost - ok
23:37:02.0341 4608 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:37:02.0530 4608 pla - ok
23:37:02.0633 4608 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:37:02.0676 4608 PlugPlay - ok
23:37:02.0743 4608 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:37:02.0793 4608 PNRPAutoReg - ok
23:37:02.0822 4608 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:37:02.0838 4608 PNRPsvc - ok
23:37:02.0898 4608 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:37:03.0018 4608 PolicyAgent - ok
23:37:03.0054 4608 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:37:03.0111 4608 Power - ok
23:37:03.0192 4608 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:37:03.0282 4608 PptpMiniport - ok
23:37:03.0316 4608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:37:03.0364 4608 Processor - ok
23:37:03.0421 4608 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:37:03.0509 4608 ProfSvc - ok
23:37:03.0538 4608 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:37:03.0552 4608 ProtectedStorage - ok
23:37:03.0641 4608 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:37:03.0723 4608 Psched - ok
23:37:03.0856 4608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:37:03.0973 4608 ql2300 - ok
23:37:04.0105 4608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:37:04.0145 4608 ql40xx - ok
23:37:04.0179 4608 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:37:04.0222 4608 QWAVE - ok
23:37:04.0246 4608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:37:04.0289 4608 QWAVEdrv - ok
23:37:04.0310 4608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:37:04.0389 4608 RasAcd - ok
23:37:04.0434 4608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:37:04.0494 4608 RasAgileVpn - ok
23:37:04.0530 4608 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:37:04.0582 4608 RasAuto - ok
23:37:04.0664 4608 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:37:04.0732 4608 Rasl2tp - ok
23:37:04.0828 4608 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:37:04.0950 4608 RasMan - ok
23:37:04.0990 4608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:37:05.0050 4608 RasPppoe - ok
23:37:05.0085 4608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:37:05.0146 4608 RasSstp - ok
23:37:05.0207 4608 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:37:05.0292 4608 rdbss - ok
23:37:05.0318 4608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:37:05.0346 4608 rdpbus - ok
23:37:05.0365 4608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:37:05.0420 4608 RDPCDD - ok
23:37:05.0467 4608 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:37:05.0502 4608 RDPDR - ok
23:37:05.0538 4608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:37:05.0614 4608 RDPENCDD - ok
23:37:05.0663 4608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:37:05.0751 4608 RDPREFMP - ok
23:37:05.0860 4608 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:37:05.0949 4608 RDPWD - ok
23:37:06.0006 4608 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:37:06.0042 4608 rdyboost - ok
23:37:06.0064 4608 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:37:06.0116 4608 RemoteAccess - ok
23:37:06.0157 4608 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:37:06.0228 4608 RemoteRegistry - ok
23:37:06.0265 4608 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:37:06.0336 4608 RpcEptMapper - ok
23:37:06.0356 4608 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:37:06.0398 4608 RpcLocator - ok
23:37:06.0463 4608 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:37:06.0529 4608 RpcSs - ok
23:37:06.0568 4608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:37:06.0664 4608 rspndr - ok
23:37:06.0694 4608 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:37:06.0780 4608 s3cap - ok
23:37:06.0807 4608 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:37:06.0820 4608 SamSs - ok
23:37:06.0910 4608 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:37:06.0934 4608 sbp2port - ok
23:37:06.0983 4608 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:37:07.0062 4608 SCardSvr - ok
23:37:07.0103 4608 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:37:07.0178 4608 scfilter - ok
23:37:07.0258 4608 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:37:07.0415 4608 Schedule - ok
23:37:07.0452 4608 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:37:07.0496 4608 SCPolicySvc - ok
23:37:07.0549 4608 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:37:07.0621 4608 sdbus - ok
23:37:07.0707 4608 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:37:07.0806 4608 SDRSVC - ok
23:37:07.0875 4608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:37:07.0943 4608 secdrv - ok
23:37:07.0977 4608 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:37:08.0053 4608 seclogon - ok
23:37:08.0149 4608 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:37:08.0204 4608 SENS - ok
23:37:08.0223 4608 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:37:08.0273 4608 SensrSvc - ok
23:37:08.0291 4608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:37:08.0309 4608 Serenum - ok
23:37:08.0338 4608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:37:08.0374 4608 Serial - ok
23:37:08.0419 4608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:37:08.0458 4608 sermouse - ok
23:37:08.0525 4608 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:37:08.0619 4608 SessionEnv - ok
23:37:08.0650 4608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:37:08.0690 4608 sffdisk - ok
23:37:08.0703 4608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:37:08.0728 4608 sffp_mmc - ok
23:37:08.0744 4608 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:37:08.0777 4608 sffp_sd - ok
23:37:08.0804 4608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:37:08.0844 4608 sfloppy - ok
23:37:08.0935 4608 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:37:09.0030 4608 SharedAccess - ok
23:37:09.0172 4608 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:37:09.0254 4608 ShellHWDetection - ok
23:37:09.0279 4608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:37:09.0298 4608 SiSRaid2 - ok
23:37:09.0314 4608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:37:09.0346 4608 SiSRaid4 - ok
23:37:09.0373 4608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:37:09.0443 4608 Smb - ok
23:37:09.0495 4608 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:37:09.0530 4608 SNMPTRAP - ok
23:37:09.0686 4608 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
23:37:09.0805 4608 SNP2UVC - ok
23:37:09.0983 4608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:37:10.0005 4608 spldr - ok
23:37:10.0139 4608 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
23:37:10.0231 4608 spmgr - ok
23:37:10.0290 4608 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:37:10.0370 4608 Spooler - ok
23:37:10.0554 4608 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:37:10.0727 4608 sppsvc - ok
23:37:10.0839 4608 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:37:10.0937 4608 sppuinotify - ok
23:37:11.0135 4608 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
23:37:11.0339 4608 sptd - ok
23:37:11.0429 4608 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:37:11.0492 4608 srv - ok
23:37:11.0546 4608 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:37:11.0605 4608 srv2 - ok
23:37:11.0627 4608 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:37:11.0663 4608 srvnet - ok
23:37:11.0715 4608 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:37:11.0785 4608 SSDPSRV - ok
23:37:11.0799 4608 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:37:11.0851 4608 SstpSvc - ok
23:37:11.0871 4608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:37:11.0890 4608 stexstor - ok
23:37:11.0959 4608 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:37:12.0074 4608 stisvc - ok
23:37:12.0115 4608 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:37:12.0145 4608 storflt - ok
23:37:12.0200 4608 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
23:37:12.0228 4608 StorSvc - ok
23:37:12.0239 4608 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:37:12.0257 4608 storvsc - ok
23:37:12.0265 4608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:37:12.0282 4608 swenum - ok
23:37:12.0415 4608 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:37:12.0502 4608 swprv - ok
23:37:12.0609 4608 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:37:12.0709 4608 SysMain - ok
23:37:12.0807 4608 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:37:12.0850 4608 TabletInputService - ok
23:37:12.0880 4608 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:37:12.0961 4608 TapiSrv - ok
23:37:12.0977 4608 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:37:13.0029 4608 TBS - ok
23:37:13.0212 4608 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:37:13.0367 4608 Tcpip - ok
23:37:13.0667 4608 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:37:13.0723 4608 TCPIP6 - ok
23:37:13.0875 4608 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:37:13.0984 4608 tcpipreg - ok
23:37:14.0023 4608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:37:14.0093 4608 TDPIPE - ok
23:37:14.0128 4608 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:37:14.0169 4608 TDTCP - ok
23:37:14.0227 4608 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:37:14.0296 4608 tdx - ok
23:37:14.0536 4608 TeamViewer6 (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
23:37:14.0705 4608 TeamViewer6 - ok
23:37:14.0843 4608 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:37:14.0868 4608 teamviewervpn - ok
23:37:14.0915 4608 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:37:14.0937 4608 TermDD - ok
23:37:14.0997 4608 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:37:15.0123 4608 TermService - ok
23:37:15.0164 4608 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:37:15.0207 4608 Themes - ok
23:37:15.0235 4608 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:37:15.0281 4608 THREADORDER - ok
23:37:15.0313 4608 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:37:15.0375 4608 TrkWks - ok
23:37:15.0493 4608 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:37:15.0557 4608 TrustedInstaller - ok
23:37:15.0618 4608 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:37:15.0684 4608 tssecsrv - ok
23:37:15.0758 4608 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:37:15.0825 4608 TsUsbFlt - ok
23:37:15.0883 4608 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:37:15.0952 4608 tunnel - ok
23:37:15.0979 4608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:37:16.0015 4608 uagp35 - ok
23:37:16.0061 4608 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:37:16.0132 4608 udfs - ok
23:37:16.0161 4608 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:37:16.0188 4608 UI0Detect - ok
23:37:16.0230 4608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:37:16.0258 4608 uliagpkx - ok
23:37:16.0296 4608 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:37:16.0331 4608 umbus - ok
23:37:16.0358 4608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:37:16.0375 4608 UmPass - ok
23:37:16.0421 4608 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:37:16.0481 4608 UmRdpService - ok
23:37:16.0730 4608 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:37:16.0840 4608 UNS ( UnsignedFile.Multi.Generic ) - warning
23:37:16.0840 4608 UNS - detected UnsignedFile.Multi.Generic (1)
23:37:16.0953 4608 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:37:17.0025 4608 upnphost - ok
23:37:17.0078 4608 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
23:37:17.0112 4608 usbccgp - ok
23:37:17.0162 4608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:37:17.0211 4608 usbcir - ok
23:37:17.0225 4608 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
23:37:17.0276 4608 usbehci - ok
23:37:17.0333 4608 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
23:37:17.0394 4608 usbhub - ok
23:37:17.0430 4608 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
23:37:17.0454 4608 usbohci - ok
23:37:17.0485 4608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:37:17.0523 4608 usbprint - ok
23:37:17.0545 4608 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:37:17.0574 4608 USBSTOR - ok
23:37:17.0591 4608 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
23:37:17.0645 4608 usbuhci - ok
23:37:17.0742 4608 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:37:17.0806 4608 usbvideo - ok
23:37:17.0895 4608 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:37:17.0966 4608 UxSms - ok
23:37:18.0032 4608 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:37:18.0045 4608 VaultSvc - ok
23:37:18.0095 4608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:37:18.0136 4608 vdrvroot - ok
23:37:18.0196 4608 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:37:18.0291 4608 vds - ok
23:37:18.0324 4608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:37:18.0345 4608 vga - ok
23:37:18.0354 4608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:37:18.0412 4608 VgaSave - ok
23:37:18.0440 4608 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:37:18.0466 4608 vhdmp - ok
23:37:18.0498 4608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:37:18.0529 4608 viaide - ok
23:37:18.0573 4608 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:37:18.0599 4608 vmbus - ok
23:37:18.0639 4608 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:37:18.0679 4608 VMBusHID - ok
23:37:18.0708 4608 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:37:18.0730 4608 volmgr - ok
23:37:18.0956 4608 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:37:18.0989 4608 volmgrx - ok
23:37:19.0098 4608 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:37:19.0125 4608 volsnap - ok
23:37:19.0151 4608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:37:19.0174 4608 vsmraid - ok
23:37:19.0271 4608 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:37:19.0398 4608 VSS - ok
23:37:19.0521 4608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:37:19.0574 4608 vwifibus - ok
23:37:19.0601 4608 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:37:19.0627 4608 vwififlt - ok
23:37:19.0663 4608 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:37:19.0746 4608 W32Time - ok
23:37:19.0776 4608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:37:19.0800 4608 WacomPen - ok
23:37:19.0917 4608 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:37:19.0987 4608 WANARP - ok
23:37:19.0991 4608 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:37:20.0033 4608 Wanarpv6 - ok
23:37:20.0167 4608 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:37:20.0320 4608 wbengine - ok
23:37:20.0416 4608 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:37:20.0459 4608 WbioSrvc - ok
23:37:20.0508 4608 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:37:20.0558 4608 wcncsvc - ok
23:37:20.0569 4608 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:37:20.0598 4608 WcsPlugInService - ok
23:37:20.0637 4608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:37:20.0665 4608 Wd - ok
23:37:20.0704 4608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:37:20.0773 4608 Wdf01000 - ok
23:37:20.0792 4608 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:37:20.0903 4608 WdiServiceHost - ok
23:37:20.0909 4608 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:37:20.0931 4608 WdiSystemHost - ok
23:37:21.0021 4608 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:37:21.0076 4608 WebClient - ok
23:37:21.0137 4608 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:37:21.0220 4608 Wecsvc - ok
23:37:21.0250 4608 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:37:21.0316 4608 wercplsupport - ok
23:37:21.0349 4608 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:37:21.0413 4608 WerSvc - ok
23:37:21.0475 4608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:37:21.0538 4608 WfpLwf - ok
23:37:21.0597 4608 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
23:37:21.0621 4608 WimFltr - ok
23:37:21.0639 4608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:37:21.0656 4608 WIMMount - ok
23:37:21.0686 4608 WinDefend - ok
23:37:21.0693 4608 WinHttpAutoProxySvc - ok
23:37:21.0760 4608 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:37:21.0828 4608 Winmgmt - ok
23:37:22.0205 4608 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:37:22.0317 4608 WinRM - ok
23:37:22.0487 4608 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:37:22.0541 4608 WinUsb - ok
23:37:22.0605 4608 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:37:22.0700 4608 Wlansvc - ok
23:37:22.0722 4608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:37:22.0749 4608 WmiAcpi - ok
23:37:22.0809 4608 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:37:22.0864 4608 wmiApSrv - ok
23:37:22.0927 4608 WMPNetworkSvc - ok
23:37:22.0974 4608 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:37:23.0044 4608 WPCSvc - ok
23:37:23.0079 4608 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:37:23.0178 4608 WPDBusEnum - ok
23:37:23.0237 4608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:37:23.0304 4608 ws2ifsl - ok
23:37:23.0321 4608 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:37:23.0358 4608 wscsvc - ok
23:37:23.0362 4608 WSearch - ok
23:37:23.0504 4608 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:37:23.0667 4608 wuauserv - ok
23:37:23.0809 4608 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:37:23.0901 4608 WudfPf - ok
23:37:23.0946 4608 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:37:24.0009 4608 WUDFRd - ok
23:37:24.0076 4608 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:37:24.0145 4608 wudfsvc - ok
23:37:24.0184 4608 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:37:24.0216 4608 WwanSvc - ok
23:37:24.0408 4608 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
23:37:24.0444 4608 x10nets ( UnsignedFile.Multi.Generic ) - warning
23:37:24.0444 4608 x10nets - detected UnsignedFile.Multi.Generic (1)
23:37:24.0475 4608 XUIF (1fa025e95f0af58f6ed439a83b84903a) C:\Windows\system32\Drivers\x10ufx2.sys
23:37:24.0511 4608 XUIF - ok
23:37:24.0540 4608 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:37:24.0848 4608 \Device\Harddisk0\DR0 - ok
23:37:24.0853 4608 Boot (0x1200) (dc53e0c3ceaaf8b04e2e186b5b709622) \Device\Harddisk0\DR0\Partition0
23:37:24.0857 4608 \Device\Harddisk0\DR0\Partition0 - ok
23:37:24.0891 4608 Boot (0x1200) (fc9d7424d524cad2eb9e32d0e2673b4d) \Device\Harddisk0\DR0\Partition1
23:37:24.0894 4608 \Device\Harddisk0\DR0\Partition1 - ok
23:37:24.0895 4608 ============================================================
23:37:24.0895 4608 Scan finished
23:37:24.0895 4608 ============================================================
23:37:24.0914 1388 Detected object count: 3
23:37:24.0914 1388 Actual detected object count: 3
23:37:37.0337 1388 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:37.0338 1388 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:37.0338 1388 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:37.0338 1388 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:37.0341 1388 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:37.0341 1388 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:17.0815 4460 Deinitialize success
|
|
17.07.2012, 21:53
| #6 |
| /// Malware-holic | My Security Shield inaktiv? sieht gut aus. lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> My Security Shield inaktiv? |
|
17.07.2012, 22:25
| #7 |
| | My Security Shield inaktiv? Habe mal so gut es geht versucht die Programme zu kategorisieren: Code:
ATTFilter Acrobat.com Adobe Systems Incorporated 23.12.2010 1,58MB 1.1.377 -->unbekannt Adobe AIR Adobe Systems Inc. 23.12.2010 1.5.0.7220 -->unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 23.12.2010 6,00MB 10.1.102.64 -->notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 22.05.2011 6,00MB 10.3.181.14 -->unbekannt Adobe Reader 9.0.1 Adobe Systems Incorporated 23.12.2010 202MB 9.0.1 -->notwendig ASUS CopyProtect ASUS 23.12.2010 3,62MB 1.0.0015 -->unnötig ASUS FancyStart ASUSTeK Computer Inc. 23.12.2010 12,0MB 1.0.8 -->unbekannt ASUS LifeFrame3 ASUS 23.12.2010 27,7MB 3.0.20 -->unbekannt ASUS Live Update ASUS 23.12.2010 2.5.9 -->unbekannt ASUS MultiFrame ASUS 23.12.2010 1.0.0021 -->unbekannt ASUS Power4Gear Hybrid ASUS 23.12.2010 12,2MB 1.1.37 -->notwendig ASUS SmartLogon ASUS 23.12.2010 10,9MB 1.0.0008 -->unbekannt ASUS Splendid Video Enhancement Technology ASUS 23.12.2010 24,4MB 1.02.0028 -->unbekannt ASUS Virtual Camera asus 23.12.2010 3,12MB 1.0.20 -->notwendig ATK Package ASUS 23.12.2010 12,3MB 1.0.0006 -->unbekannt Avira AntiVir Personal - Free Antivirus Avira GmbH 16.02.2012 76,8MB 10.2.0.707 -->notwendig CCleaner Piriform 22.06.2012 3.20 -->neu zum Trojaner-Suchen CDBurnerXP CDBurnerXP 23.12.2010 11,1MB 4.3.8.2474 -->unnötig CDBurnerXP CDBurnerXP 01.03.2012 17,2MB 4.3.9.2762 -->notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 31.08.2010 113MB 12.0.6612.1000 -->notwendig Conexant HD Audio Conexant 23.12.2010 4.111.0.63 -->unbekannt ControlDeck ASUS 23.12.2010 1,81MB 1.0.8 -->unbekannt ESET Online Scanner v3 11.07.2012 -->neu zum Trojaner-Suchen ETDWare PS/2-x64 7.0.5.13_WHQL ELAN Microelectronics Corp. 23.12.2010 7.0.5.13 -->unbekannt EventGhost 0.4.1.r1509 EventGhost Project 24.06.2011 0.4.1.r1509 -->notwendig Fast Boot ASUS 23.12.2010 1,46MB 1.0.6 -->unbekannt Google Earth Plug-in Google 02.12.2010 40,8MB 6.1.0.5001 -->notwendig Intel(R) Control Center Intel Corporation 23.12.2010 1.2.1.1007 -->notwendig Intel(R) Graphics Media Accelerator Driver Intel Corporation 22.05.2011 8.15.10.2125 -->notwendig Intel(R) Management Engine Components Intel Corporation 23.12.2010 6.0.0.1179 -->notwendig JMicron Ethernet Adapter NDIS Driver JMicron Technology Corp. 23.12.2010 6.0.17.1 -->unbekannt JMicron Flash Media Controller Driver JMicron Technology Corp. 23.12.2010 1.0.33.2 -->unbekannt K_Series_ScreenSaver_EN 23.12.2010 -->unnötig Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 09.07.2012 18,0MB 1.61.0.1400 -->neu zum Trojaner-Suchen Microsoft Office File Validation Add-In Microsoft Corporation 20.10.2011 7,95MB 14.0.5130.5003 -->notwendig Microsoft Office Professional Edition 2003 Microsoft Corporation 13.07.2012 1,06GB 11.0.8173.0 -->notwendig Microsoft Silverlight Microsoft Corporation 12.05.2012 50,6MB 5.1.10411.0 -->unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.08.2011 300KB 8.0.61001 -->unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.12.2010 596KB 9.0.30729.4148 -->unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.08.2011 600KB 9.0.30729.6161 -->unbekannt Mozilla Firefox 13.0.1 (x86 de) Mozilla 17.06.2012 35,8MB 13.0.1 -->notwendig Mozilla Maintenance Service Mozilla 17.06.2012 309KB 13.0.1 -->unbekannt Mozilla Thunderbird (3.1.20) Mozilla 08.06.2012 3.1.20 (de) -->notwendig NB Probe 23.12.2010 -->unbekannt Need For Speed™ World Electronic Arts 27.12.2011 12,4MB 1.0.0.722 -->unnötig Net4Switch ASUS 23.12.2010 1.00.0020 -->unbekannt ooVoo ooVoo LLC. 19.05.2010 108KB 3.0.4038 -->notwendig Skype™ 5.3 Skype Technologies S.A. 12.05.2010 16,4MB 5.3.111 -->notwendig SRS Premium Sound Control Panel SRS Labs, Inc. 23.12.2010 1,82MB 1.8.5700 -->unbekannt TeamViewer 6 TeamViewer GmbH 23.12.2010 6.0.9947 -->notwendig USB2.0 UVC VGA WebCam Sonix 23.12.2010 5.8.54000.207 -->notwendig VLC media player 1.1.5 VideoLAN 23.12.2010 1.1.5 -->notwendig Winamp Nullsoft, Inc 23.12.2010 5.601 -->notwendig WinFlash ASUS 23.12.2010 852KB 2.30.3 -->unbekannt Wireless Console 3 ASUS 23.12.2010 2,43MB 3.0.18 -->unbekannt X10 Hardware(TM) 24.06.2011 -->notwendig Yahoo! Messenger Yahoo! Inc. 23.12.2010 -->unnötig |
|
19.07.2012, 20:37
| #8 |
| /// Malware-holic | My Security Shield inaktiv? deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: http://filepony.de/download-adobe_reader/ haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ESET K_Series_ScreenSaver_EN Need For Speed™ Yahoo öffne CCleaner analysieren starten öffne otl, cleanup pc startet neu, testen wie er läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.07.2012, 21:16
| #9 |
| | My Security Shield inaktiv? So, erledigt. Hab jetzt ein paar mal neu gestartet und ein paar der Standard-Programme gestartet. Scheint alles normal zu laufen soweit. Gibt es noch etwas, was ich tun sollte? Wurde durch einen der durchgeführten Schritte der Trojaner entfernt oder ist er noch immer da und versteckt sich nur sehr gut? |
|
19.07.2012, 22:59
| #10 |
| /// Malware-holic | My Security Shield inaktiv? der trojaner ist weg, sehe nichts mehr in den logs. jetzt den pc absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.72 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu My Security Shield inaktiv? |
| 4d36e972-e325-11ce-bfc1-08002be10318, administrator, antivir, antivirus, appdatalow, autorun, avira, downloader, error, excel, explorer, firefox, format, google earth, heuristiks/extra, heuristiks/shuriken, langs, logfile, mozilla, my security shield, nvidia, nvstor.sys, opera, programme, rarsfx0, registry, rundll, searchscopes, security, software, system, trojaner, windows, winlogon.exe, wrapper |
Linear-Darstellung
