Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.12.2011, 17:35   #1
keno1
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Icon17

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Hallo leute,

ich bin auf euer Forum gestoßen und sehe das ihr sehr hilfsbereit seit. Ich würde mich freuen, wenn ihr auch mal nen Blick auf mein Problem bitte werfen könntet. Dankeschön schonmal im voraus.

Mein Antivir hat vor ein paar Tagen den Trojaner TR/ATRAPS.Gen2 entdeckt. Als Auswahl wird bei Antivir angeboten es zu entfernen oder in Quarantäne zu setzen. Da es nach dem entfernen wieder und öffter aufgetaucht ist, habe ich es immer wieder in Quarantäne gesetzt.

Als fundstelle wird von Antivir angegeben:

C:\Users\***\AppData\Local\7b30d2dc\U\800000cb.@

Eigene Rechersche

Ich habe im Pc Welt Forum

unter (hxxp://www.pcwelt.de/forum/sicherheit/407098-tr-atraps-gen2.html)

gelesen, das es sich um einen Fehlalarm seitens Antivir handle, deshalb habe ich Antivir eine Anfrage geschickt.

Als Antwort bekam ich:

"Die Datei '4a8c18e0.vir' wurde als 'FALSE POSITIVE' eingestuft.Dies bedeutet, dass diese Datei nicht gefährlich und eine Fehlmeldung unsererseits ist.

Unsere Analytiker haben dieser Bedrohung den Namen gegeben.Das Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) entfernt werden.

Alternativ können Sie die Ergebnisse der Analyse hier einsehen:

hxxp://analysis.avira.com/samples/details.php?uniqueid=8pPX4kA6B2NJmg0kIXNWhMt6j5v2MV7T&incidentid=930684"


Symptome

Diese Symptome bringe ich mit dem Trojaner in Verbindung, da diese vorher nicht aufgetaucht waren:

1. Plötzlich erscheint ein Fenster. Da geht es um irgendein Javaskript. Mir steht zur Auswahl Öffnen, Speichern oder Abbrechen.

Ich habe immer Abbrechen gewählt bis auf einmal wo ich Öffnen gewählt habe. Aber es hat sich nichts geöffnet.

Leider kann ich es grade nicht näher beschreiben, weil ich mich nicht mehr gut daran erinnern kann.



2. Firefox versucht beim Start die folgende Seite zu öffnen: mediashifting.com/?search=what+are+the+order+of+degrees&subid=193&key=5e2e3c92c060abcb6729&p=1

aber ohne Erfolg. Es erscheint der Fehler: Server nicht gefunden



Zum Thema "kompletten Überblick von meinem System"

Ich habe Defogger gestartet und die Anweisungen befolgt, aber es hat weder zum Neustart aufgefordert noch eine Fehlermeldung ausgegeben.

Hier ist die Defogger Disable Log

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:34 on 27/12/2011 (Kenan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F


Schluss

So ich habe nun alle Schritte befolgt und die Logfiles als Anhang zugefügt.

Ich möchte euch noch mal danken, das ihr hier auf dieser Seite sowas gutes zustande gebracht habt um uns zu helfen.

Schöne Tage noch.

PS:
vielleicht ist die logfile von Antivir auch relevant. Hier ist sie:



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 26. Dezember 2011 00:22

Es wird nach 2964932 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KENAN-VAIO

Versionsinformationen:
BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25.10.2011 17:24:43
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 08.12.2011 19:42:32
AVREG.DLL : 12.1.0.27 227536 Bytes 09.12.2011 19:38:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:36:36
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 21:36:36
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 21:36:36
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 21:36:36
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 21:36:36
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 21:36:36
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 21:36:36
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 21:36:36
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 21:36:36
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 21:36:36
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 21:36:36
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 21:35:10
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 05:35:20
VBASE015.VDF : 7.11.20.0 2048 Bytes 24.12.2011 05:35:20
VBASE016.VDF : 7.11.20.1 2048 Bytes 24.12.2011 05:35:20
VBASE017.VDF : 7.11.20.2 2048 Bytes 24.12.2011 05:35:20
VBASE018.VDF : 7.11.20.3 2048 Bytes 24.12.2011 05:35:20
VBASE019.VDF : 7.11.20.4 2048 Bytes 24.12.2011 05:35:20
VBASE020.VDF : 7.11.20.5 2048 Bytes 24.12.2011 05:35:20
VBASE021.VDF : 7.11.20.6 2048 Bytes 24.12.2011 05:35:20
VBASE022.VDF : 7.11.20.7 2048 Bytes 24.12.2011 05:35:20
VBASE023.VDF : 7.11.20.8 2048 Bytes 24.12.2011 05:35:20
VBASE024.VDF : 7.11.20.9 2048 Bytes 24.12.2011 05:35:20
VBASE025.VDF : 7.11.20.10 2048 Bytes 24.12.2011 05:35:20
VBASE026.VDF : 7.11.20.11 2048 Bytes 24.12.2011 05:35:20
VBASE027.VDF : 7.11.20.12 2048 Bytes 24.12.2011 05:35:21
VBASE028.VDF : 7.11.20.13 2048 Bytes 24.12.2011 05:35:21
VBASE029.VDF : 7.11.20.14 2048 Bytes 24.12.2011 05:35:21
VBASE030.VDF : 7.11.20.15 2048 Bytes 24.12.2011 05:35:21
VBASE031.VDF : 7.11.20.16 2048 Bytes 24.12.2011 05:35:21
Engineversion : 8.2.8.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 17:24:42
AESCRIPT.DLL : 8.1.3.92 495996 Bytes 16.12.2011 20:21:58
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 01.12.2011 18:57:42
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 20:21:39
AEOFFICE.DLL : 8.1.2.24 201084 Bytes 16.12.2011 20:21:56
AEHEUR.DLL : 8.1.3.8 4231543 Bytes 16.12.2011 20:21:55
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 17:24:31
AEGEN.DLL : 8.1.5.17 405877 Bytes 08.12.2011 19:42:10
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.24.2 201080 Bytes 16.12.2011 20:21:26
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.19 208848 Bytes 08.12.2011 19:42:21
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ef79a58\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Montag, 26. Dezember 2011 00:22

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'C112.tmp' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'listener.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FABS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ath_CoexAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@'
C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a411951.qua' verschoben!


Ende des Suchlaufs: Montag, 26. Dezember 2011 00:22
Benötigte Zeit: 00:01 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
26 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
25 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Angehängte Dateien
Dateityp: zip Logfiles.zip (39,7 KB, 154x aufgerufen)

Alt 27.12.2011, 17:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 27.12.2011, 18:22   #3
keno1
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



So hier ist der Log von malwarebytes. Gehe jetzt nun über zu ESET Online Scanner

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122703

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27.12.2011 18:17:56
mbam-log-2011-12-27 (18-17-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176790
Laufzeit: 2 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\enrollchar.exe (Trojan.Agent) -> 3824 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagUI (Trojan.Agent) -> Value: diagUI -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\enrollchar (Trojan.Agent) -> Value: enrollchar -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\enrollchar.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kenan\AppData\Local\Temp\C112.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kenan\AppData\Local\Temp\defragcred.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kenan\AppData\Roaming\diagUI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
__________________

Alt 27.12.2011, 21:57   #4
keno1
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



So hier ist jetzt die logdatei von ESET Online Scanner

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2b8273ec1020ed42b14ed7b92008af61
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 05:50:39
# local_time=2011-12-27 06:50:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 153211 153211 0 0
# compatibility_mode=1792 16777215 100 0 6390755 6390755 0 0
# compatibility_mode=5893 16776574 66 94 161257 76637414 0 0
# compatibility_mode=8192 67108863 100 0 4084 4084 0 0
# scanned=51564
# found=0
# cleaned=0
# scan_time=674
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2b8273ec1020ed42b14ed7b92008af61
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 08:32:16
# local_time=2011-12-27 09:32:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 153963 153963 0 0
# compatibility_mode=1792 16777215 100 0 6391507 6391507 0 0
# compatibility_mode=5893 16776574 66 94 162009 76638166 0 0
# compatibility_mode=8192 67108863 100 0 4836 4836 0 0
# scanned=242513
# found=4
# cleaned=0
# scan_time=9640
C:\Users\Kenan\AppData\Local\7b30d2dc\X	Win64/Sirefef.N trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kenan\AppData\Local\7b30d2dc\U\80000000.@	Win64/Sirefef.P trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@	Win64/Sirefef.M trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cf.@	Win64/Sirefef.O trojan (unable to clean)	00000000000000000000000000000000	I
         

Alt 28.12.2011, 03:34   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.12.2011, 05:12   #6
keno1
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Sry habe ich übersehen. Hier ist jetzt der Log vom vollständigen Malwarebytes scann.

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kenan :: KENAN-VAIO [Administrator]

Schutz: Aktiviert

28.12.2011 03:49:58
mbam-log-2011-12-28 (03-49-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400027
Laufzeit: 1 Stunde(n), 20 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Kenan\AppData\Local\7b30d2dc\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 28.12.2011, 05:30   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.12.2011, 11:58   #8
keno1
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



So hier ist jetzt die neue OTL Log

Code:
ATTFilter
OTL logfile created on: 28.12.2011 11:36:11 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Kenan\Desktop\TojanerProblem
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 4,21 Gb Available Physical Memory | 71,18% Memory free
11,82 Gb Paging File | 9,79 Gb Available in Paging File | 82,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,51 Gb Total Space | 328,54 Gb Free Space | 73,09% Space Free | Partition Type: NTFS
Drive E: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: KENAN-VAIO | User Name: Kenan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.27 16:37:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kenan\Desktop\TojanerProblem\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 15:05:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.29 16:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.03.05 15:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011.03.05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011.02.24 21:02:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.24 21:02:27 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011.02.15 10:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011.01.29 04:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 19:33:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011.10.14 19:33:25 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll
MOD - [2011.10.14 19:29:46 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011.10.14 19:29:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 19:29:25 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.14 19:29:21 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.14 19:29:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.14 19:29:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 19:29:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 19:29:04 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 19:29:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.06.29 23:49:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.23 14:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011.08.12 15:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011.07.19 03:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:64bit: - [2011.06.29 23:55:22 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.02.18 21:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011.02.18 21:10:06 | 000,546,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011.02.18 21:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011.02.14 16:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2011.02.14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011.01.29 04:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011.01.20 11:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.24 15:05:46 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.29 16:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.04.29 16:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.02.24 21:02:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.24 21:02:27 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.02.21 11:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.02.21 11:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.01.20 11:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.08 20:42:31 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.15 13:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.08.15 03:38:33 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2011.08.09 00:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.06.30 00:39:02 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.06.29 23:18:16 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.21 00:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.29 16:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.04.29 16:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.04.29 16:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.04.29 16:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.04.29 16:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.04.29 16:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.04.29 16:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.04.29 16:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.04.01 09:15:27 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 21:58:44 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2011.03.07 03:30:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)
DRV:64bit: - [2011.03.04 10:21:46 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.04 10:01:05 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.02.24 21:02:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.12.10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.04.28 00:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.28 00:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 22:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 22:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.04.26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.23 15:35:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 08:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.21 17:53:37 | 000,000,000 | ---D | M]
 
[2011.07.11 01:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan\AppData\Roaming\mozilla\Extensions
[2011.12.27 15:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions
[2011.11.21 17:53:37 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.07.19 10:00:58 | 000,002,227 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml
[2011.07.11 01:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\KENAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S97WFBCW.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\KENAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S97WFBCW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.10 08:03:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.10.09 23:11:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.09 23:11:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.09 23:11:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.09 23:11:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.09 23:11:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.09 23:11:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{608B6E71-8776-4514-B01D-F03F35818556}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFEDBEE4-FC9D-4307-8C73-F884627DEE53}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Kenan\AppData\Local\7b30d2dc\X) -C:\Users\Kenan\AppData\Local\7b30d2dc\X ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BvtUtility - hkey= - key= - C:\Program Files (x86)\BvT Grup\BvT Live Tv\BvtUtility.exe (CanliTv.com)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{7B284195-B3C3-4FF2-AF60-24DAC8F5E766} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.28 11:31:37 | 000,000,000 | R--D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2011.12.28 03:28:06 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{01FAB632-2A94-4B50-822E-C52A82940E4B}
[2011.12.28 03:27:32 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F09702F9-0ED7-45FA-9A1A-71B367749883}
[2011.12.28 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Documents\MAGIX Downloads
[2011.12.28 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Documents\MAGIX
[2011.12.28 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Desktop\LVG
[2011.12.28 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\AA3DeployClient
[2011.12.28 00:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2011.12.28 00:28:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Army Game
[2011.12.28 00:26:41 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Deployment
[2011.12.28 00:26:41 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Apps
[2011.12.27 18:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.27 18:11:49 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Malwarebytes
[2011.12.27 18:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.27 18:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.27 18:11:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.27 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.27 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Desktop\TojanerProblem
[2011.12.27 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.12.27 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.12.27 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{AFC89C23-78B5-475F-B339-A43938CEA293}
[2011.12.27 15:26:32 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7D0D9999-9D1F-4BD4-B662-9F95DC5F7CF2}
[2011.12.27 01:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3B6266D0-7444-4AE2-8D4E-114A8301484E}
[2011.12.27 01:07:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{14851934-D13D-4DB3-B2A6-40DECEBA9D92}
[2011.12.26 23:52:49 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{85453B69-0E2A-4872-8A8D-1AE65EF81138}
[2011.12.26 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{16FDBAEA-DA7F-4B4D-962D-D2B8EA1CA857}
[2011.12.26 01:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.12.26 01:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011.12.25 23:41:20 | 000,000,000 | -HSD | C] -- C:\Users\Kenan\AppData\Local\7b30d2dc
[2011.12.25 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{4097FA4C-9D70-4AA5-B2B9-D4804BDFCDE5}
[2011.12.25 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F2DFA48B-E564-4C34-A091-E4B1A76E57C0}
[2011.12.24 04:36:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{356B2BD4-C637-453A-A928-C95E35A79404}
[2011.12.24 04:36:29 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{95794BDC-4537-44F3-812E-C60025A45557}
[2011.12.22 13:22:27 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9E016A2C-20B2-4F21-9089-703853DB0E9F}
[2011.12.22 13:22:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{5DED2D16-B78E-4774-BADE-D17C533EC8C9}
[2011.12.22 13:19:59 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2011.12.22 13:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.12.22 13:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011.12.21 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{89F44C35-72F8-40FC-B496-16C1C967306E}
[2011.12.21 17:32:27 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{98151295-4EA8-4948-BC61-EB567DAB216E}
[2011.12.20 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{912FD41C-3F90-4C9F-A2B7-135BB80D6A77}
[2011.12.20 22:29:24 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F48B745D-C36A-4250-9764-DA63AD418595}
[2011.12.20 07:43:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{BFB836D3-9B1E-43AD-B045-98370C24772A}
[2011.12.20 07:43:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{363DE245-CD4B-4E36-B97B-1433F9973606}
[2011.12.19 15:04:16 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{712E116B-11CB-41A4-91AE-1C1F4DB7A6EF}
[2011.12.19 15:03:54 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3969DDF9-D401-4CDB-A06B-9F579DD8992B}
[2011.12.19 02:58:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{36E9085F-4514-4CA7-9893-117652816E07}
[2011.12.19 02:57:47 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{A212D5B5-5501-4096-9382-4D7826D72FD2}
[2011.12.18 03:07:17 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{5EDBC034-3C75-4641-B36C-E7DF2F32995B}
[2011.12.18 03:06:51 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9E28DEC3-F719-403F-B6C6-FC1BEDC04639}
[2011.12.17 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Alte Eigene Dateien
[2011.12.17 13:13:38 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9B14F8F8-1CA4-4BC8-A7A5-2DA8F8186B7E}
[2011.12.17 13:13:16 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{34C35E28-59B8-44F9-850A-B8355ECCB123}
[2011.12.17 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C
[2011.12.16 16:55:07 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{18E5DD89-2AA5-46F1-A29A-A842CEB85186}
[2011.12.16 16:54:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{DBFF224F-3230-4514-9BDA-BE899133CDA2}
[2011.12.15 16:34:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Canon
[2011.12.15 15:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011.12.15 15:38:34 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011.12.15 15:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP830
[2011.12.15 15:38:15 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011.12.15 15:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011.12.15 13:40:52 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8EE8681F-60F3-42D4-9FAB-B59590C2EF0A}
[2011.12.15 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C365A675-4E27-4D0C-8891-39FBDD124F06}
[2011.12.15 01:23:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Kontoauszug
[2011.12.15 01:18:11 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FF6FAB9C-08CF-4A9A-94BD-0DDBB7EACDA8}
[2011.12.15 01:17:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3E4A7DA7-FB50-41B5-B031-0918B6C0D84B}
[2011.12.14 11:54:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7E9CC605-4313-4F4F-98FD-B380AF3ACD72}
[2011.12.14 11:54:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{1AE83126-F6AE-47D7-8D32-D3A199495F14}
[2011.12.13 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F7FB9F2C-7FDD-4F81-8ADE-7935BB9F10E7}
[2011.12.13 16:10:59 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{66AC74EF-0B74-4663-8859-8349E2FF29B6}
[2011.12.13 16:10:43 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{26E554F7-C435-46C8-837A-DCE38FA3ED94}
[2011.12.13 16:10:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{4983CC8D-A5E7-46E1-B6E4-5E55E4604865}
[2011.12.12 16:20:24 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{20C7DC7C-1F22-445C-8871-A34ABD314460}
[2011.12.12 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{ED66214D-49C4-4865-8F77-590A97613D8F}
[2011.12.12 15:31:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Logitech
[2011.12.12 15:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011.12.12 15:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2011.12.12 15:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011.12.12 01:36:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{6365C5F8-BB88-4184-B5CA-A7BC81B1E389}
[2011.12.12 01:35:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{EB1BDBDC-A6AB-4A6B-893A-C0A80F872CDC}
[2011.12.12 01:35:21 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B0A8DE83-EFC6-4518-8753-1F28948DF2A3}
[2011.12.11 10:25:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{08DB0319-EF89-4A9D-AA25-4DD8322FC108}
[2011.12.11 10:25:04 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B5A9D93C-35EF-4AC0-8E48-F31C3F76A94D}
[2011.12.10 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9FB750D1-FFA9-4A7F-91CA-E15E69AF43F5}
[2011.12.10 10:21:25 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{64FB4C92-503C-4D46-8BBD-D7814401BF1E}
[2011.12.10 10:21:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{DE49E76C-9F84-43B9-ACDA-B1D376E1464F}
[2011.12.10 10:20:39 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9FE3D653-96FF-433F-9ADE-05A78ED90381}
[2011.12.09 18:57:21 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3F6E10BE-4A0B-4271-B3CF-CFB4B68B2830}
[2011.12.09 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{618D3C4C-16AB-4684-BABA-0168DA8E3787}
[2011.12.08 20:20:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8E3D0343-BCDC-46AE-8224-C080EDC94074}
[2011.12.08 20:19:26 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{68A665AB-C347-4E76-B39A-19ACB0080D1D}
[2011.12.08 08:18:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{213521B6-371D-45A2-AD0F-3DAD7934C93C}
[2011.12.08 08:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{E8BB6C7F-18AE-49BE-BC66-932D36FD3459}
[2011.12.07 16:11:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{067D6B16-E092-4087-A173-05BDE4A7DB9B}
[2011.12.07 16:10:25 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{0D2EBEE2-F039-4446-9D07-D9D610C281D8}
[2011.12.06 19:55:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{440767DB-EA3B-450F-93A4-5E5E5B7D8807}
[2011.12.06 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{920B6E0C-369B-42DB-8BCD-4F9DD2033398}
[2011.12.06 07:54:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9AD451E7-959B-4792-B1D1-FA4342872C1C}
[2011.12.06 07:53:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{6D5A00AD-1CF7-4E50-8BE4-EAB4115A4A55}
[2011.12.05 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{52FECB12-8E06-4CBC-ABF5-0FFB04122285}
[2011.12.05 10:33:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FF1F798A-C78C-4E19-A493-212B2F1D7546}
[2011.12.04 21:30:29 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8523CB02-F205-497F-852D-4E4040E6D89C}
[2011.12.04 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B6A5DA82-D435-4961-859B-5BE2EC5B3BDD}
[2011.12.03 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B9959A64-663F-47D2-A8B2-9BFA4C323732}
[2011.12.03 20:25:51 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{EA3ED08A-0BD4-4856-A71F-DB86CC8749DC}
[2011.12.03 14:35:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D
[2011.12.03 14:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DDD
[2011.12.03 14:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TriDef 3D
[2011.12.02 08:09:13 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C947CCEE-A8E6-4BFF-A9A5-FA94C6A2A4C6}
[2011.12.02 08:08:39 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7B3F4C86-EE62-4ED3-AD72-885053AF60C1}
[2011.12.01 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{D120E7D6-FAC5-4BEB-9D39-4D837C5898FE}
[2011.12.01 20:07:38 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8D396F78-758E-44C4-994B-0085236D45E3}
[2011.12.01 08:06:59 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{1DEBD5DA-032C-4E0C-BB58-444A5CBC8B24}
[2011.12.01 08:06:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C1E42293-DDB9-44DC-A92E-8B1701D4B7E2}
[2011.11.30 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{28641252-25C2-4FC3-B559-F9C70A87513F}
[2011.11.30 16:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B3244799-1403-4A7D-B066-E65668B6E95E}
[2011.11.29 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{12A55EBD-0793-4FA7-9DF7-FB29E29127CE}
[2011.11.29 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{90E15804-6FB5-4184-83A9-AE403E28BC4C}
[2011.11.29 07:10:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B537DE02-4EB0-4EDD-B285-95BF18309038}
[2011.11.29 07:09:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FB3CC972-285A-4EF6-963C-2C54584B9093}
[2011.11.28 18:45:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{87B0ED36-08F3-41D4-BAD3-CE6F947C9446}
[2011.11.28 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{50F48384-5140-49E0-A640-8F5EC53072B0}
[2011.11.28 18:40:52 | 000,000,000 | R--D | C] -- C:\Users\Kenan\Dropbox
[2011.11.28 18:39:10 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.11.28 18:38:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Dropbox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kenan\Desktop\*.tmp files -> C:\Users\Kenan\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.28 11:37:13 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 11:37:13 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 11:34:07 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.28 11:34:07 | 000,698,976 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.28 11:34:07 | 000,652,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.28 11:34:07 | 000,149,000 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.28 11:34:07 | 000,121,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.28 11:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.28 11:29:36 | 466,984,959 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.28 03:45:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.28 00:28:48 | 000,000,316 | ---- | M] () -- C:\Users\Kenan\Desktop\AA3Deploy.appref-ms
[2011.12.27 15:49:13 | 000,000,000 | ---- | M] () -- C:\Users\Kenan\defogger_reenable
[2011.12.21 23:51:03 | 002,903,606 | ---- | M] () -- C:\Users\Kenan\Desktop\htc_sensation.pdf
[2011.12.15 21:18:20 | 000,439,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.12 15:28:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.09 19:49:12 | 000,464,353 | ---- | M] () -- C:\test.xml
[2011.12.08 20:42:31 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kenan\Desktop\*.tmp files -> C:\Users\Kenan\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 03:45:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.28 00:28:48 | 000,000,316 | ---- | C] () -- C:\Users\Kenan\Desktop\AA3Deploy.appref-ms
[2011.12.27 15:49:13 | 000,000,000 | ---- | C] () -- C:\Users\Kenan\defogger_reenable
[2011.12.21 23:50:48 | 002,903,606 | ---- | C] () -- C:\Users\Kenan\Desktop\htc_sensation.pdf
[2011.12.15 15:38:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\CNCFLbNL.DLL
[2011.12.12 15:28:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2011.12.03 14:35:22 | 000,001,400 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO3DPortal.lnk
[2011.11.08 23:17:05 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.08 23:17:05 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.08 23:17:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.08 23:17:05 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2011.11.08 23:17:05 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2011.11.08 23:17:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.13 22:14:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.09.12 03:21:52 | 000,005,120 | ---- | C] () -- C:\Users\Kenan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.10 22:02:06 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\AV32UID.DAT
[2011.08.10 03:57:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2011.08.10 03:11:58 | 000,000,000 | ---- | C] () -- C:\Windows\MusicMaker.INI
[2011.08.10 03:07:11 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.08.10 03:05:50 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.08.10 02:59:45 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.08.10 02:52:26 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2011.07.12 23:25:14 | 000,007,648 | ---- | C] () -- C:\Users\Kenan\AppData\Local\Resmon.ResmonCfg
[2011.06.30 08:01:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.06.29 14:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.29 14:06:23 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.04.14 04:56:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.14 04:56:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.04 11:00:37 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.02.11 00:03:27 | 001,594,978 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.12.22 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Canon
[2011.12.23 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Dropbox
[2011.08.29 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Leadertech
[2011.09.10 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\MAGIX
[2011.09.12 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Solveig Multimedia
[2011.11.21 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\streamripper
[2011.12.10 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Windows Live Writer
[2011.12.03 02:47:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XBMC
[2011.08.16 10:23:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XP Modus
[2011.11.27 13:04:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.12 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Adobe
[2011.07.11 00:36:40 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\ArcSoft
[2011.07.10 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Atheros
[2011.07.10 23:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\ATI
[2011.10.14 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Avira
[2011.12.22 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Canon
[2011.07.11 00:16:24 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\CyberLink
[2011.08.05 04:29:19 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\DivX
[2011.12.23 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Dropbox
[2011.07.10 23:19:35 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Identities
[2011.07.10 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Intel Corporation
[2011.08.29 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Leadertech
[2011.06.29 14:25:23 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Macromedia
[2011.09.10 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\MAGIX
[2011.12.27 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Malwarebytes
[2011.03.15 03:36:01 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Media Center Programs
[2011.11.08 23:18:31 | 000,000,000 | --SD | M] -- C:\Users\Kenan\AppData\Roaming\Microsoft
[2011.07.11 01:17:12 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Mozilla
[2011.07.12 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\NCH Software
[2011.12.15 17:10:24 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Skype
[2011.11.17 21:15:08 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\skypePM
[2011.09.12 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Solveig Multimedia
[2011.07.12 00:27:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Sony Corporation
[2011.11.21 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\streamripper
[2011.11.27 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Winamp
[2011.12.10 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Windows Live Writer
[2011.08.09 10:40:05 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\WinRAR
[2011.12.03 02:47:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XBMC
[2011.08.16 10:23:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XP Modus
 
< %APPDATA%\*.exe /s >
[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenan\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.12.05 20:18:12 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenan\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.06.29 14:25:02 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kenan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.11.08 23:18:31 | 000,010,134 | R--- | M] () -- C:\Users\Kenan\AppData\Roaming\Microsoft\Installer\{15CDC9CF-D347-1F6D-2EDB-D0F41B136758}\ARPPRODUCTICON.exe
[2007.11.27 07:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
[2011.05.18 09:49:08 | 002,486,784 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\NCH Software\Components\soxdec\soxdec.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Alt 28.12.2011, 21:46   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal
[2011.11.21 17:53:37 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.07.19 10:00:58 | 000,002,227 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
[2011.12.25 23:41:20 | 000,000,000 | -HSD | C] -- C:\Users\Kenan\AppData\Local\7b30d2dc
[2011.12.15 15:38:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\CNCFLbNL.DLL
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.12.2011, 22:41   #10
keno1
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



So hier ist der OTL Fix Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.dat scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
C:\Users\Kenan\AppData\Local\7b30d2dc\U folder moved successfully.
Folder move failed. C:\Users\Kenan\AppData\Local\7b30d2dc scheduled to be moved on reboot.
C:\Windows\SysNative\CNCFLbNL.DLL moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kenan
->Temp folder emptied: 868724518 bytes
->Temporary Internet Files folder emptied: 296434303 bytes
->Java cache emptied: 3732855 bytes
->FireFox cache emptied: 871853030 bytes
->Flash cache emptied: 87655 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138210983 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 254786 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.078,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12282011_222332

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.dat scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
C:\Users\Kenan\AppData\Local\7b30d2dc folder moved successfully.
C:\Users\Kenan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 28.12.2011, 23:38   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.12.2011, 00:09   #12
keno1
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Hier ist die Log:

Code:
ATTFilter
00:04:44.0603 5656	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:04:44.0713 5656	============================================================
00:04:44.0713 5656	Current date / time: 2011/12/29 00:04:44.0713
00:04:44.0713 5656	SystemInfo:
00:04:44.0713 5656	
00:04:44.0713 5656	OS Version: 6.1.7601 ServicePack: 1.0
00:04:44.0713 5656	Product type: Workstation
00:04:44.0713 5656	ComputerName: KENAN-VAIO
00:04:44.0713 5656	UserName: Kenan
00:04:44.0713 5656	Windows directory: C:\Windows
00:04:44.0713 5656	System windows directory: C:\Windows
00:04:44.0713 5656	Running under WOW64
00:04:44.0713 5656	Processor architecture: Intel x64
00:04:44.0713 5656	Number of processors: 4
00:04:44.0713 5656	Page size: 0x1000
00:04:44.0713 5656	Boot type: Normal boot
00:04:44.0713 5656	============================================================
00:04:45.0149 5656	Initialize success
00:05:50.0693 5324	============================================================
00:05:50.0693 5324	Scan started
00:05:50.0693 5324	Mode: Manual; SigCheck; TDLFS; 
00:05:50.0693 5324	============================================================
00:05:50.0989 5324	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:05:51.0052 5324	1394ohci - ok
00:05:51.0177 5324	acedrv07        (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys
00:05:51.0192 5324	acedrv07 ( UnsignedFile.Multi.Generic ) - warning
00:05:51.0192 5324	acedrv07 - detected UnsignedFile.Multi.Generic (1)
00:05:51.0239 5324	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:05:51.0255 5324	ACPI - ok
00:05:51.0286 5324	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:05:51.0333 5324	AcpiPmi - ok
00:05:51.0395 5324	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:05:51.0411 5324	adp94xx - ok
00:05:51.0473 5324	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:05:51.0473 5324	adpahci - ok
00:05:51.0520 5324	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:05:51.0535 5324	adpu320 - ok
00:05:51.0598 5324	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:05:51.0645 5324	AFD - ok
00:05:51.0707 5324	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:05:51.0707 5324	agp440 - ok
00:05:51.0738 5324	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:05:51.0738 5324	aliide - ok
00:05:51.0785 5324	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:05:51.0785 5324	amdide - ok
00:05:51.0816 5324	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:05:51.0847 5324	AmdK8 - ok
00:05:52.0035 5324	amdkmdag        (2d969426b5d901fb91a3f4f94b2eb5b8) C:\Windows\system32\DRIVERS\atikmdag.sys
00:05:52.0315 5324	amdkmdag - ok
00:05:52.0378 5324	amdkmdap        (a88d7aaed436780dcf420234873f719d) C:\Windows\system32\DRIVERS\atikmpag.sys
00:05:52.0393 5324	amdkmdap - ok
00:05:52.0440 5324	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:05:52.0471 5324	AmdPPM - ok
00:05:52.0518 5324	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:05:52.0534 5324	amdsata - ok
00:05:52.0565 5324	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:05:52.0581 5324	amdsbs - ok
00:05:52.0612 5324	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:05:52.0612 5324	amdxata - ok
00:05:52.0690 5324	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:05:52.0846 5324	AppID - ok
00:05:52.0877 5324	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:05:52.0893 5324	arc - ok
00:05:52.0924 5324	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:05:52.0939 5324	arcsas - ok
00:05:53.0002 5324	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
00:05:53.0080 5324	ArcSoftKsUFilter - ok
00:05:53.0142 5324	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:05:53.0283 5324	AsyncMac - ok
00:05:53.0329 5324	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:05:53.0329 5324	atapi - ok
00:05:53.0376 5324	AthBTPort       (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
00:05:53.0376 5324	AthBTPort - ok
00:05:53.0485 5324	athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
00:05:53.0595 5324	athr - ok
00:05:53.0657 5324	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
00:05:53.0657 5324	avgntflt - ok
00:05:53.0688 5324	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
00:05:53.0688 5324	avipbb - ok
00:05:53.0719 5324	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:05:53.0735 5324	avkmgr - ok
00:05:53.0797 5324	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:05:53.0829 5324	b06bdrv - ok
00:05:53.0875 5324	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:05:53.0907 5324	b57nd60a - ok
00:05:53.0938 5324	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:05:53.0985 5324	Beep - ok
00:05:54.0016 5324	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:05:54.0031 5324	blbdrive - ok
00:05:54.0094 5324	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:05:54.0141 5324	bowser - ok
00:05:54.0172 5324	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:05:54.0203 5324	BrFiltLo - ok
00:05:54.0234 5324	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:05:54.0250 5324	BrFiltUp - ok
00:05:54.0297 5324	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:05:54.0343 5324	Brserid - ok
00:05:54.0375 5324	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:05:54.0390 5324	BrSerWdm - ok
00:05:54.0421 5324	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:05:54.0437 5324	BrUsbMdm - ok
00:05:54.0468 5324	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:05:54.0484 5324	BrUsbSer - ok
00:05:54.0546 5324	BTATH_A2DP      (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
00:05:54.0546 5324	BTATH_A2DP - ok
00:05:54.0577 5324	btath_avdt      (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
00:05:54.0593 5324	btath_avdt - ok
00:05:54.0640 5324	BTATH_BUS       (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\DRIVERS\btath_bus.sys
00:05:54.0640 5324	BTATH_BUS - ok
00:05:54.0671 5324	BTATH_HCRP      (a441b800e04cf8443faf519207563abb) C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:05:54.0687 5324	BTATH_HCRP - ok
00:05:54.0718 5324	BTATH_LWFLT     (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:05:54.0718 5324	BTATH_LWFLT - ok
00:05:54.0749 5324	BTATH_RCP       (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\DRIVERS\btath_rcp.sys
00:05:54.0749 5324	BTATH_RCP - ok
00:05:54.0827 5324	BtFilter        (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys
00:05:54.0843 5324	BtFilter - ok
00:05:54.0889 5324	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:05:54.0921 5324	BthEnum - ok
00:05:54.0983 5324	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:05:54.0999 5324	BTHMODEM - ok
00:05:55.0045 5324	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:05:55.0061 5324	BthPan - ok
00:05:55.0108 5324	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:05:55.0139 5324	BTHPORT - ok
00:05:55.0186 5324	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:05:55.0201 5324	BTHUSB - ok
00:05:55.0248 5324	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:05:55.0279 5324	cdfs - ok
00:05:55.0326 5324	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:05:55.0342 5324	cdrom - ok
00:05:55.0389 5324	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:05:55.0404 5324	circlass - ok
00:05:55.0451 5324	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:05:55.0467 5324	CLFS - ok
00:05:55.0513 5324	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:05:55.0529 5324	CmBatt - ok
00:05:55.0545 5324	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:05:55.0560 5324	cmdide - ok
00:05:55.0591 5324	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:05:55.0607 5324	CNG - ok
00:05:55.0623 5324	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:05:55.0638 5324	Compbatt - ok
00:05:55.0685 5324	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:05:55.0701 5324	CompositeBus - ok
00:05:55.0716 5324	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:05:55.0716 5324	crcdisk - ok
00:05:55.0763 5324	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
00:05:55.0763 5324	CVirtA - ok
00:05:55.0825 5324	CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
00:05:55.0841 5324	CVPNDRVA - ok
00:05:55.0872 5324	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:05:55.0903 5324	DfsC - ok
00:05:55.0935 5324	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:05:55.0966 5324	discache - ok
00:05:56.0013 5324	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:05:56.0013 5324	Disk - ok
00:05:56.0059 5324	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
00:05:56.0059 5324	DNE - ok
00:05:56.0106 5324	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:05:56.0122 5324	drmkaud - ok
00:05:56.0153 5324	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:05:56.0169 5324	DXGKrnl - ok
00:05:56.0215 5324	e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
00:05:56.0247 5324	e1yexpress - ok
00:05:56.0309 5324	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:05:56.0387 5324	ebdrv - ok
00:05:56.0434 5324	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:05:56.0449 5324	elxstor - ok
00:05:56.0481 5324	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:05:56.0496 5324	ErrDev - ok
00:05:56.0543 5324	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:05:56.0574 5324	exfat - ok
00:05:56.0621 5324	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:05:56.0652 5324	fastfat - ok
00:05:56.0683 5324	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:05:56.0699 5324	fdc - ok
00:05:56.0730 5324	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:05:56.0730 5324	FileInfo - ok
00:05:56.0761 5324	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:05:56.0793 5324	Filetrace - ok
00:05:56.0824 5324	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:05:56.0839 5324	flpydisk - ok
00:05:56.0855 5324	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:05:56.0871 5324	FltMgr - ok
00:05:56.0902 5324	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:05:56.0917 5324	FsDepends - ok
00:05:56.0933 5324	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:05:56.0933 5324	Fs_Rec - ok
00:05:56.0964 5324	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:05:56.0964 5324	fvevol - ok
00:05:56.0995 5324	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:05:56.0995 5324	gagp30kx - ok
00:05:57.0042 5324	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:05:57.0042 5324	hamachi - ok
00:05:57.0089 5324	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:05:57.0105 5324	hcw85cir - ok
00:05:57.0151 5324	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:05:57.0183 5324	HdAudAddService - ok
00:05:57.0214 5324	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:05:57.0229 5324	HDAudBus - ok
00:05:57.0245 5324	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:05:57.0276 5324	HidBatt - ok
00:05:57.0307 5324	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:05:57.0323 5324	HidBth - ok
00:05:57.0354 5324	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:05:57.0370 5324	HidIr - ok
00:05:57.0417 5324	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:05:57.0432 5324	HidUsb - ok
00:05:57.0463 5324	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:05:57.0479 5324	HpSAMD - ok
00:05:57.0510 5324	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:05:57.0557 5324	HTTP - ok
00:05:57.0573 5324	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:05:57.0588 5324	hwpolicy - ok
00:05:57.0619 5324	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:05:57.0635 5324	i8042prt - ok
00:05:57.0666 5324	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
00:05:57.0682 5324	iaStor - ok
00:05:57.0729 5324	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:05:57.0744 5324	iaStorV - ok
00:05:57.0775 5324	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:05:57.0775 5324	iirsp - ok
00:05:57.0869 5324	IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
00:05:57.0900 5324	IntcAzAudAddService - ok
00:05:57.0931 5324	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:05:57.0963 5324	IntcDAud - ok
00:05:57.0994 5324	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:05:57.0994 5324	intelide - ok
00:05:58.0212 5324	intelkmd        (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
00:05:58.0446 5324	intelkmd - ok
00:05:58.0477 5324	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:05:58.0509 5324	intelppm - ok
00:05:58.0540 5324	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:05:58.0571 5324	IpFilterDriver - ok
00:05:58.0587 5324	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:05:58.0602 5324	IPMIDRV - ok
00:05:58.0633 5324	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:05:58.0665 5324	IPNAT - ok
00:05:58.0696 5324	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:05:58.0758 5324	IRENUM - ok
00:05:58.0789 5324	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:05:58.0805 5324	isapnp - ok
00:05:58.0821 5324	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:05:58.0836 5324	iScsiPrt - ok
00:05:58.0867 5324	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:05:58.0883 5324	kbdclass - ok
00:05:58.0899 5324	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:05:58.0914 5324	kbdhid - ok
00:05:58.0945 5324	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:05:58.0945 5324	KSecDD - ok
00:05:58.0977 5324	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:05:58.0977 5324	KSecPkg - ok
00:05:59.0008 5324	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:05:59.0039 5324	ksthunk - ok
00:05:59.0086 5324	L1C             (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:05:59.0086 5324	L1C - ok
00:05:59.0117 5324	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:05:59.0164 5324	lltdio - ok
00:05:59.0195 5324	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:05:59.0211 5324	LSI_FC - ok
00:05:59.0226 5324	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:05:59.0242 5324	LSI_SAS - ok
00:05:59.0257 5324	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:05:59.0257 5324	LSI_SAS2 - ok
00:05:59.0289 5324	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:05:59.0289 5324	LSI_SCSI - ok
00:05:59.0320 5324	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:05:59.0335 5324	luafv - ok
00:05:59.0429 5324	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:05:59.0429 5324	MBAMProtector - ok
00:05:59.0476 5324	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:05:59.0476 5324	megasas - ok
00:05:59.0507 5324	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:05:59.0523 5324	MegaSR - ok
00:05:59.0569 5324	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:05:59.0569 5324	MEIx64 - ok
00:05:59.0601 5324	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:05:59.0632 5324	Modem - ok
00:05:59.0663 5324	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:05:59.0679 5324	monitor - ok
00:05:59.0710 5324	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:05:59.0725 5324	mouclass - ok
00:05:59.0757 5324	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:05:59.0772 5324	mouhid - ok
00:05:59.0803 5324	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:05:59.0819 5324	mountmgr - ok
00:05:59.0850 5324	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:05:59.0850 5324	mpio - ok
00:05:59.0881 5324	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:05:59.0913 5324	mpsdrv - ok
00:05:59.0928 5324	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:05:59.0959 5324	MRxDAV - ok
00:05:59.0991 5324	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:06:00.0022 5324	mrxsmb - ok
00:06:00.0053 5324	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:06:00.0069 5324	mrxsmb10 - ok
00:06:00.0100 5324	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:06:00.0100 5324	mrxsmb20 - ok
00:06:00.0131 5324	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:06:00.0131 5324	msahci - ok
00:06:00.0162 5324	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:06:00.0178 5324	msdsm - ok
00:06:00.0209 5324	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:06:00.0240 5324	Msfs - ok
00:06:00.0256 5324	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:06:00.0287 5324	mshidkmdf - ok
00:06:00.0318 5324	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:06:00.0318 5324	msisadrv - ok
00:06:00.0349 5324	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:06:00.0381 5324	MSKSSRV - ok
00:06:00.0412 5324	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:06:00.0443 5324	MSPCLOCK - ok
00:06:00.0459 5324	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:06:00.0490 5324	MSPQM - ok
00:06:00.0521 5324	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:06:00.0521 5324	MsRPC - ok
00:06:00.0552 5324	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:06:00.0552 5324	mssmbios - ok
00:06:00.0583 5324	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:06:00.0599 5324	MSTEE - ok
00:06:00.0630 5324	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:06:00.0646 5324	MTConfig - ok
00:06:00.0661 5324	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:06:00.0677 5324	Mup - ok
00:06:00.0724 5324	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:06:00.0739 5324	NativeWifiP - ok
00:06:00.0802 5324	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:06:00.0833 5324	NDIS - ok
00:06:00.0864 5324	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:06:00.0880 5324	NdisCap - ok
00:06:00.0927 5324	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:06:00.0958 5324	NdisTapi - ok
00:06:00.0989 5324	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:06:01.0020 5324	Ndisuio - ok
00:06:01.0051 5324	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:06:01.0083 5324	NdisWan - ok
00:06:01.0114 5324	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:06:01.0145 5324	NDProxy - ok
00:06:01.0176 5324	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:06:01.0207 5324	NetBIOS - ok
00:06:01.0239 5324	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:06:01.0270 5324	NetBT - ok
00:06:01.0317 5324	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:06:01.0332 5324	nfrd960 - ok
00:06:01.0363 5324	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:06:01.0395 5324	Npfs - ok
00:06:01.0410 5324	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:06:01.0457 5324	nsiproxy - ok
00:06:01.0504 5324	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:06:01.0551 5324	Ntfs - ok
00:06:01.0566 5324	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:06:01.0597 5324	Null - ok
00:06:01.0629 5324	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:06:01.0660 5324	nusb3hub - ok
00:06:01.0691 5324	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:06:01.0722 5324	nusb3xhc - ok
00:06:01.0925 5324	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:06:02.0175 5324	nvlddmkm - ok
00:06:02.0206 5324	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:06:02.0221 5324	nvraid - ok
00:06:02.0284 5324	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:06:02.0299 5324	nvstor - ok
00:06:02.0331 5324	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:06:02.0346 5324	nv_agp - ok
00:06:02.0393 5324	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:06:02.0409 5324	ohci1394 - ok
00:06:02.0455 5324	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:06:02.0471 5324	Parport - ok
00:06:02.0502 5324	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:06:02.0502 5324	partmgr - ok
00:06:02.0533 5324	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:06:02.0533 5324	pci - ok
00:06:02.0565 5324	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:06:02.0565 5324	pciide - ok
00:06:02.0596 5324	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:06:02.0611 5324	pcmcia - ok
00:06:02.0627 5324	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:06:02.0643 5324	pcw - ok
00:06:02.0674 5324	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:06:02.0721 5324	PEAUTH - ok
00:06:02.0752 5324	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:06:02.0799 5324	PptpMiniport - ok
00:06:02.0814 5324	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:06:02.0830 5324	Processor - ok
00:06:02.0861 5324	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:06:02.0892 5324	Psched - ok
00:06:02.0939 5324	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:06:02.0986 5324	ql2300 - ok
00:06:03.0017 5324	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:06:03.0017 5324	ql40xx - ok
00:06:03.0048 5324	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:06:03.0064 5324	QWAVEdrv - ok
00:06:03.0079 5324	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:06:03.0111 5324	RasAcd - ok
00:06:03.0142 5324	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:06:03.0173 5324	RasAgileVpn - ok
00:06:03.0189 5324	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:06:03.0235 5324	Rasl2tp - ok
00:06:03.0251 5324	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:06:03.0298 5324	RasPppoe - ok
00:06:03.0329 5324	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:06:03.0360 5324	RasSstp - ok
00:06:03.0391 5324	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:06:03.0423 5324	rdbss - ok
00:06:03.0438 5324	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:06:03.0454 5324	rdpbus - ok
00:06:03.0469 5324	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:06:03.0485 5324	RDPCDD - ok
00:06:03.0516 5324	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:06:03.0547 5324	RDPENCDD - ok
00:06:03.0563 5324	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:06:03.0594 5324	RDPREFMP - ok
00:06:03.0610 5324	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:06:03.0641 5324	RDPWD - ok
00:06:03.0672 5324	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:06:03.0672 5324	rdyboost - ok
00:06:03.0735 5324	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:06:03.0750 5324	RFCOMM - ok
00:06:03.0797 5324	rimspci         (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\DRIVERS\rimssne64.sys
00:06:03.0828 5324	rimspci - ok
00:06:03.0859 5324	risdsnpe        (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\DRIVERS\risdsnxc64.sys
00:06:03.0875 5324	risdsnpe - ok
00:06:03.0906 5324	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:06:03.0937 5324	rspndr - ok
00:06:03.0984 5324	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:06:03.0984 5324	sbp2port - ok
00:06:04.0015 5324	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:06:04.0047 5324	scfilter - ok
00:06:04.0093 5324	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
00:06:04.0109 5324	sdbus - ok
00:06:04.0140 5324	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:06:04.0171 5324	secdrv - ok
00:06:04.0203 5324	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:06:04.0218 5324	Serenum - ok
00:06:04.0249 5324	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:06:04.0265 5324	Serial - ok
00:06:04.0296 5324	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:06:04.0327 5324	sermouse - ok
00:06:04.0359 5324	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
00:06:04.0390 5324	SFEP - ok
00:06:04.0405 5324	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:06:04.0421 5324	sffdisk - ok
00:06:04.0437 5324	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:06:04.0452 5324	sffp_mmc - ok
00:06:04.0468 5324	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:06:04.0483 5324	sffp_sd - ok
00:06:04.0499 5324	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:06:04.0515 5324	sfloppy - ok
00:06:04.0561 5324	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:06:04.0577 5324	SiSRaid2 - ok
00:06:04.0608 5324	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:06:04.0608 5324	SiSRaid4 - ok
00:06:04.0639 5324	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:06:04.0671 5324	Smb - ok
00:06:04.0717 5324	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:06:04.0717 5324	spldr - ok
00:06:04.0764 5324	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:06:04.0795 5324	srv - ok
00:06:04.0827 5324	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:06:04.0858 5324	srv2 - ok
00:06:04.0873 5324	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:06:04.0905 5324	srvnet - ok
00:06:04.0936 5324	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:06:04.0951 5324	stexstor - ok
00:06:04.0983 5324	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:06:04.0983 5324	swenum - ok
00:06:05.0045 5324	SynTP           (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
00:06:05.0061 5324	SynTP - ok
00:06:05.0139 5324	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:06:05.0185 5324	Tcpip - ok
00:06:05.0232 5324	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:06:05.0263 5324	TCPIP6 - ok
00:06:05.0279 5324	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:06:05.0310 5324	tcpipreg - ok
00:06:05.0341 5324	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:06:05.0373 5324	TDPIPE - ok
00:06:05.0388 5324	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:06:05.0404 5324	TDTCP - ok
00:06:05.0435 5324	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:06:05.0466 5324	tdx - ok
00:06:05.0497 5324	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:06:05.0497 5324	TermDD - ok
00:06:05.0544 5324	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:06:05.0591 5324	tssecsrv - ok
00:06:05.0622 5324	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:06:05.0638 5324	TsUsbFlt - ok
00:06:05.0653 5324	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:06:05.0669 5324	TsUsbGD - ok
00:06:05.0700 5324	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:06:05.0731 5324	tunnel - ok
00:06:05.0763 5324	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:06:05.0778 5324	uagp35 - ok
00:06:05.0794 5324	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:06:05.0841 5324	udfs - ok
00:06:05.0872 5324	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:06:05.0872 5324	uliagpkx - ok
00:06:05.0903 5324	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:06:05.0919 5324	umbus - ok
00:06:05.0950 5324	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:06:05.0965 5324	UmPass - ok
00:06:05.0997 5324	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:06:06.0012 5324	usbccgp - ok
00:06:06.0028 5324	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:06:06.0043 5324	usbcir - ok
00:06:06.0075 5324	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:06:06.0090 5324	usbehci - ok
00:06:06.0137 5324	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:06:06.0153 5324	usbhub - ok
00:06:06.0184 5324	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:06:06.0199 5324	usbohci - ok
00:06:06.0231 5324	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:06:06.0246 5324	usbprint - ok
00:06:06.0293 5324	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:06:06.0309 5324	usbscan - ok
00:06:06.0340 5324	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:06:06.0355 5324	USBSTOR - ok
00:06:06.0371 5324	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:06:06.0387 5324	usbuhci - ok
00:06:06.0418 5324	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:06:06.0433 5324	usbvideo - ok
00:06:06.0511 5324	VBoxDrv         (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:06:06.0527 5324	VBoxDrv - ok
00:06:06.0558 5324	VBoxNetAdp      (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:06:06.0574 5324	VBoxNetAdp - ok
00:06:06.0605 5324	VBoxNetFlt      (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
00:06:06.0605 5324	VBoxNetFlt - ok
00:06:06.0652 5324	VBoxUSBMon      (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
00:06:06.0652 5324	VBoxUSBMon - ok
00:06:06.0699 5324	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:06:06.0714 5324	vdrvroot - ok
00:06:06.0730 5324	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:06:06.0745 5324	vga - ok
00:06:06.0777 5324	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:06:06.0808 5324	VgaSave - ok
00:06:06.0823 5324	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:06:06.0839 5324	vhdmp - ok
00:06:06.0855 5324	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:06:06.0870 5324	viaide - ok
00:06:06.0901 5324	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:06:06.0917 5324	volmgr - ok
00:06:06.0933 5324	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:06:06.0948 5324	volmgrx - ok
00:06:06.0979 5324	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:06:06.0979 5324	volsnap - ok
00:06:07.0011 5324	vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
00:06:07.0011 5324	vpcbus - ok
00:06:07.0073 5324	vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
00:06:07.0104 5324	vpcnfltr - ok
00:06:07.0120 5324	vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
00:06:07.0135 5324	vpcusb - ok
00:06:07.0182 5324	vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
00:06:07.0198 5324	vpcvmm - ok
00:06:07.0245 5324	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:06:07.0245 5324	vsmraid - ok
00:06:07.0291 5324	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:06:07.0323 5324	vwifibus - ok
00:06:07.0338 5324	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:06:07.0354 5324	vwififlt - ok
00:06:07.0401 5324	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:06:07.0416 5324	vwifimp - ok
00:06:07.0447 5324	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:06:07.0463 5324	WacomPen - ok
00:06:07.0494 5324	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:06:07.0525 5324	WANARP - ok
00:06:07.0541 5324	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:06:07.0572 5324	Wanarpv6 - ok
00:06:07.0635 5324	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:06:07.0635 5324	Wd - ok
00:06:07.0666 5324	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:06:07.0697 5324	Wdf01000 - ok
00:06:07.0728 5324	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:06:07.0744 5324	WfpLwf - ok
00:06:07.0791 5324	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:06:07.0791 5324	WIMMount - ok
00:06:07.0853 5324	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:06:07.0869 5324	WinUsb - ok
00:06:07.0931 5324	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
00:06:07.0931 5324	WmBEnum - ok
00:06:07.0962 5324	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
00:06:07.0962 5324	WmFilter - ok
00:06:08.0009 5324	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:06:08.0009 5324	WmiAcpi - ok
00:06:08.0040 5324	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
00:06:08.0040 5324	WmVirHid - ok
00:06:08.0071 5324	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
00:06:08.0071 5324	WmXlCore - ok
00:06:08.0103 5324	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:06:08.0134 5324	ws2ifsl - ok
00:06:08.0149 5324	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:06:08.0181 5324	WudfPf - ok
00:06:08.0212 5324	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:06:08.0243 5324	WUDFRd - ok
00:06:08.0337 5324	X6va005 - ok
00:06:08.0415 5324	xusb21          (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
00:06:08.0430 5324	xusb21 - ok
00:06:08.0477 5324	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:06:08.0727 5324	\Device\Harddisk0\DR0 - ok
00:06:08.0742 5324	Boot (0x1200)   (07fa0f7b29dc2ac220428cd4ee4b1de7) \Device\Harddisk0\DR0\Partition0
00:06:08.0742 5324	\Device\Harddisk0\DR0\Partition0 - ok
00:06:08.0773 5324	Boot (0x1200)   (f60e8f2668641c4546f5695ea2fc72f5) \Device\Harddisk0\DR0\Partition1
00:06:08.0773 5324	\Device\Harddisk0\DR0\Partition1 - ok
00:06:08.0773 5324	============================================================
00:06:08.0773 5324	Scan finished
00:06:08.0773 5324	============================================================
00:06:08.0773 5260	Detected object count: 1
00:06:08.0773 5260	Actual detected object count: 1
00:06:50.0550 5260	acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:50.0550 5260	acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 29.12.2011, 00:36   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.12.2011, 01:14   #14
keno1
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Hier ist es.

Dazu muss ich aber noch erwähnen, das combofix meinte das irgendetwas von avira noch laufen würde, obwohl ich den echtzeit Scanner geschlossen hatte.

Code:
ATTFilter
ComboFix 11-12-28.03 - Kenan 29.12.2011   1:05.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6055.4461 [GMT 1:00]
ausgeführt von:: c:\users\Kenan\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\assembly\tmp\U
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-28 bis 2011-12-29  ))))))))))))))))))))))))))))))
.
.
2011-12-29 00:08 . 2011-12-29 00:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-28 21:23 . 2011-12-28 21:23	--------	d-----w-	C:\_OTL
2011-12-27 23:28 . 2011-12-27 23:29	--------	d-----w-	c:\users\Kenan\AppData\Local\AA3DeployClient
2011-12-27 23:28 . 2011-12-27 23:28	--------	d-----w-	c:\programdata\AA3DeployClient
2011-12-27 23:26 . 2011-12-27 23:29	--------	d-----w-	c:\users\Kenan\AppData\Local\Deployment
2011-12-27 23:26 . 2011-12-27 23:26	--------	d-----w-	c:\users\Kenan\AppData\Local\Apps
2011-12-27 17:31 . 2011-12-27 17:31	--------	d-----w-	c:\program files (x86)\ESET
2011-12-27 17:11 . 2011-12-27 17:11	--------	d-----w-	c:\users\Kenan\AppData\Roaming\Malwarebytes
2011-12-27 17:11 . 2011-12-27 17:11	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-27 17:11 . 2011-12-28 02:46	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-27 17:11 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-27 16:00 . 2011-12-27 16:00	--------	d-----w-	c:\program files (x86)\7-Zip
2011-12-26 00:05 . 2011-12-26 00:05	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-12-23 11:03 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{871BF9DD-9CF3-4426-936A-795079160033}\mpengine.dll
2011-12-22 12:19 . 2009-03-18 16:35	33856	---ha-w-	c:\windows\system32\hamachi.sys
2011-12-22 12:19 . 2011-12-22 12:19	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2011-12-15 19:00 . 2011-11-04 01:53	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-12-15 19:00 . 2011-11-04 01:48	887296	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2011-12-15 19:00 . 2011-11-04 01:44	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2011-12-15 19:00 . 2011-11-03 22:47	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-12-15 19:00 . 2011-11-03 22:42	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-12-15 15:34 . 2011-12-22 14:33	--------	d-----w-	c:\users\Kenan\AppData\Roaming\Canon
2011-12-15 14:47 . 2006-09-12 20:00	80896	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPP7Q.DLL
2011-12-15 14:47 . 2006-09-12 20:00	27136	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPD7Q.DLL
2011-12-15 13:43 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-15 13:43 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-15 13:43 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-15 13:43 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-15 13:43 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-15 13:43 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-12-12 14:31 . 2011-12-12 14:31	--------	d-----w-	c:\users\Kenan\AppData\Local\Logitech
2011-12-12 14:30 . 2011-12-12 14:30	--------	d-----w-	c:\program files\Common Files\Logitech
2011-12-12 14:30 . 2011-12-12 14:30	--------	d-----w-	c:\program files\Logitech
2011-12-03 13:35 . 2009-09-04 16:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2011-12-03 13:35 . 2009-09-04 16:29	235344	----a-w-	c:\windows\SysWow64\d3dx11_42.dll
2011-12-03 13:35 . 2009-09-04 16:29	1974616	----a-w-	c:\windows\SysWow64\D3DCompiler_42.dll
2011-12-03 13:35 . 2011-12-03 13:35	--------	d-----w-	c:\programdata\DDD
2011-12-03 13:35 . 2011-12-03 13:35	--------	d-----w-	c:\program files (x86)\TriDef 3D
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 22:41 . 2011-08-04 22:35	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 19:42 . 2011-10-14 18:26	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-18 21:21 . 2011-06-29 13:39	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2011-10-18 21:21 . 2011-06-29 13:39	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2011-10-11 13:00 . 2011-10-14 18:26	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-14 18:26	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-06-24 75048]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/18 23:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-06-24 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Kenan\AppData\Local\Temp\0059961.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-24 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-14 550080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 98389337
*Deregistered* - 98389337
*Deregistered* - CLKMDRV10_9EC60124
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-04 2188904]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = 
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Kenan\AppData\Local\Temp\0059961.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2480412338-4109954872-1758289751-1001\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-29  01:10:21
ComboFix-quarantined-files.txt  2011-12-29 00:10
.
Vor Suchlauf: 15 Verzeichnis(se), 353.961.250.816 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 355.661.479.936 Bytes frei
.
- - End Of File - - 56D50A04EFCE8287C4DE344B631C5826
         

Alt 29.12.2011, 01:16   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Standard

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt
.dll, antivir, autostart, desktop, dllhost.exe, entfernen, fehlalarm, fehler, fehlermeldung, firefox, forum, frage, logfiles, modul, namen, neustart, nt.dll, problem, programm, prozesse, sched.exe, seite, server, system, temp, trojaner, trojaner tr/atraps.gen, trojaner tr/atraps.gen2, updates, windows



Ähnliche Themen: AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt


  1. TR/ATRAPS.Gen2 und TR/AGENT.ZDZR werden fortlaufend von AntiVir auf meinem Laptop entdeckt - nicht löschbar
    Log-Analyse und Auswertung - 03.12.2013 (3)
  2. Antivir findet immer wieder TR/atraps.gen, TR/atraps.gen2 , HTML/expKit.Gen3
    Log-Analyse und Auswertung - 17.11.2013 (12)
  3. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  4. TR/Atraps.gen2 und TR/Spy.390321 entdeckt!
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (3)
  5. TR/ATRAPS.Gen2 von AntiVir entdeckt
    Log-Analyse und Auswertung - 14.09.2012 (1)
  6. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  7. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  8. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  9. tr/atraps.gen und tr/atraps.gen2 - heute Entdeckt, was tun?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  10. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  11. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Trojaner tr/atraps.gen & tr atraps.gen2 von AntiVir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (5)
  14. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  15. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  16. Antivir hat den Trojaner :TR/Crypt.XPACK.Gen2 entdeckt. Was tun ?
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  17. Mein Antivir hat den Trojaner TR/ATRAPS.Gen2 entdeckt
    Log-Analyse und Auswertung - 06.01.2012 (2)

Zum Thema AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt - Hallo leute, ich bin auf euer Forum gestoßen und sehe das ihr sehr hilfsbereit seit. Ich würde mich freuen, wenn ihr auch mal nen Blick auf mein Problem bitte werfen - AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt...
Archiv
Du betrachtest: AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.