| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Registrierungsreparatur nach TrojanerbefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.05.2012, 11:25
| #1 |
 |  Registrierungsreparatur nach Trojanerbefall hy, hatte folgende schädlinge auf der windos7 platte: Code:
ATTFilter C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\U\00000008.@\[Embedded_R#00310]\[UPX]
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\n
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\-----\AppData\Roaming\3.EXE
C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
C:\Windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_99931ad927972550\AppLaunch.exe
im internet find ich nix jedenfalls nix hilfreiches. das problem ist nun, das nach jedem neustart die desktopsymbole groß sind und deren position nicht gespeichert werden, auch kann man im explorer die sichteinstellung "details" nicht speichern, nach jedem aufrufen von explorer ist die ansicht auf standard (tiles) nun wollt ich fragen ob hier jemnad weiß, was diese genannten schaedlinge in der registry ändern, um das manuell zu beheben. vielen dank thimo |
|
23.05.2012, 08:10
| #2 | |
| /// Malwareteam    | Registrierungsreparatur nach TrojanerbefallZitat:
Dieser Schädling lässt sich nicht einfach durch eine RescueCD ausheblen! Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link: An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?
__________________ |
|
23.05.2012, 12:01
| #3 |
| | Registrierungsreparatur nach Trojanerbefall vielen lieben dank fue deine reaktion, anbei die logs:
__________________Attach: [code] . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . 'Full Speed' Internet Booster + Performance Tests 7-Zip 9.20 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Apple Application Support Apple Software Update avast! Internet Security Bitcoin CCleaner Command & Conquer Generals Command and ConquerTM Generals Zero Hour CoreAVC Professional Edition (remove only) CrystalDiskInfo 4.1.3 DVDFab 8.1.7.5 (07/04/2012) Qt FileASSASSIN FileServe Manager 1.0.0.3394 FileZilla Client 3.5.3 GPL Ghostscript Haali Media Splitter HD Tune Pro 5.00 HDDlife Pro 4.0 IncrediMail IncrediMail 2.0 IncrediMail Password Recovery Internet Cyclone 1.92 IrfanView (remove only) Java Auto Updater Java(TM) 6 Update 31 Java(TM) 7 Update 3 K-Lite Mega Codec Pack 7.8.0 LG Tool Kit Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft_VC100_CRT_SP1_x86 MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mytoolsoft Watermark Software 2.7.6 Nokia Connectivity Cable Driver Nokia Ovi Suite Software Updater Nokia Suite Notepad++ NTREGOPT 1.1j NVIDIA Graphics Driver 296.10 NVIDIA Install Application OviMPlatform PantsOff 2.0 PC Connectivity Solution PDF-XChange Viewer PerfectDisk 10 Professional PhotoME PowerISO QuickTime Realtek AC'97 Audio Registry Repair 4.1.0.388 RouterControl 2.0 Samsung New PC Studio Samsung SF-360_CF-360 Series SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) SRWare Iron version SRWare Iron 18.0.1050.0 System Requirements Lab TeamViewer 7 Technitium MAC Address Changer v6.0 Tinypic 3.18 TUGZip 3.5 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) Uniblue SpeedUpMyPC Unlocker 1.9.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Virtual CD v10 WIDCOMM Bluetooth Software 6.0.1.6300 Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) WinPcap 4.1.2 WinUtilities 10.38 Professional Edition WordToPDF 2.7 . ==== End Of File =========================== Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by ----- at 12:53:48 on 2012-05-23
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uWindow Title = >>> 'Full Speed' Enabled <<<
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Download with FileServe Manager - c:\program files\fileserve manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129} : NameServer = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-22 13:12:56 -------- d-----w- c:\users\-----\appdata\roaming\GlarySoft
2012-05-22 13:04:46 -------- d-----w- c:\program files\Uniblue
2012-05-22 12:21:31 -------- d-----w- c:\program files\Glarysoft
2012-05-21 10:12:57 -------- d-----w- c:\program files\Passcape
2012-05-18 11:58:38 -------- d-----w- c:\users\-----\appdata\roaming\Profiles
2012-05-18 11:58:37 -------- d-----w- c:\users\-----\appdata\roaming\Skins
2012-05-18 11:58:37 -------- d-----w- c:\users\-----\appdata\roaming\Settings
2012-05-18 11:58:37 -------- d-----w- c:\users\-----\appdata\roaming\Language
2012-05-10 20:37:24 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37:21 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 20:37:20 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 20:37:20 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 20:37:20 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 20:37:04 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37:04 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37:03 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 20:36:02 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36:00 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-05 12:35:11 -------- d-----w- c:\program files\common files\SpeechEngines
2012-05-02 18:50:37 -------- d-sh--w- c:\programdata\MPK
2012-05-02 18:50:37 -------- d-sh--w- c:\program files\KGB
2012-04-30 21:37:12 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-30 21:36:48 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-04-30 21:36:48 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-04-30 21:36:48 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-04-28 17:09:20 -------- d-----w- c:\users\-----\appdata\roaming\HD Tune Pro
2012-04-28 17:06:19 -------- d-----w- c:\program files\HDTune
2012-04-28 16:44:43 -------- d-----w- c:\users\-----\appdata\local\Western Digital
2012-04-28 16:36:57 -------- d-----w- c:\users\-----\appdata\roaming\BinarySense
2012-04-28 16:35:48 -------- d-----w- c:\program files\HdLife
2012-04-28 16:35:48 -------- d-----w- c:\program files\common files\BinarySense
2012-04-28 15:41:51 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41:51 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2012-04-28 15:41:50 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2012-04-28 15:41:50 115016 ----a-w- c:\windows\system32\MSINET.OCX
2012-04-28 15:41:50 -------- d-----w- c:\program files\lg_fwupdate
2012-04-28 15:41:41 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-04-28 15:41:41 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-04-28 15:41:41 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-04-28 15:41:41 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-04-28 15:41:40 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-04-28 15:32:00 -------- d-----w- c:\program files\DVD Genie
.
==================== Find3M ====================
.
2012-05-22 13:26:12 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-05-22 13:26:10 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-05-22 13:26:07 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-05-10 06:54:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 06:54:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-08 16:35:20 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54:29 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-24 11:40:47 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2012-03-07 20:40:02 1010720 --s---r- c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 23:59:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:59:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:59:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:59:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:00 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:54:58.06 ===============
Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-23 12:44:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1203N rev.TL100-30
Running: rqfnzd0n.exe; Driver: C:\Users\-----\AppData\Local\Temp\pgddqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8B2E7CAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x8B2EA16E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8B2E9B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8B2E9B8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8B2E9CA2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8B2E9A8A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8B2E9BDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8B2E9ADE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8B2E9C50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8B2E7CD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8B2E7ADA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8B2E7CF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8B2EA548]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8B2E87F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8B2E9B64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8B2E9BB4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8B2E9CCC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8B2E9AB6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8B2E9C1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8B2E9B0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8B2E9C7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8B2E86BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x8B2EA57E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x8B2EA142]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8B2E7D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8B2E7D3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8B2E7B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8B2E7C44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8B2E7C56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x910A8BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 83047989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830674E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1393 8306E750 4 Bytes [AE, 7C, 2E, 8B]
.text ntoskrnl.exe!KeRemoveQueueEx + 140B 8306E7C8 4 Bytes [6E, A1, 2E, 8B]
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 8306E82C 8 Bytes [34, 9B, 2E, 8B, 8C, 9B, 2E, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 147B 8306E838 4 Bytes [A2, 9C, 2E, 8B]
.text ntoskrnl.exe!KeRemoveQueueEx + 1497 8306E854 4 Bytes [8A, 9A, 2E, 8B]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 831F448A 5 Bytes JMP 910A45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8321B9D6 5 Bytes JMP 910A6012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 832E4944 7 Bytes JMP 910A8BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Users\-----\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + 6 77985C2E 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 769874A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 76987535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 769876F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 00, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + 6 77985C2E 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 03, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 00, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 01, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 76987AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 02, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 01, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 02, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 76987B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 00, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 76987CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 01, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 02, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 03, 1D, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 00, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + 6 77985C2E 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 03, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 00, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 01, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 76989DA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 02, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 01, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 02, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 76989E35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 00, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 76989FF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 01, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 02, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 03, 40, 00]
.text C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 7768F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 00, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + 6 77985C2E 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 03, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 00, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 01, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 76987CA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 02, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 01, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 02, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 76987D35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 00, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 76987EF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 01, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 02, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 03, 1F, 00]
.text C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + 6 77985C2E 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 00, 33, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 769890A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 01, 33, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 02, 33, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 76989135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 769892F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 03, 33, 00]
.text C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtCreateFile + 6 779855CE 4 Bytes [28, 00, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtCreateFile + B 779855D3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + 6 77985C2E 1 Byte [28]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + 6 77985C2E 4 Bytes [28, 03, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + B 77985C33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenFile + 6 77985CDE 4 Bytes [68, 00, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenFile + B 77985CE3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcess + 6 77985D8E 4 Bytes [A8, 01, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcess + B 77985D93 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessToken + 6 77985D9E 4 Bytes CALL 7698A0A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessToken + B 77985DA3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessTokenEx + 6 77985DAE 4 Bytes [A8, 02, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessTokenEx + B 77985DB3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThread + 6 77985E0E 4 Bytes [68, 01, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThread + B 77985E13 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadToken + 6 77985E1E 4 Bytes [68, 02, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadToken + B 77985E23 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadTokenEx + 6 77985E2E 4 Bytes CALL 7698A135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadTokenEx + B 77985E33 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryAttributesFile + 6 77985F3E 4 Bytes [A8, 00, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryAttributesFile + B 77985F43 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryFullAttributesFile + 6 77985FEE 4 Bytes CALL 7698A2F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryFullAttributesFile + B 77985FF3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationFile + 6 7798663E 4 Bytes [28, 01, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationFile + B 77986643 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationThread + 6 7798669E 4 Bytes [28, 02, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationThread + B 779866A3 1 Byte [E2]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 1 Byte [68]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + 6 779869BE 4 Bytes [68, 03, 43, 00]
.text C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + B 779869C3 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
---- Services - GMER 1.0.15 ----
Service C:\Windows\system32\DRIVERS\vdrv1000.sys (*** hidden *** ) [SYSTEM] vdrv1000 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7 0x52 0x8F 0xFF 0xE2 ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655 0xC5 0x59 0x86 0x88 ...
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000@Start 1
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000@Type 1
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000@Tag 64
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet001\services\vdrv1000\security (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7 0x52 0x8F 0xFF 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655 0xC5 0x59 0x86 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag 64
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7 0x52 0x8F 0xFF 0xE2 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655 0xC5 0x59 0x86 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000@Tag 64
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet003\services\vdrv1000\security (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 9216 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
---- EOF - GMER 1.0.15 ----
|
|
23.05.2012, 12:23
| #4 |
| /// Malwareteam | Registrierungsreparatur nach Trojanerbefall Auweh! Mal gucken, of das hier tut: TDSS-Killer (Scan) Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
23.05.2012, 12:46
| #5 |
| | Registrierungsreparatur nach Trojanerbefall vielen lieben dank, hier der anhang: Code:
ATTFilter
0063 3396 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
13:41:30.0344 3396 ============================================================
13:41:30.0344 3396 Current date / time: 2012/05/23 13:41:30.0344
13:41:30.0344 3396 SystemInfo:
13:41:30.0344 3396
13:41:30.0344 3396 OS Version: 6.1.7601 ServicePack: 1.0
13:41:30.0344 3396 Product type: Workstation
13:41:30.0344 3396 ComputerName: -----
13:41:30.0344 3396 UserName: -----
13:41:30.0344 3396 Windows directory: C:\Windows
13:41:30.0344 3396 System windows directory: C:\Windows
13:41:30.0344 3396 Processor architecture: Intel x86
13:41:30.0344 3396 Number of processors: 1
13:41:30.0344 3396 Page size: 0x1000
13:41:30.0344 3396 Boot type: Normal boot
13:41:30.0344 3396 ============================================================
13:41:31.0391 3396 Drive \Device\Harddisk0\DR0 - Size: 0x1BF4187E00 (111.81 Gb), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:41:31.0407 3396 Drive \Device\Harddisk1\DR1 - Size: 0x9515A5E00 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:41:31.0407 3396 ============================================================
13:41:31.0407 3396 \Device\Harddisk0\DR0:
13:41:31.0422 3396 MBR partitions:
13:41:31.0422 3396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FCF9C3
13:41:31.0438 3396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6FCFA41, BlocksNum 0x6FCBB02
13:41:31.0438 3396 \Device\Harddisk1\DR1:
13:41:31.0438 3396 MBR partitions:
13:41:31.0438 3396 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
13:41:31.0438 3396 ============================================================
13:41:31.0454 3396 C: <-> \Device\Harddisk0\DR0\Partition0
13:41:31.0485 3396 D: <-> \Device\Harddisk1\DR1\Partition0
13:41:31.0516 3396 E: <-> \Device\Harddisk0\DR0\Partition1
13:41:31.0516 3396 ============================================================
13:41:31.0516 3396 Initialize success
13:41:31.0516 3396 ============================================================
13:42:16.0374 3764 ============================================================
13:42:16.0374 3764 Scan started
13:42:16.0374 3764 Mode: Manual; TDLFS;
13:42:16.0374 3764 ============================================================
13:42:17.0081 3764 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:42:17.0094 3764 1394ohci - ok
13:42:17.0154 3764 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:42:17.0170 3764 ACPI - ok
13:42:17.0230 3764 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:42:17.0233 3764 AcpiPmi - ok
13:42:17.0285 3764 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:42:17.0300 3764 adp94xx - ok
13:42:17.0339 3764 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:42:17.0359 3764 adpahci - ok
13:42:17.0407 3764 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:42:17.0426 3764 adpu320 - ok
13:42:17.0483 3764 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:42:17.0490 3764 AeLookupSvc - ok
13:42:17.0554 3764 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:42:17.0579 3764 AFD - ok
13:42:17.0624 3764 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:42:17.0625 3764 agp440 - ok
13:42:17.0684 3764 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:42:17.0693 3764 aic78xx - ok
13:42:17.0953 3764 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
13:42:18.0003 3764 ALCXWDM - ok
13:42:18.0120 3764 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:42:18.0127 3764 ALG - ok
13:42:18.0195 3764 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:42:18.0198 3764 aliide - ok
13:42:18.0225 3764 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:42:18.0236 3764 amdagp - ok
13:42:18.0281 3764 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:42:18.0285 3764 amdide - ok
13:42:18.0321 3764 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:42:18.0330 3764 AmdK8 - ok
13:42:18.0351 3764 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:42:18.0355 3764 AmdPPM - ok
13:42:18.0401 3764 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:42:18.0408 3764 amdsata - ok
13:42:18.0443 3764 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:42:18.0457 3764 amdsbs - ok
13:42:18.0503 3764 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:42:18.0505 3764 amdxata - ok
13:42:18.0547 3764 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:42:18.0553 3764 AppID - ok
13:42:18.0589 3764 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:42:18.0597 3764 AppIDSvc - ok
13:42:18.0653 3764 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:42:18.0658 3764 Appinfo - ok
13:42:18.0699 3764 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:42:18.0713 3764 AppMgmt - ok
13:42:18.0753 3764 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:42:18.0759 3764 arc - ok
13:42:18.0797 3764 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:42:18.0804 3764 arcsas - ok
13:42:18.0934 3764 aswArKrn - ok
13:42:19.0024 3764 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
13:42:19.0026 3764 aswFsBlk - ok
13:42:19.0070 3764 aswFW (25ace55b10046e9e6e9b148fa7abd3b7) C:\Windows\system32\drivers\aswFW.sys
13:42:19.0073 3764 aswFW - ok
13:42:19.0105 3764 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
13:42:19.0107 3764 aswMonFlt - ok
13:42:19.0141 3764 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
13:42:19.0143 3764 aswNdis - ok
13:42:19.0189 3764 aswNdis2 (125febcb61d33b358afc20866b8a9842) C:\Windows\system32\drivers\aswNdis2.sys
13:42:19.0198 3764 aswNdis2 - ok
13:42:19.0225 3764 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
13:42:19.0226 3764 aswRdr - ok
13:42:19.0281 3764 aswSnx (81f10376af5f0f466f03cb2c5321b7ed) C:\Windows\system32\drivers\aswSnx.sys
13:42:19.0287 3764 aswSnx - ok
13:42:19.0326 3764 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
13:42:19.0328 3764 aswSP - ok
13:42:19.0375 3764 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
13:42:19.0376 3764 aswTdi - ok
13:42:19.0403 3764 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:42:19.0405 3764 AsyncMac - ok
13:42:19.0438 3764 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:42:19.0440 3764 atapi - ok
13:42:19.0500 3764 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:42:19.0525 3764 AudioEndpointBuilder - ok
13:42:19.0561 3764 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:42:19.0569 3764 Audiosrv - ok
13:42:19.0650 3764 avast! Antivirus (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:42:19.0653 3764 avast! Antivirus - ok
13:42:19.0690 3764 avast! Firewall (8408b80b5d1927d5063e1250ea5d9a78) C:\Program Files\Alwil Software\Avast5\afwServ.exe
13:42:19.0693 3764 avast! Firewall - ok
13:42:19.0708 3764 avast! Web Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:42:19.0709 3764 avast! Web Scanner - ok
13:42:19.0760 3764 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:42:19.0766 3764 AxInstSV - ok
13:42:19.0824 3764 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:42:19.0847 3764 b06bdrv - ok
13:42:19.0890 3764 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:42:19.0917 3764 b57nd60x - ok
13:42:19.0967 3764 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:42:19.0974 3764 BDESVC - ok
13:42:20.0003 3764 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:42:20.0005 3764 Beep - ok
13:42:20.0075 3764 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
13:42:20.0105 3764 BITS - ok
13:42:20.0158 3764 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:42:20.0165 3764 blbdrive - ok
13:42:20.0213 3764 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:42:20.0218 3764 bowser - ok
13:42:20.0243 3764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:42:20.0246 3764 BrFiltLo - ok
13:42:20.0264 3764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:42:20.0266 3764 BrFiltUp - ok
13:42:20.0304 3764 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:42:20.0311 3764 Browser - ok
13:42:20.0347 3764 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:42:20.0367 3764 Brserid - ok
13:42:20.0391 3764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:42:20.0400 3764 BrSerWdm - ok
13:42:20.0419 3764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:42:20.0423 3764 BrUsbMdm - ok
13:42:20.0446 3764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:42:20.0448 3764 BrUsbSer - ok
13:42:20.0483 3764 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
13:42:20.0491 3764 BthEnum - ok
13:42:20.0511 3764 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:42:20.0519 3764 BTHMODEM - ok
13:42:20.0547 3764 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:42:20.0556 3764 BthPan - ok
13:42:20.0621 3764 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
13:42:20.0644 3764 BTHPORT - ok
13:42:20.0678 3764 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:42:20.0685 3764 bthserv - ok
13:42:20.0716 3764 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
13:42:20.0723 3764 BTHUSB - ok
13:42:20.0764 3764 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
13:42:20.0770 3764 btwaudio - ok
13:42:20.0817 3764 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\DRIVERS\btwavdt.sys
13:42:20.0826 3764 btwavdt - ok
13:42:20.0861 3764 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:42:20.0875 3764 cdfs - ok
13:42:20.0924 3764 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:42:20.0930 3764 cdrom - ok
13:42:20.0971 3764 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:42:20.0977 3764 CertPropSvc - ok
13:42:21.0015 3764 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:42:21.0024 3764 circlass - ok
13:42:21.0086 3764 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:42:21.0103 3764 CLFS - ok
13:42:21.0185 3764 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:42:21.0196 3764 clr_optimization_v2.0.50727_32 - ok
13:42:21.0321 3764 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:42:21.0326 3764 clr_optimization_v4.0.30319_32 - ok
13:42:21.0359 3764 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:42:21.0361 3764 CmBatt - ok
13:42:21.0399 3764 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:42:21.0401 3764 cmdide - ok
13:42:21.0419 3764 cmuda3 - ok
13:42:21.0471 3764 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:42:21.0486 3764 CNG - ok
13:42:21.0513 3764 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:42:21.0516 3764 Compbatt - ok
13:42:21.0556 3764 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:42:21.0564 3764 CompositeBus - ok
13:42:21.0583 3764 COMSysApp - ok
13:42:21.0610 3764 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:42:21.0617 3764 crcdisk - ok
13:42:21.0669 3764 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:42:21.0680 3764 CryptSvc - ok
13:42:21.0749 3764 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:42:21.0770 3764 CscService - ok
13:42:21.0837 3764 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:42:21.0869 3764 DcomLaunch - ok
13:42:21.0916 3764 DefragFS (292e9ec82df08cbdd1cc51d963f38248) C:\Windows\system32\drivers\DefragFS.sys
13:42:21.0917 3764 DefragFS - ok
13:42:21.0971 3764 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:42:21.0983 3764 defragsvc - ok
13:42:22.0020 3764 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:42:22.0027 3764 DfsC - ok
13:42:22.0078 3764 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:42:22.0088 3764 Dhcp - ok
13:42:22.0124 3764 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:42:22.0131 3764 discache - ok
13:42:22.0163 3764 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:42:22.0164 3764 Disk - ok
13:42:22.0220 3764 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:42:22.0235 3764 Dnscache - ok
13:42:22.0280 3764 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:42:22.0292 3764 dot3svc - ok
13:42:22.0338 3764 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:42:22.0350 3764 DPS - ok
13:42:22.0386 3764 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:42:22.0389 3764 drmkaud - ok
13:42:22.0468 3764 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:42:22.0477 3764 DXGKrnl - ok
13:42:22.0513 3764 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:42:22.0528 3764 EapHost - ok
13:42:22.0731 3764 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:42:22.0838 3764 ebdrv - ok
13:42:22.0962 3764 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:42:22.0968 3764 EFS - ok
13:42:23.0067 3764 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:42:23.0084 3764 ehRecvr - ok
13:42:23.0133 3764 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:42:23.0141 3764 ehSched - ok
13:42:23.0237 3764 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:42:23.0258 3764 elxstor - ok
13:42:23.0292 3764 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:42:23.0294 3764 ErrDev - ok
13:42:23.0383 3764 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:42:23.0403 3764 EventSystem - ok
13:42:23.0440 3764 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:42:23.0454 3764 exfat - ok
13:42:23.0492 3764 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:42:23.0504 3764 fastfat - ok
13:42:23.0576 3764 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:42:23.0595 3764 Fax - ok
13:42:23.0627 3764 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:42:23.0635 3764 fdc - ok
13:42:23.0688 3764 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:42:23.0694 3764 fdPHost - ok
13:42:23.0723 3764 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:42:23.0730 3764 FDResPub - ok
13:42:23.0756 3764 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:42:23.0758 3764 FileInfo - ok
13:42:23.0811 3764 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:42:23.0819 3764 Filetrace - ok
13:42:23.0853 3764 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:42:23.0856 3764 flpydisk - ok
13:42:23.0898 3764 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:42:23.0910 3764 FltMgr - ok
13:42:23.0995 3764 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:42:24.0023 3764 FontCache - ok
13:42:24.0107 3764 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:42:24.0116 3764 FontCache3.0.0.0 - ok
13:42:24.0154 3764 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:42:24.0160 3764 FsDepends - ok
13:42:24.0217 3764 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
13:42:24.0234 3764 FsUsbExDisk - ok
13:42:24.0271 3764 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\Windows\system32\FsUsbExService.Exe
13:42:24.0291 3764 FsUsbExService - ok
13:42:24.0328 3764 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:42:24.0329 3764 Fs_Rec - ok
13:42:24.0379 3764 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:42:24.0390 3764 fvevol - ok
13:42:24.0433 3764 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:42:24.0439 3764 gagp30kx - ok
13:42:24.0510 3764 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:42:24.0537 3764 gpsvc - ok
13:42:24.0565 3764 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:42:24.0573 3764 hcw85cir - ok
13:42:24.0611 3764 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:42:24.0624 3764 HDAudBus - ok
13:42:24.0737 3764 HDDlife HDD Access service (dce43f051d80820a28307d527bd4e947) C:\Program Files\Common Files\BinarySense\hldasvc.exe
13:42:24.0767 3764 HDDlife HDD Access service - ok
13:42:24.0797 3764 HH10Help.sys (d1c92d1e1620da2e22e3f483a73729d7) C:\Windows\system32\drivers\HH10Help.sys
13:42:24.0799 3764 HH10Help.sys - ok
13:42:24.0835 3764 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:42:24.0838 3764 HidBatt - ok
13:42:24.0864 3764 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:42:24.0874 3764 HidBth - ok
13:42:24.0902 3764 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:42:24.0909 3764 HidIr - ok
13:42:24.0951 3764 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:42:24.0973 3764 hidserv - ok
13:42:25.0007 3764 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:42:25.0010 3764 HidUsb - ok
13:42:25.0057 3764 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:42:25.0074 3764 hkmsvc - ok
13:42:25.0126 3764 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:42:25.0139 3764 HomeGroupListener - ok
13:42:25.0191 3764 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:42:25.0213 3764 HomeGroupProvider - ok
13:42:25.0253 3764 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:42:25.0260 3764 HpSAMD - ok
13:42:25.0318 3764 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:42:25.0347 3764 HTTP - ok
13:42:25.0374 3764 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:42:25.0375 3764 hwpolicy - ok
13:42:25.0411 3764 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:42:25.0417 3764 i8042prt - ok
13:42:25.0471 3764 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:42:25.0489 3764 iaStorV - ok
13:42:25.0617 3764 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:42:25.0644 3764 idsvc - ok
13:42:25.0687 3764 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:42:25.0695 3764 iirsp - ok
13:42:25.0775 3764 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:42:25.0797 3764 IKEEXT - ok
13:42:25.0838 3764 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:42:25.0840 3764 intelide - ok
13:42:25.0885 3764 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:42:25.0891 3764 intelppm - ok
13:42:25.0926 3764 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:42:25.0943 3764 IPBusEnum - ok
13:42:25.0974 3764 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:42:25.0980 3764 IpFilterDriver - ok
13:42:26.0023 3764 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:42:26.0034 3764 IPMIDRV - ok
13:42:26.0076 3764 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:42:26.0083 3764 IPNAT - ok
13:42:26.0105 3764 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:42:26.0108 3764 IRENUM - ok
13:42:26.0145 3764 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:42:26.0153 3764 isapnp - ok
13:42:26.0199 3764 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:42:26.0213 3764 iScsiPrt - ok
13:42:26.0245 3764 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:42:26.0247 3764 kbdclass - ok
13:42:26.0279 3764 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:42:26.0287 3764 kbdhid - ok
13:42:26.0321 3764 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:26.0327 3764 KeyIso - ok
13:42:26.0360 3764 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:42:26.0368 3764 KMWDFILTERx86 - ok
13:42:26.0414 3764 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:42:26.0419 3764 KSecDD - ok
13:42:26.0458 3764 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:42:26.0471 3764 KSecPkg - ok
13:42:26.0525 3764 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:42:26.0544 3764 KtmRm - ok
13:42:26.0611 3764 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
13:42:26.0628 3764 LanmanServer - ok
13:42:26.0669 3764 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:42:26.0684 3764 LanmanWorkstation - ok
13:42:26.0733 3764 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:42:26.0740 3764 lltdio - ok
13:42:26.0789 3764 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:42:26.0806 3764 lltdsvc - ok
13:42:26.0831 3764 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:42:26.0836 3764 lmhosts - ok
13:42:26.0854 3764 LMImirr - ok
13:42:26.0892 3764 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:42:26.0898 3764 LSI_FC - ok
13:42:26.0922 3764 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:42:26.0934 3764 LSI_SAS - ok
13:42:26.0962 3764 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:42:26.0970 3764 LSI_SAS2 - ok
13:42:26.0995 3764 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:42:27.0006 3764 LSI_SCSI - ok
13:42:27.0037 3764 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:42:27.0043 3764 luafv - ok
13:42:27.0086 3764 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\DRIVERS\LVUSBSta.sys
13:42:27.0087 3764 LVUSBSta - ok
13:42:27.0140 3764 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:42:27.0143 3764 MBAMProtector - ok
13:42:27.0255 3764 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:42:27.0279 3764 MBAMService - ok
13:42:27.0324 3764 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:42:27.0333 3764 Mcx2Svc - ok
13:42:27.0368 3764 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:42:27.0375 3764 megasas - ok
13:42:27.0416 3764 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:42:27.0427 3764 MegaSR - ok
13:42:27.0486 3764 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:42:27.0493 3764 Microsoft Office Groove Audit Service - ok
13:42:27.0529 3764 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:42:27.0545 3764 MMCSS - ok
13:42:27.0625 3764 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:42:27.0633 3764 Modem - ok
13:42:27.0673 3764 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:42:27.0675 3764 monitor - ok
13:42:27.0714 3764 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:42:27.0716 3764 mouclass - ok
13:42:27.0748 3764 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:42:27.0755 3764 mouhid - ok
13:42:27.0801 3764 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:42:27.0807 3764 mountmgr - ok
13:42:27.0844 3764 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:42:27.0857 3764 mpio - ok
13:42:27.0900 3764 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:42:27.0907 3764 mpsdrv - ok
13:42:27.0953 3764 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:42:27.0966 3764 MRxDAV - ok
13:42:28.0014 3764 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:42:28.0028 3764 mrxsmb - ok
13:42:28.0070 3764 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:42:28.0081 3764 mrxsmb10 - ok
13:42:28.0120 3764 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:42:28.0126 3764 mrxsmb20 - ok
13:42:28.0156 3764 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:42:28.0164 3764 msahci - ok
13:42:28.0223 3764 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:42:28.0236 3764 msdsm - ok
13:42:28.0289 3764 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:42:28.0307 3764 MSDTC - ok
13:42:28.0364 3764 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:42:28.0366 3764 Msfs - ok
13:42:28.0390 3764 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:42:28.0395 3764 mshidkmdf - ok
13:42:28.0435 3764 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:42:28.0437 3764 msisadrv - ok
13:42:28.0484 3764 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:42:28.0498 3764 MSiSCSI - ok
13:42:28.0516 3764 msiserver - ok
13:42:28.0546 3764 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:42:28.0548 3764 MSKSSRV - ok
13:42:28.0568 3764 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:42:28.0571 3764 MSPCLOCK - ok
13:42:28.0589 3764 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:42:28.0593 3764 MSPQM - ok
13:42:28.0628 3764 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:42:28.0641 3764 MsRPC - ok
13:42:28.0693 3764 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:42:28.0695 3764 mssmbios - ok
13:42:28.0720 3764 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:42:28.0723 3764 MSTEE - ok
13:42:28.0744 3764 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:42:28.0746 3764 MTConfig - ok
13:42:28.0778 3764 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:42:28.0783 3764 Mup - ok
13:42:28.0853 3764 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:42:28.0886 3764 napagent - ok
13:42:28.0933 3764 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:42:28.0950 3764 NativeWifiP - ok
13:42:29.0030 3764 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:42:29.0060 3764 NDIS - ok
13:42:29.0088 3764 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:42:29.0096 3764 NdisCap - ok
13:42:29.0134 3764 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:42:29.0136 3764 NdisTapi - ok
13:42:29.0168 3764 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:42:29.0184 3764 Ndisuio - ok
13:42:29.0220 3764 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:42:29.0235 3764 NdisWan - ok
13:42:29.0286 3764 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:42:29.0292 3764 NDProxy - ok
13:42:29.0344 3764 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:42:29.0353 3764 NetBIOS - ok
13:42:29.0404 3764 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:42:29.0415 3764 NetBT - ok
13:42:29.0463 3764 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:29.0467 3764 Netlogon - ok
13:42:29.0519 3764 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:42:29.0546 3764 Netman - ok
13:42:29.0597 3764 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:42:29.0621 3764 netprofm - ok
13:42:29.0708 3764 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:42:29.0720 3764 NetTcpPortSharing - ok
13:42:29.0754 3764 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:42:29.0761 3764 nfrd960 - ok
13:42:29.0833 3764 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:42:29.0849 3764 NlaSvc - ok
13:42:29.0928 3764 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
13:42:29.0931 3764 nmwcd - ok
13:42:29.0975 3764 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
13:42:29.0977 3764 nmwcdc - ok
13:42:30.0015 3764 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys
13:42:30.0029 3764 nmwcdnsu - ok
13:42:30.0053 3764 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\Windows\system32\drivers\nmwcdnsuc.sys
13:42:30.0056 3764 nmwcdnsuc - ok
13:42:30.0104 3764 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
13:42:30.0111 3764 NPF - ok
13:42:30.0139 3764 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:42:30.0147 3764 Npfs - ok
13:42:30.0199 3764 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:42:30.0207 3764 nsi - ok
13:42:30.0233 3764 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:42:30.0236 3764 nsiproxy - ok
13:42:30.0350 3764 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:42:30.0395 3764 Ntfs - ok
13:42:30.0428 3764 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:42:30.0430 3764 Null - ok
13:42:31.0133 3764 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:42:31.0254 3764 nvlddmkm - ok
13:42:31.0422 3764 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:42:31.0435 3764 nvraid - ok
13:42:31.0483 3764 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:42:31.0495 3764 nvstor - ok
13:42:31.0559 3764 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
13:42:31.0585 3764 nvsvc - ok
13:42:31.0819 3764 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:42:31.0889 3764 nvUpdatusService - ok
13:42:32.0039 3764 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:42:32.0045 3764 nv_agp - ok
13:42:32.0125 3764 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:42:32.0139 3764 odserv - ok
13:42:32.0194 3764 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:42:32.0200 3764 ohci1394 - ok
13:42:32.0239 3764 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:42:32.0250 3764 ose - ok
13:42:32.0315 3764 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:42:32.0334 3764 p2pimsvc - ok
13:42:32.0386 3764 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:42:32.0410 3764 p2psvc - ok
13:42:32.0460 3764 PAC7311 (2085d5168fc0c56bb13304d180d244b6) C:\Windows\system32\DRIVERS\PA707UCM.SYS
13:42:32.0468 3764 PAC7311 - ok
13:42:32.0513 3764 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:42:32.0526 3764 Parport - ok
13:42:32.0559 3764 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:42:32.0561 3764 partmgr - ok
13:42:32.0585 3764 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:42:32.0587 3764 Parvdm - ok
13:42:32.0625 3764 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:42:32.0646 3764 PcaSvc - ok
13:42:32.0700 3764 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:42:32.0704 3764 pccsmcfd - ok
13:42:32.0744 3764 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:42:32.0757 3764 pci - ok
13:42:32.0796 3764 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:42:32.0799 3764 pciide - ok
13:42:32.0845 3764 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:42:32.0857 3764 pcmcia - ok
13:42:32.0885 3764 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:42:32.0887 3764 pcw - ok
13:42:33.0031 3764 PDAgent (6abb7315658f35e448207b0ce69025bc) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
13:42:33.0073 3764 PDAgent - ok
13:42:33.0156 3764 PDEngine (b5838b97235014d5378b80ed05d4ef30) C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
13:42:33.0193 3764 PDEngine - ok
13:42:33.0378 3764 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:42:33.0398 3764 PEAUTH - ok
13:42:33.0494 3764 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:42:33.0533 3764 PeerDistSvc - ok
13:42:33.0666 3764 PID_0928 (3551190e9cf1eb4c0971bdef4269ca25) C:\Windows\system32\DRIVERS\LV561AV.SYS
13:42:33.0689 3764 PID_0928 - ok
13:42:33.0809 3764 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:42:33.0874 3764 pla - ok
13:42:34.0018 3764 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:42:34.0038 3764 PlugPlay - ok
13:42:34.0083 3764 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:42:34.0090 3764 PNRPAutoReg - ok
13:42:34.0144 3764 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:42:34.0155 3764 PNRPsvc - ok
13:42:34.0221 3764 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:42:34.0246 3764 PolicyAgent - ok
13:42:34.0303 3764 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:42:34.0324 3764 Power - ok
13:42:34.0388 3764 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:42:34.0396 3764 PptpMiniport - ok
13:42:34.0441 3764 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:42:34.0457 3764 Processor - ok
13:42:34.0499 3764 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:42:34.0510 3764 ProfSvc - ok
13:42:34.0543 3764 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:34.0547 3764 ProtectedStorage - ok
13:42:34.0610 3764 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:42:34.0617 3764 Psched - ok
13:42:34.0716 3764 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:42:34.0773 3764 ql2300 - ok
13:42:34.0933 3764 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:42:34.0948 3764 ql40xx - ok
13:42:35.0010 3764 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:42:35.0031 3764 QWAVE - ok
13:42:35.0054 3764 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:42:35.0057 3764 QWAVEdrv - ok
13:42:35.0079 3764 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:42:35.0081 3764 RasAcd - ok
13:42:35.0121 3764 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:42:35.0128 3764 RasAgileVpn - ok
13:42:35.0169 3764 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:42:35.0194 3764 RasAuto - ok
13:42:35.0228 3764 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:42:35.0236 3764 Rasl2tp - ok
13:42:35.0293 3764 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:42:35.0314 3764 RasMan - ok
13:42:35.0351 3764 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:42:35.0360 3764 RasPppoe - ok
13:42:35.0397 3764 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:42:35.0405 3764 RasSstp - ok
13:42:35.0467 3764 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:42:35.0478 3764 rdbss - ok
13:42:35.0509 3764 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:42:35.0513 3764 rdpbus - ok
13:42:35.0553 3764 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:42:35.0555 3764 RDPCDD - ok
13:42:35.0604 3764 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:42:35.0616 3764 RDPDR - ok
13:42:35.0648 3764 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:42:35.0650 3764 RDPENCDD - ok
13:42:35.0688 3764 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:42:35.0690 3764 RDPREFMP - ok
13:42:35.0741 3764 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:42:35.0745 3764 RdpVideoMiniport - ok
13:42:35.0792 3764 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
13:42:35.0805 3764 RDPWD - ok
13:42:35.0841 3764 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:42:35.0854 3764 rdyboost - ok
13:42:35.0911 3764 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:42:35.0925 3764 RemoteAccess - ok
13:42:35.0971 3764 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:42:35.0986 3764 RemoteRegistry - ok
13:42:36.0023 3764 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:42:36.0035 3764 RFCOMM - ok
13:42:36.0096 3764 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
13:42:36.0110 3764 rpcapd - ok
13:42:36.0168 3764 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:42:36.0198 3764 RpcEptMapper - ok
13:42:36.0234 3764 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:42:36.0239 3764 RpcLocator - ok
13:42:36.0292 3764 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:42:36.0304 3764 RpcSs - ok
13:42:36.0360 3764 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:42:36.0368 3764 rspndr - ok
13:42:36.0406 3764 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:42:36.0409 3764 s3cap - ok
13:42:36.0446 3764 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:36.0451 3764 SamSs - ok
13:42:36.0488 3764 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:42:36.0500 3764 sbp2port - ok
13:42:36.0548 3764 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:42:36.0564 3764 SCardSvr - ok
13:42:36.0597 3764 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys
13:42:36.0599 3764 SCDEmu - ok
13:42:36.0640 3764 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:42:36.0648 3764 scfilter - ok
13:42:36.0725 3764 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:42:36.0758 3764 Schedule - ok
13:42:36.0798 3764 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:42:36.0800 3764 SCPolicySvc - ok
13:42:36.0844 3764 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:42:36.0857 3764 SDRSVC - ok
13:42:36.0910 3764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:42:36.0914 3764 secdrv - ok
13:42:36.0953 3764 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:42:36.0960 3764 seclogon - ok
13:42:36.0988 3764 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:42:37.0003 3764 SENS - ok
13:42:37.0045 3764 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:42:37.0063 3764 SensrSvc - ok
13:42:37.0097 3764 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:42:37.0100 3764 Serenum - ok
13:42:37.0139 3764 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:42:37.0146 3764 Serial - ok
13:42:37.0205 3764 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:42:37.0208 3764 sermouse - ok
13:42:37.0314 3764 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:42:37.0321 3764 ServiceLayer - ok
13:42:37.0394 3764 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:42:37.0405 3764 SessionEnv - ok
13:42:37.0443 3764 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:42:37.0446 3764 sffdisk - ok
13:42:37.0478 3764 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:42:37.0481 3764 sffp_mmc - ok
13:42:37.0514 3764 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:42:37.0516 3764 sffp_sd - ok
13:42:37.0554 3764 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:42:37.0557 3764 sfloppy - ok
13:42:37.0647 3764 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:42:37.0672 3764 ShellHWDetection - ok
13:42:37.0710 3764 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:42:37.0721 3764 sisagp - ok
13:42:37.0758 3764 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:42:37.0766 3764 SiSRaid2 - ok
13:42:37.0790 3764 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:42:37.0794 3764 SiSRaid4 - ok
13:42:37.0820 3764 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:42:37.0830 3764 Smb - ok
13:42:37.0888 3764 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:42:37.0897 3764 SNMPTRAP - ok
13:42:37.0927 3764 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:42:37.0929 3764 spldr - ok
13:42:37.0993 3764 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:42:38.0009 3764 Spooler - ok
13:42:38.0226 3764 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:42:38.0340 3764 sppsvc - ok
13:42:38.0556 3764 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:42:38.0572 3764 sppuinotify - ok
13:42:38.0649 3764 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:42:38.0666 3764 srv - ok
13:42:38.0723 3764 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:42:38.0739 3764 srv2 - ok
13:42:38.0771 3764 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:42:38.0781 3764 srvnet - ok
13:42:38.0847 3764 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:42:38.0868 3764 SSDPSRV - ok
13:42:38.0905 3764 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:42:38.0918 3764 SstpSvc - ok
13:42:38.0955 3764 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:42:38.0963 3764 stexstor - ok
13:42:39.0045 3764 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:42:39.0074 3764 StiSvc - ok
13:42:39.0116 3764 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:42:39.0118 3764 storflt - ok
13:42:39.0166 3764 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:42:39.0187 3764 StorSvc - ok
13:42:39.0214 3764 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:42:39.0223 3764 storvsc - ok
13:42:39.0253 3764 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:42:39.0255 3764 swenum - ok
13:42:39.0309 3764 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:42:39.0335 3764 swprv - ok
13:42:39.0429 3764 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:42:39.0483 3764 SysMain - ok
13:42:39.0539 3764 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:42:39.0555 3764 TabletInputService - ok
13:42:39.0604 3764 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:42:39.0623 3764 TapiSrv - ok
13:42:39.0680 3764 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:42:39.0696 3764 TBS - ok
13:42:39.0833 3764 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:42:39.0871 3764 Tcpip - ok
13:42:39.0904 3764 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:42:39.0917 3764 TCPIP6 - ok
13:42:39.0969 3764 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:42:39.0976 3764 tcpipreg - ok
13:42:40.0023 3764 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:42:40.0026 3764 TDPIPE - ok
13:42:40.0064 3764 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:42:40.0073 3764 TDTCP - ok
13:42:40.0113 3764 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:42:40.0119 3764 tdx - ok
13:42:40.0374 3764 TeamViewer7 (e8fc62b7a07123d6cd28fd82b9c4ccd7) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
13:42:40.0485 3764 TeamViewer7 - ok
13:42:40.0661 3764 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
13:42:40.0668 3764 teamviewervpn - ok
13:42:40.0705 3764 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:42:40.0708 3764 TermDD - ok
13:42:40.0771 3764 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:42:40.0800 3764 TermService - ok
13:42:40.0848 3764 Themes (59cfda4eacb3788f8b17f87b49b0ac0e) C:\Windows\system32\themeservice.dll
13:42:40.0864 3764 Themes - ok
13:42:40.0914 3764 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:42:40.0919 3764 THREADORDER - ok
13:42:40.0957 3764 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:42:40.0971 3764 TrkWks - ok
13:42:41.0039 3764 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:42:41.0049 3764 TrustedInstaller - ok
13:42:41.0108 3764 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:42:41.0116 3764 tssecsrv - ok
13:42:41.0144 3764 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:42:41.0151 3764 TsUsbFlt - ok
13:42:41.0328 3764 TuneUp.UtilitiesSvc (529ef4070a4a1f949ab254e38782b5d4) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
13:42:41.0399 3764 TuneUp.UtilitiesSvc - ok
13:42:41.0431 3764 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
13:42:41.0435 3764 TuneUpUtilitiesDrv - ok
13:42:41.0595 3764 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:42:41.0601 3764 tunnel - ok
13:42:41.0645 3764 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:42:41.0652 3764 uagp35 - ok
13:42:41.0696 3764 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:42:41.0707 3764 udfs - ok
13:42:41.0766 3764 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:42:41.0783 3764 UI0Detect - ok
13:42:41.0828 3764 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:42:41.0835 3764 uliagpkx - ok
13:42:41.0873 3764 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:42:41.0879 3764 umbus - ok
13:42:41.0913 3764 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:42:41.0915 3764 UmPass - ok
13:42:41.0965 3764 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:42:41.0986 3764 UmRdpService - ok
13:42:42.0033 3764 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
13:42:42.0034 3764 UnlockerDriver5 - ok
13:42:42.0091 3764 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:42:42.0115 3764 upnphost - ok
13:42:42.0168 3764 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
13:42:42.0183 3764 upperdev - ok
13:42:42.0225 3764 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:42:42.0240 3764 usbccgp - ok
13:42:42.0284 3764 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:42:42.0297 3764 usbcir - ok
13:42:42.0330 3764 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:42:42.0337 3764 usbehci - ok
13:42:42.0385 3764 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:42:42.0405 3764 usbhub - ok
13:42:42.0444 3764 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:42:42.0447 3764 usbohci - ok
13:42:42.0494 3764 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:42:42.0497 3764 usbprint - ok
13:42:42.0541 3764 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
13:42:42.0548 3764 usbser - ok
13:42:42.0608 3764 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
13:42:42.0611 3764 UsbserFilt - ok
13:42:42.0655 3764 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:42:42.0661 3764 USBSTOR - ok
13:42:42.0696 3764 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:42:42.0698 3764 usbuhci - ok
13:42:42.0741 3764 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
13:42:42.0755 3764 usbvideo - ok
13:42:42.0792 3764 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:42:42.0809 3764 UxSms - ok
13:42:42.0849 3764 UxTuneUp (866ed31801b008cacfb3276f78ab5800) C:\Windows\System32\uxtuneup.dll
13:42:42.0866 3764 UxTuneUp - ok
13:42:42.0905 3764 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:42.0911 3764 VaultSvc - ok
13:42:42.0988 3764 VC10SecS (e5ad81b19e005394035473465d10d13f) C:\Program Files\Virtual CD v10\System\VC10SecS.exe
13:42:43.0000 3764 VC10SecS - ok
13:42:43.0010 3764 Suspicious service (NoAccess): vdrv1000
13:42:43.0057 3764 vdrv1000 (8e747ea561969ee0e267bc7c5b3f17e5) C:\Windows\system32\DRIVERS\vdrv1000.sys
13:42:43.0061 3764 vdrv1000 ( LockedService.Multi.Generic ) - warning
13:42:43.0061 3764 vdrv1000 - detected LockedService.Multi.Generic (1)
13:42:43.0115 3764 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:42:43.0118 3764 vdrvroot - ok
13:42:43.0203 3764 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:42:43.0241 3764 vds - ok
13:42:43.0279 3764 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:42:43.0287 3764 vga - ok
13:42:43.0317 3764 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:42:43.0325 3764 VgaSave - ok
13:42:43.0371 3764 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:42:43.0384 3764 vhdmp - ok
13:42:43.0424 3764 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:42:43.0431 3764 viaagp - ok
13:42:43.0471 3764 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:42:43.0479 3764 ViaC7 - ok
13:42:43.0506 3764 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:42:43.0509 3764 viaide - ok
13:42:43.0549 3764 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:42:43.0560 3764 vmbus - ok
13:42:43.0589 3764 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:42:43.0593 3764 VMBusHID - ok
13:42:43.0625 3764 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:42:43.0626 3764 volmgr - ok
13:42:43.0685 3764 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:42:43.0704 3764 volmgrx - ok
13:42:43.0757 3764 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:42:43.0767 3764 volsnap - ok
13:42:43.0803 3764 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:42:43.0817 3764 vsmraid - ok
13:42:43.0915 3764 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:42:43.0962 3764 VSS - ok
13:42:43.0984 3764 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:42:43.0987 3764 vwifibus - ok
13:42:44.0047 3764 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:42:44.0073 3764 W32Time - ok
13:42:44.0105 3764 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:42:44.0111 3764 WacomPen - ok
13:42:44.0159 3764 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:42:44.0166 3764 WANARP - ok
13:42:44.0194 3764 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:42:44.0197 3764 Wanarpv6 - ok
13:42:44.0301 3764 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:42:44.0343 3764 wbengine - ok
13:42:44.0381 3764 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:42:44.0404 3764 WbioSrvc - ok
13:42:44.0463 3764 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:42:44.0489 3764 wcncsvc - ok
13:42:44.0523 3764 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:42:44.0539 3764 WcsPlugInService - ok
13:42:44.0603 3764 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:42:44.0606 3764 Wd - ok
13:42:44.0658 3764 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:42:44.0681 3764 Wdf01000 - ok
13:42:44.0727 3764 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:42:44.0745 3764 WdiServiceHost - ok
13:42:44.0763 3764 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:42:44.0775 3764 WdiSystemHost - ok
13:42:44.0821 3764 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:42:44.0841 3764 WebClient - ok
13:42:44.0878 3764 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:42:44.0899 3764 Wecsvc - ok
13:42:44.0931 3764 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:42:44.0947 3764 wercplsupport - ok
13:42:44.0977 3764 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:42:44.0993 3764 WerSvc - ok
13:42:45.0027 3764 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:42:45.0029 3764 WfpLwf - ok
13:42:45.0061 3764 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:42:45.0065 3764 WIMMount - ok
13:42:45.0091 3764 WinHttpAutoProxySvc - ok
13:42:45.0163 3764 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:42:45.0185 3764 Winmgmt - ok
13:42:45.0283 3764 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:42:45.0333 3764 WinRM - ok
13:42:45.0439 3764 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:42:45.0447 3764 WinUsb - ok
13:42:45.0534 3764 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:42:45.0578 3764 Wlansvc - ok
13:42:45.0616 3764 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:42:45.0619 3764 WmiAcpi - ok
13:42:45.0700 3764 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:42:45.0713 3764 wmiApSrv - ok
13:42:45.0854 3764 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:42:45.0894 3764 WMPNetworkSvc - ok
13:42:45.0935 3764 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:42:45.0945 3764 WPCSvc - ok
13:42:45.0979 3764 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:42:45.0994 3764 WPDBusEnum - ok
13:42:46.0060 3764 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:42:46.0063 3764 ws2ifsl - ok
13:42:46.0084 3764 WSearch - ok
13:42:46.0246 3764 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:42:46.0318 3764 wuauserv - ok
13:42:46.0490 3764 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:42:46.0498 3764 WudfPf - ok
13:42:46.0535 3764 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:42:46.0546 3764 WUDFRd - ok
13:42:46.0579 3764 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:42:46.0594 3764 wudfsvc - ok
13:42:46.0651 3764 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:42:46.0677 3764 WwanSvc - ok
13:42:46.0745 3764 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
13:42:46.0760 3764 yukonw7 - ok
13:42:46.0816 3764 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:42:47.0065 3764 \Device\Harddisk0\DR0 - ok
13:42:47.0080 3764 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
13:42:47.0125 3764 \Device\Harddisk1\DR1 - ok
13:42:47.0157 3764 Boot (0x1200) (bd0c199d0050147d1085cb874fc5089b) \Device\Harddisk0\DR0\Partition0
13:42:47.0159 3764 \Device\Harddisk0\DR0\Partition0 - ok
13:42:47.0196 3764 Boot (0x1200) (48a8abb42d8ff020e88e7f7102f6ad87) \Device\Harddisk0\DR0\Partition1
13:42:47.0197 3764 \Device\Harddisk0\DR0\Partition1 - ok
13:42:47.0210 3764 Boot (0x1200) (8d32013968366f67c06a445e74ed335f) \Device\Harddisk1\DR1\Partition0
13:42:47.0213 3764 \Device\Harddisk1\DR1\Partition0 - ok
13:42:47.0220 3764 ============================================================
13:42:47.0220 3764 Scan finished
13:42:47.0220 3764 ============================================================
13:42:47.0249 1652 Detected object count: 1
13:42:47.0249 1652 Actual detected object count: 1
13:43:04.0477 1652 vdrv1000 ( LockedService.Multi.Generic ) - skipped by user
13:43:04.0477 1652 vdrv1000 ( LockedService.Multi.Generic ) - User select action: Skip
13:43:12.0964 0200 Deinitialize success
|
|
23.05.2012, 15:55
| #6 | |
| /// Malwareteam | Registrierungsreparatur nach Trojanerbefall Schritt 1: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 2: FSS Downloade dir bitte Farbar's Service Scanner
__________________ --> Registrierungsreparatur nach Trojanerbefall |
|
23.05.2012, 17:24
| #7 |
| | Registrierungsreparatur nach Trojanerbefall vielen lieben dank fuer deine bemuehungen, leider hat "combofix" alles moegliche erstellt, nur kein logfile, ich werde es nochmal versuchen und dann reineditieren, anbei FFS: Code:
ATTFilter Farbar Service Scanner Version: 17-05-2012
Ran by ----- (administrator) on 23-05-2012 at 18:22:16
Running from "E:\Dwnlds"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Combofix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-05-23.05 - ----- 23/05/2012 18:49:26.2.1 - x86
Running from: e:\dwnlds\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-24 02:34 . 2012-05-24 02:34 -------- d-----w- C:\Boot
2012-05-23 17:16 . 2012-05-23 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 16:36 . 2012-05-23 17:17 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-23 16:01 . 2012-05-23 17:17 -------- d-----w- c:\users\-----\AppData\Local\temp
2012-05-23 13:54 . 2012-05-23 13:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12 -------- d-----w- c:\users\-----\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04 -------- d-----w- c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21 -------- d-----w- c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12 -------- d-----w- c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03 -------- d-----w- c:\users\-----\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58 -------- d-----w- c:\users\-----\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58 -------- d-----w- c:\users\-----\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58 -------- d-----w- c:\users\-----\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50 -------- d-sh--w- c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09 -------- d-----w- c:\users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09 -------- d-----w- c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44 -------- d-----w- c:\users\-----\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36 -------- d-----w- c:\users\-----\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35 -------- d-----w- c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35 -------- d-----w- c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47 -------- d-----w- c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32 -------- d-----w- c:\program files\DVD Genie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 13:26 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-05-22 13:26 . 2011-10-29 15:48 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-05-22 13:26 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40 1010720 --s---r- c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-28 01:18 . 2012-04-12 14:42 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:42 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C159B521C73AA1E786DE7CE8DB0FCDF2 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\-----\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-09491728.sys
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2176)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-05-23 19:25:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-23 17:25
.
Pre-Run: 38,529,597,440 bytes free
Post-Run: 38,445,678,592 bytes free
.
- - End Of File - - 50FF07CFB30CA7E70CD9AA7B80DD7E22
FFS: Code:
ATTFilter Farbar Service Scanner Version: 17-05-2012
Ran by ----- (administrator) on 23-05-2012 at 19:28:46
Running from "E:\Dwnlds"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
23.05.2012, 21:01
| #8 |
| /// Malwareteam | Registrierungsreparatur nach Trojanerbefall FRST Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
23.05.2012, 21:46
| #9 |
| | Registrierungsreparatur nach TrojanerbefallCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 23-05-2012 22:33:02
Running from H:\
Windows 7 Enterprise (X86) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKU\-----\...\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2838912 2010-09-07] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
Tcpip\..\Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: [NameServer]208.67.222.222,208.67.220.220
================================ Services (Whitelisted) ==================
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [119200 2010-09-07] (AVAST Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
3 FMDY; C:\Users\-----\AppData\Local\Temp\FMDY.exe [564096 2012-05-23] (Sysinternals - www.sysinternals.com)
4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [238952 2010-07-04] (Teruten)
3 HDDlife HDD Access service; "C:\Program Files\Common Files\BinarySense\hldasvc.exe" [845640 2012-03-05] (BinarySense, Inc.)
3 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
3 PDAgent; "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" [939272 2010-01-26] (Raxco Software, Inc.)
3 PDEngine; "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" [1033480 2010-01-26] (Raxco Software, Inc.)
3 RJA; C:\Users\-----\AppData\Local\Temp\RJA.exe [539520 2012-05-23] (Sysinternals - www.sysinternals.com)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-02-05] (TeamViewer GmbH)
3 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [1483072 2010-10-27] (TuneUp Software)
3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29504 2010-10-27] (TuneUp Software)
3 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2010-02-24] (H+H Software GmbH)
3 ZSJXDG; C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe [568192 2012-05-23] (Sysinternals - www.sysinternals.com)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
========================== Drivers (Whitelisted) =============
3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-09-07] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [99792 2010-09-07] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [50768 2010-09-07] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [190416 2010-09-07] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-09-07] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [340048 2010-09-07] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165584 2010-09-07] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-09-07] (AVAST Software)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [73232 2009-08-20] (Raxco Software, Inc.)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [18432 2008-11-06] (H+H Software GmbH)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-11-01] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-11-01] (Nokia)
3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-11] (Logitech Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-11-11] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2011-11-01] (Nokia)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 aswArKrn; \??\C:\Users\-----\AppData\Local\Temp\aswArKrn.sys [x]
3 catchme; \??\C:\Users\-----\AppData\Local\Temp\catchme.sys [x]
3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [x]
3 LMImirr; C:\Windows\System32\DRIVERS\LMImirr.sys [x]
========================== NetSvcs (Whitelisted) ===========
NETSVC: UxTuneUp
============ One Month Created Files and Folders ==============
2012-05-23 22:32 - 2012-05-23 22:33 - 0000000 ____D C:\FRST
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 09:25 - 2012-05-23 09:25 - 0016574 ____A C:\ComboFix.txt
2012-05-23 09:22 - 2012-05-23 09:22 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-23 08:38 - 2012-05-23 09:33 - 0000000 ____D C:\Qoobox
2012-05-23 08:05 - 2012-05-23 12:29 - 0029975 ____A C:\Windows\WindowsUpdate.log
2012-05-23 07:25 - 2012-05-23 08:05 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:25 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-23 07:25 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-23 07:25 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-23 05:59 - 2012-05-23 09:17 - 0001434 ____A C:\Windows\PFRO.log
2012-05-23 05:59 - 2012-05-23 05:59 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 05:59 - 2012-05-23 05:59 - 0215606 ____A C:\Windows\ntbtlog.txt
2012-05-23 05:54 - 2012-05-23 05:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:53 - 2012-05-23 09:36 - 0000336 ____A C:\Windows\setupact.log
2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 05:50 - 2012-05-23 05:50 - 0109216 ____A C:\Users\-----\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\-----\defogger_reenable
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\-----\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\-----\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Language
2012-05-10 12:37 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 12:37 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 12:37 - 2012-03-30 18:36 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 12:37 - 2012-03-30 02:23 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 12:36 - 2012-03-16 23:27 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 12:36 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\-----\Documents\My Data Sources
2012-05-03 10:50 - 2012-05-03 15:38 - 0002038 ___AH C:\Users\-----\Documents\Default.rdp
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:36 - 2012-02-29 15:59 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 09:06 - 2012-04-28 09:09 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\-----\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\-----\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:41 - 2012-04-28 07:47 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:41 - 2012-04-28 07:47 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:41 - 2012-04-28 07:43 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2001-08-29 11:00 - 0059904 ____A (Microsoft Corporation) C:\Windows\System32\wbemdisp.tlb
2012-04-28 07:41 - 1998-07-21 14:00 - 0102160 ____A (Microsoft Corporation) C:\Windows\System32\VB6KO.DLL
2012-04-28 07:41 - 1998-06-23 14:00 - 0115016 ____A (Microsoft Corporation) C:\Windows\System32\MSINET.OCX
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie
============ 3 Months Modified Files and Folders ===============
2012-05-23 22:33 - 2012-05-23 22:32 - 0000000 ____D C:\FRST
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 12:29 - 2012-05-23 08:05 - 0029975 ____A C:\Windows\WindowsUpdate.log
2012-05-23 12:03 - 2011-10-29 10:11 - 0000107 ____A C:\Windows\System32\_WKERNEL.SYL
2012-05-23 09:36 - 2012-05-23 05:53 - 0000336 ____A C:\Windows\setupact.log
2012-05-23 09:36 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-23 09:33 - 2012-05-23 08:38 - 0000000 ____D C:\Qoobox
2012-05-23 09:25 - 2012-05-23 09:25 - 0016574 ____A C:\ComboFix.txt
2012-05-23 09:25 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-05-23 09:22 - 2012-05-23 09:22 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-23 09:17 - 2012-05-23 05:59 - 0001434 ____A C:\Windows\PFRO.log
2012-05-23 09:17 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-05-23 09:17 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:05 - 2012-05-23 07:25 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:31 - 2011-10-30 12:38 - 0000000 ____D C:\Users\-----\AppData\Roaming\SPlayer
2012-05-23 05:59 - 2012-05-23 05:59 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 05:59 - 2012-05-23 05:59 - 0215606 ____A C:\Windows\ntbtlog.txt
2012-05-23 05:55 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:54 - 2012-02-01 10:19 - 0000000 ____D C:\Users\-----\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 05:50 - 2012-05-23 05:50 - 0109216 ____A C:\Users\-----\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-23 04:58 - 2011-10-29 07:21 - 0000000 ___RD C:\Users\-----\Desktop\Clnr
2012-05-23 03:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\-----\defogger_reenable
2012-05-23 02:20 - 2011-10-29 05:58 - 0000000 ____D C:\users\-----
2012-05-22 12:18 - 2011-12-17 09:16 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skype
2012-05-22 08:11 - 2012-01-14 11:03 - 0000000 ____D C:\Users\-----\AppData\Roaming\Mozilla
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:26 - 2011-10-29 07:48 - 2755072 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-05-22 05:26 - 2009-07-13 15:40 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-05-22 05:26 - 2009-07-13 15:39 - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\-----\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-22 04:12 - 2011-12-06 09:56 - 0013824 ____A C:\Users\-----\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-21 03:12 - 2011-10-29 06:03 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-20 10:27 - 2012-03-23 08:36 - 0000000 ___RD C:\Users\-----\Desktop\Misc
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\-----\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Language
2012-05-14 02:50 - 2011-10-29 10:04 - 0000000 ____D C:\Program Files\IrfanView
2012-05-11 04:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-10 12:44 - 2009-07-13 23:20 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 22:54 - 2012-04-17 08:54 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-09 22:54 - 2011-10-29 10:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-07 04:00 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-05-07 03:30 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-07 00:35 - 2012-01-20 09:08 - 0000000 ____D C:\Users\-----\AppData\Roaming\FileZilla
2012-05-05 06:44 - 2011-10-29 05:58 - 3145728 ____A C:\Users\-----\NTUSER.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 44826624 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 14155776 ____A C:\Windows\System32\config\SYSTEM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0061440 ____A C:\Windows\System32\config\SAM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-05-05 06:40 - 2011-10-29 14:38 - 0035840 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-05-05 05:06 - 2011-12-30 07:40 - 0007605 ____A C:\Users\-----\AppData\Local\Resmon.ResmonCfg
2012-05-05 04:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Resources
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 04:35 - 2012-01-29 11:08 - 0000000 ____D C:\Program Files\Common Files\SYSTEM
2012-05-05 04:35 - 2012-01-29 11:07 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\-----\Documents\My Data Sources
2012-05-03 15:38 - 2012-05-03 10:50 - 0002038 ___AH C:\Users\-----\Documents\Default.rdp
2012-05-03 08:38 - 2011-10-29 09:53 - 0000000 ____D C:\Program Files\SRWare Iron
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-05-01 10:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\SchCache
2012-05-01 09:51 - 2011-10-29 12:31 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:37 - 2011-11-26 15:10 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-30 13:37 - 2011-11-26 15:09 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-30 13:37 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-30 03:45 - 2009-07-13 20:53 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 09:09 - 2012-04-28 09:06 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\-----\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\-----\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:47 - 2012-04-28 07:41 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:47 - 2012-04-28 07:41 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:43 - 2012-04-28 07:41 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2012-04-01 11:28 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2012-04-28 07:41 - 2011-11-11 10:57 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie
2012-04-26 03:57 - 2012-01-13 16:22 - 0000000 ____D C:\Users\-----\AppData\Roaming\Bitcoin
2012-04-25 06:48 - 2011-10-29 07:24 - 0000000 ____D C:\Program Files\CCleaner
2012-04-19 06:32 - 2012-04-19 06:32 - 0000000 ____D C:\Users\-----\AppData\Local\Apps\2.0
2012-04-18 12:52 - 2012-04-18 12:52 - 0708132 ____A C:\Windows\System32\config\aswrc1334782341.rcr
2012-04-18 10:25 - 2012-01-04 15:51 - 0000000 ____D C:\Program Files\WinPcap
2012-04-18 02:23 - 2009-07-13 18:04 - 0002577 ____A C:\Windows\System32\config.nt
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Users\All Users\Alwil Software
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Program Files\Alwil Software
2012-04-14 03:45 - 2012-04-14 03:45 - 0000641 ____A C:\Users\-----\Desktop\Dwnlds.lnk
2012-04-12 07:02 - 2009-07-13 18:03 - 12582912 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-04-11 10:10 - 2012-04-11 10:08 - 0000000 ____D C:\Users\-----\Documents\Command and Conquer Generals Data
2012-04-09 04:40 - 2012-04-09 02:28 - 0000000 ____D C:\Program Files\DVDFab 8 Qt
2012-04-09 04:30 - 2012-04-09 04:30 - 0000000 ____D C:\Users\All Users\vsosdk
2012-04-09 02:33 - 2012-04-09 02:33 - 0000000 ____D C:\Users\All Users\dvdfab
2012-04-09 02:32 - 2012-04-09 02:28 - 0000000 ____D C:\Users\-----\Documents\DVDFab
2012-04-08 08:35 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2012-04-04 10:51 - 2012-04-04 10:51 - 0000000 ____D C:\Users\-----\New folder
2012-04-04 06:20 - 2012-04-04 06:20 - 0000000 ____D C:\Users\-----\AppData\Roaming\MozillaControl
2012-04-04 05:56 - 2011-10-29 12:31 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 06:29 - 2012-04-01 11:40 - 0000000 ____D C:\Users\-----\Documents\Command and Conquer Generals Zero Hour Data
2012-04-02 03:41 - 2012-04-01 11:38 - 0000000 ___RD C:\Users\-----\Desktop\Gms
2012-04-01 11:37 - 2012-04-01 11:31 - 0000977 ____A C:\Windows\eReg.dat
2012-04-01 11:18 - 2012-04-01 11:18 - 0000632 ____A C:\Users\-----\Desktop\Ntwrk.lnk
2012-03-30 20:39 - 2012-05-10 12:37 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 12:37 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 12:37 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:38 - 2012-03-22 07:25 - 0000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-03-30 02:23 - 2012-05-10 12:37 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 08:01 - 2012-03-29 08:01 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-28 10:06 - 2011-10-29 14:02 - 0000000 ____D C:\Users\-----\AppData\Local\IM
2012-03-27 06:32 - 2012-03-27 06:28 - 0000000 ____D C:\Users\-----\AppData\Roaming\WordToPDF
2012-03-27 06:31 - 2012-03-27 06:31 - 0000000 ____D C:\Program Files\gs
2012-03-27 06:28 - 2012-03-27 06:28 - 0000000 ____D C:\Program Files\WordToPDF
2012-03-27 05:21 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Java
2012-03-27 04:58 - 2012-02-06 17:43 - 0000000 ____D C:\Windows\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0224136 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Users\All Users\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Common Files\Java
2012-03-27 04:54 - 2012-02-06 06:09 - 0637848 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-03-27 04:54 - 2012-02-06 06:09 - 0567696 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-24 03:40 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.EXE
2012-03-24 03:16 - 2012-03-24 03:16 - 0000000 ____D C:\Windows\PixArt
2012-03-24 03:16 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-03-24 02:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\system
2012-03-22 12:03 - 2011-10-30 08:56 - 0000000 ____D C:\Program Files\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----d\Documents\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----\Documents\My NPS Files
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----\AppData\Roaming\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\All Users\Samsung
2012-03-22 12:01 - 2012-03-22 12:01 - 0000000 ____D C:\Program Files\MarkAny
2012-03-22 11:23 - 2012-03-22 11:23 - 0000000 ____D C:\Users\-----\AppData\Local\Downloaded Installations
2012-03-22 10:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-03-22 07:53 - 2012-03-22 07:53 - 0000000 ____D C:\Users\-----\Documents\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:44 - 0000000 ____D C:\Users\-----\AppData\Roaming\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Roaming\Nokia
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Roaming\PC Suite
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Local\NokiaAccount
2012-03-22 07:32 - 2012-03-22 07:29 - 0000000 ____D C:\Users\All Users\PC Suite
2012-03-22 07:29 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Local\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Users\All Users\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Program Files\Common Files\Nokia
2012-03-22 07:28 - 2012-03-22 07:25 - 0000000 ____D C:\Program Files\Nokia
2012-03-22 07:26 - 2012-03-22 07:26 - 0000000 ____D C:\Program Files\PC Connectivity Solution
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\-----\Documents\Bluetooth Exchange Folder
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\-----\Bluetooth Software
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-MX
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-AR
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Program Files\WIDCOMM
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-18 12:11 - 2012-03-18 12:11 - 0000000 ____D C:\Program Files\PantsOff
2012-03-17 03:14 - 2012-03-17 03:14 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-03-17 02:13 - 2011-10-29 14:02 - 0000000 ____D C:\Users\All Users\IM
2012-03-16 23:27 - 2012-05-10 12:36 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-11 02:49 - 2012-03-07 11:44 - 0000000 ____D C:\Users\-----\AppData\Roaming\Notepad++
2012-03-07 13:10 - 2012-02-28 11:30 - 0000000 ____D C:\Users\-----\AppData\Roaming\TeamViewer
2012-03-07 12:40 - 2012-03-07 12:40 - 1010720 ___RS (Microsoft Corporation) C:\Windows\System32\MSCHRT20.OCX
2012-03-07 12:40 - 2012-03-07 12:40 - 0000000 ____D C:\Program Files\Technitium
2012-03-07 11:04 - 2012-03-07 11:04 - 0002252 ____R C:\Windows\RouterControl_Uninstall.in
2012-03-04 15:33 - 2012-03-04 15:33 - 1123304 ____A C:\Windows\System32\config\aswrc1330904033.rcr
2012-03-02 21:31 - 2012-05-10 12:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-29 21:46 - 2012-04-12 06:39 - 0019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:37 - 2012-04-12 06:39 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:33 - 2012-04-12 06:39 - 0159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 06:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 5892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2301248 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 10819392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 15:59 - 2011-11-26 15:10 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 0008772 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 15:59 - 2009-06-10 13:19 - 15009600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-02-29 12:56 - 2011-11-26 15:10 - 3881792 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 12:55 - 2011-11-26 15:10 - 2719040 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:53 - 2011-11-26 15:10 - 0108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-28 11:28 - 2012-02-28 11:28 - 0000000 ____D C:\Program Files\TeamViewer
2012-02-27 23:40 - 2012-02-27 23:40 - 0000000 ____D C:\Program Files\Notepad++
2012-02-27 17:52 - 2012-04-12 06:42 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-04-12 06:42 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-04-12 06:42 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-04-12 06:42 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-04-12 06:42 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 06:42 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-04-12 06:42 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-04-12 06:42 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 06:42 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-04-12 06:42 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-04-12 06:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 06:42 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 06:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe
[2011-10-29 06:48] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) C159B521C73AA1E786DE7CE8DB0FCDF2
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 17%
Total physical RAM: 2559.56 MB
Available physical RAM: 2122.49 MB
Total Pagefile: 2555.77 MB
Available Pagefile: 2128.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.56 MB
======================= Partitions =========================
1 Drive c: (Main) (Fixed) (Total:55.91 GB) (Free:35.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:37.26 GB) (Free:14.66 GB) NTFS
3 Drive e: (Dwnlds) (Fixed) (Total:55.9 GB) (Free:39.87 GB) NTFS
4 Drive f: (GRMCULFRER_EN_DVD) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF
6 Drive h: (AVAST) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 9 MB
Disk 1 Online 37 GB 9 MB
Disk 2 Online 3839 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 55 GB 31 KB
Partition 0 Extended 55 GB 55 GB
Partition 2 Logical 55 GB 55 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Main NTFS Partition 55 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Dwnlds NTFS Partition 55 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 37 GB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Data NTFS Partition 37 GB Healthy
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3839 MB 0 B
======================================================================================================
Disk: 2
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
======================================================================================================
==========================================================
Last Boot: 2012-05-19 00:24
======================= End Of Log ==========================
|
|
24.05.2012, 08:29
| #10 | |
| /// Malwareteam | Registrierungsreparatur nach Trojanerbefall Schritt 1: Fix mit FRST Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 3 FMDY; C:\Users\-----\AppData\Local\Temp\FMDY.exe [564096 2012-05-23] (Sysinternals - www.sysinternals.com)
3 RJA; C:\Users\-----\AppData\Local\Temp\RJA.exe [539520 2012-05-23] (Sysinternals - www.sysinternals.com)
3 ZSJXDG; C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe [568192 2012-05-23] (Sysinternals - www.sysinternals.com)
C:\Users\-----\AppData\Local\Temp\FMDY.exe
C:\Users\-----\AppData\Local\Temp\RJA.exe
C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe
Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.05.2012, 10:55
| #11 |
| | Registrierungsreparatur nach Trojanerbefall Frst: (benutzer vorher reineditiert) Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 2012-05-24 10:50:41 Run:2
Running from H:\
==============================================
FMDY service not found.
RJA service not found.
ZSJXDG service not found.
C:\Users\---\AppData\Local\Temp\FMDY.exe not found.
C:\Users\---\AppData\Local\Temp\RJA.exe not found.
C:\Users\---\AppData\Local\Temp\ZSJXDG.exe not found.
==== End of Fixlog ====
Combofix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-05-23.06 - --- 24/05/2012 11:07:21.3.1 - x86
Running from: e:\dwnlds\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 09:34 . 2012-05-24 09:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 08:53 . 2012-05-24 08:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-24 06:32 . 2012-05-24 06:34 -------- d-----w- C:\FRST
2012-05-24 02:34 . 2012-05-24 02:34 -------- d-----w- C:\Boot
2012-05-23 20:48 . 2012-05-24 09:34 -------- d-----w- c:\users\---\AppData\Local\Temp
2012-05-23 13:54 . 2012-05-23 13:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12 -------- d-----w- c:\users\---\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04 -------- d-----w- c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21 -------- d-----w- c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12 -------- d-----w- c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03 -------- d-----w- c:\users\---\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58 -------- d-----w- c:\users\---\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58 -------- d-----w- c:\users\---\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58 -------- d-----w- c:\users\---\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50 -------- d-sh--w- c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09 -------- d-----w- c:\users\---\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09 -------- d-----w- c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44 -------- d-----w- c:\users\---\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36 -------- d-----w- c:\users\---\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35 -------- d-----w- c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35 -------- d-----w- c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47 -------- d-----w- c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32 -------- d-----w- c:\program files\DVD Genie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 13:26 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-05-22 13:26 . 2011-10-29 15:48 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-05-22 13:26 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40 1010720 --s---r- c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-28 01:18 . 2012-04-12 14:42 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:42 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C159B521C73AA1E786DE7CE8DB0FCDF2 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2010-09-07 2838912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\---\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-24 11:40:16
ComboFix-quarantined-files.txt 2012-05-24 09:40
.
Pre-Run: 38,439,657,472 bytes free
Post-Run: 38,372,478,976 bytes free
.
- - End Of File - - 90DB237722C117C74BE62CCCB856109D
vieleicht sollte ich erwaehnen, das ich nach dem kaspersky tdss-killer amateurhafterweise noch das avast antiroot (aswar) hab laufen lassen, es wurden 7 eintraege gefunden und gefixed, log hab ich nicht, die namen hatten aber alle so avast aehnliche nahmen. der desktop laesst sich auch wieder so einstellen wie gewuenscht, die explorer ansicht kann ich nach dem einsatz von glary registry repair wieder speichern. ich nutze auch uniblue speed up my pc, das tool startet aber selbst nach einer Neuinstallation nicht mehr, es wird also die registry verpfuscht sein. |
|
24.05.2012, 10:59
| #12 |
| /// Malwareteam | Registrierungsreparatur nach Trojanerbefall Warum tust du Dinge, ohne sie mir zu erzählen, obwohl ich ausdrücklich davon abgeraten hatte? Du hast aswMBR ausgeführt und auf Fix geklickt? Sportlich, denn damit kannst du das System ggf. unbootbar machen! Das Tool hat eine logdatei erstellt, bitte poste die hier. Erstelle außerdem ein neues FRST-Log, das brauche ich ebenfalls!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.05.2012, 11:00
| #13 |
| | Registrierungsreparatur nach Trojanerbefall nicht aswMBR sondern aswar.exe www . avast . de/produkte/freeware/avast-antirootkit-tool . html das logfile von dem avast tool ist nicht mehr da, das wichtigste log, ja war amateurhaft. frst: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 24-05-2012 12:10:45
Running from H:\
Windows 7 Enterprise (X86) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKU\---\...\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2838912 2010-09-07] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
Tcpip\..\Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: [NameServer]208.67.222.222,208.67.220.220
================================ Services (Whitelisted) ==================
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [119200 2010-09-07] (AVAST Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [238952 2010-07-04] (Teruten)
3 HDDlife HDD Access service; "C:\Program Files\Common Files\BinarySense\hldasvc.exe" [845640 2012-03-05] (BinarySense, Inc.)
3 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
3 PDAgent; "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" [939272 2010-01-26] (Raxco Software, Inc.)
3 PDEngine; "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" [1033480 2010-01-26] (Raxco Software, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-02-05] (TeamViewer GmbH)
3 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [1483072 2010-10-27] (TuneUp Software)
3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29504 2010-10-27] (TuneUp Software)
3 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2010-02-24] (H+H Software GmbH)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
========================== Drivers (Whitelisted) =============
3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-09-07] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [99792 2010-09-07] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [50768 2010-09-07] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [190416 2010-09-07] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-09-07] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [340048 2010-09-07] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165584 2010-09-07] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-09-07] (AVAST Software)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [73232 2009-08-20] (Raxco Software, Inc.)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [18432 2008-11-06] (H+H Software GmbH)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-11-01] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-11-01] (Nokia)
3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-11] (Logitech Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-11-11] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2011-11-01] (Nokia)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 aswArKrn; \??\C:\Users\---\AppData\Local\Temp\aswArKrn.sys [x]
3 catchme; \??\C:\Users\---\AppData\Local\Temp\catchme.sys [x]
3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [x]
3 LMImirr; C:\Windows\System32\DRIVERS\LMImirr.sys [x]
========================== NetSvcs (Whitelisted) ===========
NETSVC: UxTuneUp
============ One Month Created Files and Folders ==============
2012-05-24 01:40 - 2012-05-24 01:44 - 0014661 ____A C:\ComboFix.txt
2012-05-24 01:37 - 2012-05-24 01:37 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-24 00:57 - 2012-05-24 01:40 - 0000000 ____D C:\ComboFix
2012-05-23 22:32 - 2012-05-24 12:11 - 0000000 ____D C:\FRST
2012-05-23 21:48 - 2012-05-24 01:42 - 0000894 ____A C:\Windows\PFRO.log
2012-05-23 21:48 - 2012-05-24 01:42 - 0000280 ____A C:\Windows\setupact.log
2012-05-23 21:48 - 2012-05-23 21:49 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 21:48 - 2012-05-23 21:48 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 08:38 - 2012-05-24 01:40 - 0000000 ____D C:\Qoobox
2012-05-23 08:05 - 2012-05-24 02:07 - 0101988 ____A C:\Windows\WindowsUpdate.log
2012-05-23 07:25 - 2012-05-23 08:05 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:25 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-23 07:25 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-23 07:25 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-23 05:54 - 2012-05-23 05:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\---\defogger_reenable
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\---\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\---\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Language
2012-05-10 12:37 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 12:37 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 12:37 - 2012-03-30 18:36 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 12:37 - 2012-03-30 02:23 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 12:36 - 2012-03-16 23:27 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 12:36 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\---\Documents\My Data Sources
2012-05-03 10:50 - 2012-05-03 15:38 - 0002038 ___AH C:\Users\---\Documents\Default.rdp
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:36 - 2012-02-29 15:59 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\---\AppData\Roaming\HD Tune Pro
2012-04-28 09:06 - 2012-04-28 09:09 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\---\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\---\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:41 - 2012-04-28 07:47 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:41 - 2012-04-28 07:47 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:41 - 2012-04-28 07:43 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2001-08-29 11:00 - 0059904 ____A (Microsoft Corporation) C:\Windows\System32\wbemdisp.tlb
2012-04-28 07:41 - 1998-07-21 14:00 - 0102160 ____A (Microsoft Corporation) C:\Windows\System32\VB6KO.DLL
2012-04-28 07:41 - 1998-06-23 14:00 - 0115016 ____A (Microsoft Corporation) C:\Windows\System32\MSINET.OCX
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie
============ 3 Months Modified Files and Folders ===============
2012-05-24 12:11 - 2012-05-23 22:32 - 0000000 ____D C:\FRST
2012-05-24 12:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-24 02:07 - 2012-05-23 08:05 - 0101988 ____A C:\Windows\WindowsUpdate.log
2012-05-24 01:44 - 2012-05-24 01:40 - 0014661 ____A C:\ComboFix.txt
2012-05-24 01:42 - 2012-05-23 21:48 - 0000894 ____A C:\Windows\PFRO.log
2012-05-24 01:42 - 2012-05-23 21:48 - 0000280 ____A C:\Windows\setupact.log
2012-05-24 01:42 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-24 01:40 - 2012-05-24 00:57 - 0000000 ____D C:\ComboFix
2012-05-24 01:40 - 2012-05-23 08:38 - 0000000 ____D C:\Qoobox
2012-05-24 01:37 - 2012-05-24 01:37 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-24 01:34 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-05-23 21:49 - 2012-05-23 21:48 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 21:48 - 2012-05-23 21:48 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 14:13 - 2011-10-30 12:38 - 0000000 ____D C:\Users\---\AppData\Roaming\SPlayer
2012-05-23 12:03 - 2011-10-29 10:11 - 0000107 ____A C:\Windows\System32\_WKERNEL.SYL
2012-05-23 09:25 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-05-23 09:17 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:05 - 2012-05-23 07:25 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 05:55 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:54 - 2012-02-01 10:19 - 0000000 ____D C:\Users\---\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 04:58 - 2011-10-29 07:21 - 0000000 ___RD C:\Users\---\Desktop\Clnr
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\---\defogger_reenable
2012-05-23 02:20 - 2011-10-29 05:58 - 0000000 ____D C:\users\---
2012-05-22 12:18 - 2011-12-17 09:16 - 0000000 ____D C:\Users\---\AppData\Roaming\Skype
2012-05-22 08:11 - 2012-01-14 11:03 - 0000000 ____D C:\Users\---\AppData\Roaming\Mozilla
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:26 - 2011-10-29 07:48 - 2755072 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-05-22 05:26 - 2009-07-13 15:40 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-05-22 05:26 - 2009-07-13 15:39 - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\---\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-22 04:12 - 2011-12-06 09:56 - 0013824 ____A C:\Users\---\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-21 03:12 - 2011-10-29 06:03 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-20 10:27 - 2012-03-23 08:36 - 0000000 ___RD C:\Users\---\Desktop\Misc
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\---\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Language
2012-05-14 02:50 - 2011-10-29 10:04 - 0000000 ____D C:\Program Files\IrfanView
2012-05-11 04:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-10 12:44 - 2009-07-13 23:20 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 22:54 - 2012-04-17 08:54 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-09 22:54 - 2011-10-29 10:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-07 04:00 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-05-07 03:30 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-07 00:35 - 2012-01-20 09:08 - 0000000 ____D C:\Users\---\AppData\Roaming\FileZilla
2012-05-05 06:44 - 2011-10-29 05:58 - 3145728 ____A C:\Users\---\NTUSER.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 44826624 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 14155776 ____A C:\Windows\System32\config\SYSTEM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0061440 ____A C:\Windows\System32\config\SAM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-05-05 06:40 - 2011-10-29 14:38 - 0035840 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-05-05 05:06 - 2011-12-30 07:40 - 0007605 ____A C:\Users\---\AppData\Local\Resmon.ResmonCfg
2012-05-05 04:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Resources
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 04:35 - 2012-01-29 11:08 - 0000000 ____D C:\Program Files\Common Files\SYSTEM
2012-05-05 04:35 - 2012-01-29 11:07 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\---\Documents\My Data Sources
2012-05-03 15:38 - 2012-05-03 10:50 - 0002038 ___AH C:\Users\---\Documents\Default.rdp
2012-05-03 08:38 - 2011-10-29 09:53 - 0000000 ____D C:\Program Files\SRWare Iron
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-05-01 10:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\SchCache
2012-05-01 09:51 - 2011-10-29 12:31 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:37 - 2011-11-26 15:10 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-30 13:37 - 2011-11-26 15:09 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-30 13:37 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-30 03:45 - 2009-07-13 20:53 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\---\AppData\Roaming\HD Tune Pro
2012-04-28 09:09 - 2012-04-28 09:06 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\---\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\---\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:47 - 2012-04-28 07:41 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:47 - 2012-04-28 07:41 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:43 - 2012-04-28 07:41 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2012-04-01 11:28 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2012-04-28 07:41 - 2011-11-11 10:57 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie
2012-04-26 03:57 - 2012-01-13 16:22 - 0000000 ____D C:\Users\---\AppData\Roaming\Bitcoin
2012-04-25 06:48 - 2011-10-29 07:24 - 0000000 ____D C:\Program Files\CCleaner
2012-04-19 06:32 - 2012-04-19 06:32 - 0000000 ____D C:\Users\---\AppData\Local\Apps\2.0
2012-04-18 12:52 - 2012-04-18 12:52 - 0708132 ____A C:\Windows\System32\config\aswrc1334782341.rcr
2012-04-18 10:25 - 2012-01-04 15:51 - 0000000 ____D C:\Program Files\WinPcap
2012-04-18 02:23 - 2009-07-13 18:04 - 0002577 ____A C:\Windows\System32\config.nt
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Users\All Users\Alwil Software
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Program Files\Alwil Software
2012-04-14 03:45 - 2012-04-14 03:45 - 0000641 ____A C:\Users\---\Desktop\Dwnlds.lnk
2012-04-12 07:02 - 2009-07-13 18:03 - 12582912 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-04-11 10:10 - 2012-04-11 10:08 - 0000000 ____D C:\Users\---\Documents\Command and Conquer Generals Data
2012-04-09 04:40 - 2012-04-09 02:28 - 0000000 ____D C:\Program Files\DVDFab 8 Qt
2012-04-09 04:30 - 2012-04-09 04:30 - 0000000 ____D C:\Users\All Users\vsosdk
2012-04-09 02:33 - 2012-04-09 02:33 - 0000000 ____D C:\Users\All Users\dvdfab
2012-04-09 02:32 - 2012-04-09 02:28 - 0000000 ____D C:\Users\---\Documents\DVDFab
2012-04-08 08:35 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2012-04-04 10:51 - 2012-04-04 10:51 - 0000000 ____D C:\Users\---\New folder
2012-04-04 06:20 - 2012-04-04 06:20 - 0000000 ____D C:\Users\---\AppData\Roaming\MozillaControl
2012-04-04 05:56 - 2011-10-29 12:31 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 06:29 - 2012-04-01 11:40 - 0000000 ____D C:\Users\---\Documents\Command and Conquer Generals Zero Hour Data
2012-04-02 03:41 - 2012-04-01 11:38 - 0000000 ___RD C:\Users\---\Desktop\Gms
2012-04-01 11:37 - 2012-04-01 11:31 - 0000977 ____A C:\Windows\eReg.dat
2012-04-01 11:18 - 2012-04-01 11:18 - 0000632 ____A C:\Users\---\Desktop\Ntwrk.lnk
2012-03-30 20:39 - 2012-05-10 12:37 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 12:37 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 12:37 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:38 - 2012-03-22 07:25 - 0000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-03-30 02:23 - 2012-05-10 12:37 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 08:01 - 2012-03-29 08:01 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-28 10:06 - 2011-10-29 14:02 - 0000000 ____D C:\Users\---\AppData\Local\IM
2012-03-27 06:32 - 2012-03-27 06:28 - 0000000 ____D C:\Users\---\AppData\Roaming\WordToPDF
2012-03-27 06:31 - 2012-03-27 06:31 - 0000000 ____D C:\Program Files\gs
2012-03-27 06:28 - 2012-03-27 06:28 - 0000000 ____D C:\Program Files\WordToPDF
2012-03-27 05:21 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Java
2012-03-27 04:58 - 2012-02-06 17:43 - 0000000 ____D C:\Windows\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0224136 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Users\All Users\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Common Files\Java
2012-03-27 04:54 - 2012-02-06 06:09 - 0637848 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-03-27 04:54 - 2012-02-06 06:09 - 0567696 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-24 03:40 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.EXE
2012-03-24 03:16 - 2012-03-24 03:16 - 0000000 ____D C:\Windows\PixArt
2012-03-24 03:16 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-03-24 02:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\system
2012-03-22 12:03 - 2011-10-30 08:56 - 0000000 ____D C:\Program Files\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\Documents\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\Documents\My NPS Files
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\AppData\Roaming\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\All Users\Samsung
2012-03-22 12:01 - 2012-03-22 12:01 - 0000000 ____D C:\Program Files\MarkAny
2012-03-22 11:23 - 2012-03-22 11:23 - 0000000 ____D C:\Users\---\AppData\Local\Downloaded Installations
2012-03-22 10:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-03-22 07:53 - 2012-03-22 07:53 - 0000000 ____D C:\Users\---\Documents\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:44 - 0000000 ____D C:\Users\---\AppData\Roaming\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Roaming\Nokia
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Roaming\PC Suite
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Local\NokiaAccount
2012-03-22 07:32 - 2012-03-22 07:29 - 0000000 ____D C:\Users\All Users\PC Suite
2012-03-22 07:29 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Local\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Users\All Users\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Program Files\Common Files\Nokia
2012-03-22 07:28 - 2012-03-22 07:25 - 0000000 ____D C:\Program Files\Nokia
2012-03-22 07:26 - 2012-03-22 07:26 - 0000000 ____D C:\Program Files\PC Connectivity Solution
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\---\Documents\Bluetooth Exchange Folder
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\---\Bluetooth Software
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-MX
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-AR
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Program Files\WIDCOMM
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-18 12:11 - 2012-03-18 12:11 - 0000000 ____D C:\Program Files\PantsOff
2012-03-17 03:14 - 2012-03-17 03:14 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-03-17 02:13 - 2011-10-29 14:02 - 0000000 ____D C:\Users\All Users\IM
2012-03-16 23:27 - 2012-05-10 12:36 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-11 02:49 - 2012-03-07 11:44 - 0000000 ____D C:\Users\---\AppData\Roaming\Notepad++
2012-03-07 13:10 - 2012-02-28 11:30 - 0000000 ____D C:\Users\---\AppData\Roaming\TeamViewer
2012-03-07 12:40 - 2012-03-07 12:40 - 1010720 ___RS (Microsoft Corporation) C:\Windows\System32\MSCHRT20.OCX
2012-03-07 12:40 - 2012-03-07 12:40 - 0000000 ____D C:\Program Files\Technitium
2012-03-07 11:04 - 2012-03-07 11:04 - 0002252 ____R C:\Windows\RouterControl_Uninstall.in
2012-03-04 15:33 - 2012-03-04 15:33 - 1123304 ____A C:\Windows\System32\config\aswrc1330904033.rcr
2012-03-02 21:31 - 2012-05-10 12:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-29 21:46 - 2012-04-12 06:39 - 0019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:37 - 2012-04-12 06:39 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:33 - 2012-04-12 06:39 - 0159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 06:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 5892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2301248 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 10819392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 15:59 - 2011-11-26 15:10 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 0008772 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 15:59 - 2009-06-10 13:19 - 15009600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-02-29 12:56 - 2011-11-26 15:10 - 3881792 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 12:55 - 2011-11-26 15:10 - 2719040 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:53 - 2011-11-26 15:10 - 0108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-28 11:28 - 2012-02-28 11:28 - 0000000 ____D C:\Program Files\TeamViewer
2012-02-27 23:40 - 2012-02-27 23:40 - 0000000 ____D C:\Program Files\Notepad++
2012-02-27 17:52 - 2012-04-12 06:42 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-04-12 06:42 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-04-12 06:42 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-04-12 06:42 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-04-12 06:42 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 06:42 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-04-12 06:42 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-04-12 06:42 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 06:42 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-04-12 06:42 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-04-12 06:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 06:42 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 06:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe
[2011-10-29 06:48] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) C159B521C73AA1E786DE7CE8DB0FCDF2
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 17%
Total physical RAM: 2559.56 MB
Available physical RAM: 2120.11 MB
Total Pagefile: 2555.77 MB
Available Pagefile: 2125.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.48 MB
======================= Partitions =========================
1 Drive c: (Main) (Fixed) (Total:55.91 GB) (Free:35.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:37.26 GB) (Free:14.66 GB) NTFS
3 Drive e: (Dwnlds) (Fixed) (Total:55.9 GB) (Free:39.88 GB) NTFS
4 Drive f: (GRMCULFRER_EN_DVD) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF
6 Drive h: (AVAST) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 9 MB
Disk 1 Online 37 GB 9 MB
Disk 2 Online 3839 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 55 GB 31 KB
Partition 0 Extended 55 GB 55 GB
Partition 2 Logical 55 GB 55 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Main NTFS Partition 55 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Dwnlds NTFS Partition 55 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 37 GB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Data NTFS Partition 37 GB Healthy
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3839 MB 0 B
======================================================================================================
Disk: 2
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
======================================================================================================
==========================================================
Last Boot: 2012-05-19 00:24
======================= End Of Log ==========================
aswer: Code:
ATTFilter
avast! Antirootkit, version 0.9.6
Scan started: 24 May 2012 12:23:41
File C:\Qoobox\BackEnv\AppData.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Cache.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Cookies.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Desktop.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Favorites.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\History.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\LocalAppData.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\LocalSettings.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Music.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\NetHood.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Personal.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Pictures.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\PrintHood.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Profiles.Folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Profiles.Folder.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Programs.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\Recent.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\SendTo.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\SetPath.bat **HIDDEN**
File C:\Qoobox\BackEnv\StartMenu.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\StartUp.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\SysPath.dat **HIDDEN**
File C:\Qoobox\BackEnv\Templates.folder.dat **HIDDEN**
File C:\Qoobox\BackEnv\VikPev00 **HIDDEN**
Scan finished: 24 May 2012 12:30:11
Hidden files found: 24
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0
----------
Geändert von ThimoS. (24.05.2012 um 11:53 Uhr) |
|
24.05.2012, 13:35
| #14 |
| /// Malwareteam | Registrierungsreparatur nach Trojanerbefall Hm...ich muss da mal Rücksprache halten, da scheint mehr im Argen zu liegen. standby!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.05.2012, 15:13
| #15 |
| | Registrierungsreparatur nach Trojanerbefall vielen lieben dank fuer deine bemuehungen, das system laeuft eigentlich einwandfrei, diese "C:\Qoobox" eintraege kommen von dem combofix tool. das avast antiroot tool hatte 7 eintraege gefunden, die namen waren alle so avastaehnliche "avas5" irgendwie so, weis es nicht mehr. wie ich auch scanne, egal mit avast bart, malwarebytes, oder SUPERAntiSpyware im abgesicherten modus, bei deaktivierter auslagerungsdatei, es wird nichts gefunden. das einzigste problem was jetzt noch ist, ich kann uniblue speed up my pc nicht mehr starten, auch nicht nach neuinstallation, es tut sich erst was, danach brichts ab ohne fehlermeldung. ich vermute eine verpfuschte registry. |
|
| Themen zu Registrierungsreparatur nach Trojanerbefall |
| 00000008.@, ansicht, appdata, aufrufe, aufrufen, avast, code, einstellung, embedded, explorer, folge, folgende, frage, fragen, gespeichert, interne, internet, manuell, neustart, platte, problem, registry, roaming, schädlinge, speichern, standard, windos7, windows, ändern |
