Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Registrierungsreparatur nach Trojanerbefall

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.05.2012, 12:25   #1
ThimoS.
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



hy,

hatte folgende schädlinge auf der windos7 platte:

Code:
ATTFilter
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\U\00000008.@\[Embedded_R#00310]\[UPX]	
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\n	
C:\Windows\assembly\GAC\Desktop.ini	
C:\Users\-----\AppData\Roaming\3.EXE	
C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe	
C:\Windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_99931ad927972550\AppLaunch.exe
         
per avast bart cd entfernt
im internet find ich nix jedenfalls nix hilfreiches.
das problem ist nun, das nach jedem neustart die desktopsymbole groß sind und deren position nicht gespeichert werden, auch kann man im explorer die sichteinstellung "details" nicht speichern, nach jedem aufrufen von explorer ist die ansicht auf standard (tiles)

nun wollt ich fragen ob hier jemnad weiß, was diese genannten schaedlinge in der registry ändern, um das manuell zu beheben.
vielen dank

thimo

Alt 23.05.2012, 09:10   #2
Psychotic
/// Malwareteam
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



Zitat:
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\U\00000008.@\[Embedded_R#00310]\[UPX]
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\n
C:\Windows\assembly\GAC\Desktop.ini
Du hast das ZeroAccess-Rootkit auf der Maschine!
Dieser Schädling lässt sich nicht einfach durch eine RescueCD ausheblen!

Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?
__________________

__________________

Alt 23.05.2012, 13:01   #3
ThimoS.
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



vielen lieben dank fue deine reaktion, anbei die logs:


Attach:

[code]
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:
Code:
ATTFilter
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
'Full Speed' Internet Booster + Performance Tests
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
avast! Internet Security
Bitcoin
CCleaner
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
CoreAVC Professional Edition (remove only)
CrystalDiskInfo 4.1.3
DVDFab 8.1.7.5 (07/04/2012) Qt
FileASSASSIN
FileServe Manager 1.0.0.3394
FileZilla Client 3.5.3
GPL Ghostscript
Haali Media Splitter
HD Tune Pro 5.00
HDDlife Pro 4.0
IncrediMail
IncrediMail 2.0
IncrediMail Password Recovery
Internet Cyclone 1.92
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 3
K-Lite Mega Codec Pack 7.8.0
LG Tool Kit
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC100_CRT_SP1_x86
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mytoolsoft Watermark Software 2.7.6
Nokia Connectivity Cable Driver
Nokia Ovi Suite Software Updater
Nokia Suite
Notepad++
NTREGOPT 1.1j
NVIDIA Graphics Driver 296.10
NVIDIA Install Application
OviMPlatform
PantsOff 2.0
PC Connectivity Solution
PDF-XChange Viewer
PerfectDisk 10 Professional
PhotoME
PowerISO
QuickTime
Realtek AC'97 Audio
Registry Repair 4.1.0.388
RouterControl 2.0
Samsung New PC Studio
Samsung SF-360_CF-360 Series
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
SRWare Iron version SRWare Iron 18.0.1050.0
System Requirements Lab
TeamViewer 7
Technitium MAC Address Changer v6.0
Tinypic 3.18
TUGZip 3.5
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Uniblue SpeedUpMyPC
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual CD v10
WIDCOMM Bluetooth Software 6.0.1.6300
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
WinPcap 4.1.2
WinUtilities 10.38 Professional Edition
WordToPDF 2.7
.
==== End Of File ===========================
         
DDS:

Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by ----- at 12:53:48 on 2012-05-23
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uWindow Title = >>> 'Full Speed' Enabled <<<
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Download with FileServe Manager - c:\program files\fileserve manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129} : NameServer = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-22 13:12:56	--------	d-----w-	c:\users\-----\appdata\roaming\GlarySoft
2012-05-22 13:04:46	--------	d-----w-	c:\program files\Uniblue
2012-05-22 12:21:31	--------	d-----w-	c:\program files\Glarysoft
2012-05-21 10:12:57	--------	d-----w-	c:\program files\Passcape
2012-05-18 11:58:38	--------	d-----w-	c:\users\-----\appdata\roaming\Profiles
2012-05-18 11:58:37	--------	d-----w-	c:\users\-----\appdata\roaming\Skins
2012-05-18 11:58:37	--------	d-----w-	c:\users\-----\appdata\roaming\Settings
2012-05-18 11:58:37	--------	d-----w-	c:\users\-----\appdata\roaming\Language
2012-05-10 20:37:24	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37:21	936960	----a-w-	c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 20:37:20	989184	----a-w-	c:\program files\windows journal\JNTFiltr.dll
2012-05-10 20:37:20	969216	----a-w-	c:\program files\windows journal\JNWDRV.dll
2012-05-10 20:37:20	1221632	----a-w-	c:\program files\windows journal\NBDoc.DLL
2012-05-10 20:37:04	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37:04	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37:03	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-05-10 20:36:02	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36:00	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-05-05 12:35:11	--------	d-----w-	c:\program files\common files\SpeechEngines
2012-05-02 18:50:37	--------	d-sh--w-	c:\programdata\MPK
2012-05-02 18:50:37	--------	d-sh--w-	c:\program files\KGB
2012-04-30 21:37:12	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-04-30 21:36:48	881984	----a-w-	c:\windows\system32\nvgenco32.dll
2012-04-30 21:36:48	19444544	----a-w-	c:\windows\system32\nvoglv32.dll
2012-04-30 21:36:48	1000256	----a-w-	c:\windows\system32\nvdispco32.dll
2012-04-28 17:09:20	--------	d-----w-	c:\users\-----\appdata\roaming\HD Tune Pro
2012-04-28 17:06:19	--------	d-----w-	c:\program files\HDTune
2012-04-28 16:44:43	--------	d-----w-	c:\users\-----\appdata\local\Western Digital
2012-04-28 16:36:57	--------	d-----w-	c:\users\-----\appdata\roaming\BinarySense
2012-04-28 16:35:48	--------	d-----w-	c:\program files\HdLife
2012-04-28 16:35:48	--------	d-----w-	c:\program files\common files\BinarySense
2012-04-28 15:41:51	59904	----a-w-	c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41:51	102160	----a-w-	c:\windows\system32\VB6KO.DLL
2012-04-28 15:41:50	16384	----a-w-	c:\windows\system32\lgfwunis.exe
2012-04-28 15:41:50	115016	----a-w-	c:\windows\system32\MSINET.OCX
2012-04-28 15:41:50	--------	d-----w-	c:\program files\lg_fwupdate
2012-04-28 15:41:41	77824	----a-w-	c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-04-28 15:41:41	32768	------w-	c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-04-28 15:41:41	225280	------w-	c:\program files\common files\installshield\iscript\iscript.dll
2012-04-28 15:41:41	176128	------w-	c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-04-28 15:41:40	614532	----a-w-	c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-04-28 15:32:00	--------	d-----w-	c:\program files\DVD Genie
.
==================== Find3M  ====================
.
2012-05-22 13:26:12	249856	----a-w-	c:\windows\system32\uxtheme.dll
2012-05-22 13:26:10	2755072	----a-w-	c:\windows\system32\themeui.dll
2012-05-22 13:26:07	37376	----a-w-	c:\windows\system32\themeservice.dll
2012-05-10 06:54:28	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 06:54:28	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-08 16:35:20	60416	----a-w-	c:\windows\ALCFDRTM.VER
2012-04-04 13:56:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54:29	637848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54:29	567696	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-24 11:40:47	60416	----a-w-	c:\windows\ALCFDRTM.EXE
2012-03-07 20:40:02	1010720	--s---r-	c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46:57	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 05:33:23	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-29 23:59:00	61248	----a-w-	c:\windows\system32\OpenCL.dll
2012-02-29 23:59:00	5892928	----a-w-	c:\windows\system32\nvcuda.dll
2012-02-29 23:59:00	2517312	----a-w-	c:\windows\system32\nvcuvid.dll
2012-02-29 23:59:00	2437440	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59:00	2301248	----a-w-	c:\windows\system32\nvapi.dll
2012-02-29 23:59:00	17543488	----a-w-	c:\windows\system32\nvcompiler.dll
2012-02-29 23:59:00	15009600	----a-w-	c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:00	10819392	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 20:56:41	3881792	----a-w-	c:\windows\system32\nvcpl.dll
2012-02-29 20:55:16	2719040	----a-w-	c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47	108352	----a-w-	c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46	645440	----a-w-	c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:46	62272	----a-w-	c:\windows\system32\nvshext.dll
2012-02-28 01:18:55	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:54:58.06 ===============
         
--- --- ---


Gmer:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-23 12:44:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1203N rev.TL100-30
Running: rqfnzd0n.exe; Driver: C:\Users\-----\AppData\Local\Temp\pgddqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwAddBootEntry [0x8B2E7CAE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwAlpcSendWaitReceivePort [0x8B2EA16E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateEvent [0x8B2E9B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateEventPair [0x8B2E9B8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateIoCompletion [0x8B2E9CA2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateMutant [0x8B2E9A8A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateSection [0x8B2E9BDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateSemaphore [0x8B2E9ADE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateTimer [0x8B2E9C50]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwDeleteBootEntry [0x8B2E7CD2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwLoadDriver [0x8B2E7ADA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwModifyBootEntry [0x8B2E7CF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwNotifyChangeKey [0x8B2EA548]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwNotifyChangeMultipleKeys [0x8B2E87F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenEvent [0x8B2E9B64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenEventPair [0x8B2E9BB4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenIoCompletion [0x8B2E9CCC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenMutant [0x8B2E9AB6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenSection [0x8B2E9C1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenSemaphore [0x8B2E9B0C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenTimer [0x8B2E9C7A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwQueryObject [0x8B2E86BE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwReplyWaitReceivePort [0x8B2EA57E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwReplyWaitReceivePortEx [0x8B2EA142]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetBootEntryOrder [0x8B2E7D1A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetBootOptions [0x8B2E7D3E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetSystemInformation [0x8B2E7B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwShutdownSystem [0x8B2E7C44]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSystemDebugControl [0x8B2E7C56]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ZwCreateProcessEx [0x910A8BAE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                  83047989 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                    830674E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 1393                                                                                       8306E750 4 Bytes  [AE, 7C, 2E, 8B]
.text           ntoskrnl.exe!KeRemoveQueueEx + 140B                                                                                       8306E7C8 4 Bytes  [6E, A1, 2E, 8B]
.text           ntoskrnl.exe!KeRemoveQueueEx + 146F                                                                                       8306E82C 8 Bytes  [34, 9B, 2E, 8B, 8C, 9B, 2E, ...]
.text           ntoskrnl.exe!KeRemoveQueueEx + 147B                                                                                       8306E838 4 Bytes  [A2, 9C, 2E, 8B]
.text           ntoskrnl.exe!KeRemoveQueueEx + 1497                                                                                       8306E854 4 Bytes  [8A, 9A, 2E, 8B]
.text           ...                                                                                                                       
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                        831F448A 5 Bytes  JMP 910A45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!RtlCompareUnicodeStrings + 50C                                                                               8321B9D6 5 Bytes  JMP 910A6012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                            832E4944 7 Bytes  JMP 910A8BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?               C:\Users\-----\AppData\Local\Temp\mbr.sys                                                                              The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtCreateFile + 6                                                     779855CE 4 Bytes  [28, 00, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtCreateFile + B                                                     779855D3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + 6                                               77985C2E 1 Byte  [28]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + 6                                               77985C2E 4 Bytes  [28, 03, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + B                                               77985C33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenFile + 6                                                       77985CDE 4 Bytes  [68, 00, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenFile + B                                                       77985CE3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcess + 6                                                    77985D8E 4 Bytes  [A8, 01, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcess + B                                                    77985D93 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessToken + 6                                               77985D9E 4 Bytes  CALL 769874A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessToken + B                                               77985DA3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessTokenEx + 6                                             77985DAE 4 Bytes  [A8, 02, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessTokenEx + B                                             77985DB3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThread + 6                                                     77985E0E 4 Bytes  [68, 01, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThread + B                                                     77985E13 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadToken + 6                                                77985E1E 4 Bytes  [68, 02, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadToken + B                                                77985E23 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadTokenEx + 6                                              77985E2E 4 Bytes  CALL 76987535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadTokenEx + B                                              77985E33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryAttributesFile + 6                                            77985F3E 4 Bytes  [A8, 00, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryAttributesFile + B                                            77985F43 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryFullAttributesFile + 6                                        77985FEE 4 Bytes  CALL 769876F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryFullAttributesFile + B                                        77985FF3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationFile + 6                                             7798663E 4 Bytes  [28, 01, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationFile + B                                             77986643 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationThread + 6                                           7798669E 4 Bytes  [28, 02, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationThread + B                                           779866A3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + 6                                             779869BE 1 Byte  [68]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + 6                                             779869BE 4 Bytes  [68, 03, 17, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + B                                             779869C3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcess + 6                                                   77985D8E 4 Bytes  [A8, 01, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcess + B                                                   77985D93 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 76987AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadToken + 6                                               77985E1E 4 Bytes  [68, 02, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadToken + B                                               77985E23 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadTokenEx + 6                                             77985E2E 4 Bytes  CALL 76987B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadTokenEx + B                                             77985E33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryAttributesFile + 6                                           77985F3E 4 Bytes  [A8, 00, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryAttributesFile + B                                           77985F43 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryFullAttributesFile + 6                                       77985FEE 4 Bytes  CALL 76987CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryFullAttributesFile + B                                       77985FF3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 1D, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcess + 6                                                   77985D8E 4 Bytes  [A8, 01, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcess + B                                                   77985D93 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 76989DA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadToken + 6                                               77985E1E 4 Bytes  [68, 02, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadToken + B                                               77985E23 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadTokenEx + 6                                             77985E2E 4 Bytes  CALL 76989E35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadTokenEx + B                                             77985E33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryAttributesFile + 6                                           77985F3E 4 Bytes  [A8, 00, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryAttributesFile + B                                           77985F43 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryFullAttributesFile + 6                                       77985FEE 4 Bytes  CALL 76989FF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryFullAttributesFile + B                                       77985FF3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 40, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter                        7768F4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcess + 6                                                   77985D8E 4 Bytes  [A8, 01, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcess + B                                                   77985D93 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 76987CA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadToken + 6                                               77985E1E 4 Bytes  [68, 02, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadToken + B                                               77985E23 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadTokenEx + 6                                             77985E2E 4 Bytes  CALL 76987D35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadTokenEx + B                                             77985E33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryAttributesFile + 6                                           77985F3E 4 Bytes  [A8, 00, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryAttributesFile + B                                           77985F43 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryFullAttributesFile + 6                                       77985FEE 4 Bytes  CALL 76987EF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryFullAttributesFile + B                                       77985FF3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 1F, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 33, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcess + 6                                                   77985D8E 4 Bytes  [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcess + B                                                   77985D93 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 769890A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 33, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadToken + 6                                               77985E1E 4 Bytes  [68, 02, 33, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadToken + B                                               77985E23 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadTokenEx + 6                                             77985E2E 4 Bytes  CALL 76989135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadTokenEx + B                                             77985E33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryAttributesFile + 6                                           77985F3E 4 Bytes  [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryAttributesFile + B                                           77985F43 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryFullAttributesFile + 6                                       77985FEE 4 Bytes  CALL 769892F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryFullAttributesFile + B                                       77985FF3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 33, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcess + 6                                                   77985D8E 4 Bytes  [A8, 01, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcess + B                                                   77985D93 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 7698A0A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadToken + 6                                               77985E1E 4 Bytes  [68, 02, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadToken + B                                               77985E23 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadTokenEx + 6                                             77985E2E 4 Bytes  CALL 7698A135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadTokenEx + B                                             77985E33 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryAttributesFile + 6                                           77985F3E 4 Bytes  [A8, 00, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryAttributesFile + B                                           77985F43 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryFullAttributesFile + 6                                       77985FEE 4 Bytes  CALL 7698A2F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryFullAttributesFile + B                                       77985FF3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 43, 00]
.text           C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000055                                                                                         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                   aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                   aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

---- Services - GMER 1.0.15 ----

Service         C:\Windows\system32\DRIVERS\vdrv1000.sys (*** hidden *** )                                                                [SYSTEM] vdrv1000                                                                                                                                     <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c (not active ControlSet)                           
Reg             HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7                                      0x52 0x8F 0xFF 0xE2 ...
Reg             HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655                                      0xC5 0x59 0x86 0x88 ...
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000@ServiceBinary                                                                 C:\Windows\system32\drivers\VDRV1000.SYS
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000@Group                                                                         SCSI Miniport
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000@ImagePath                                                                     system32\DRIVERS\vdrv1000.sys
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000@ErrorControl                                                                  1
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000@Start                                                                         1
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000@Type                                                                          1
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000@Tag                                                                           64
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum (not active ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@0                                                                        ROOT\SCSIADAPTER\0000
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@Count                                                                    1
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@NextInstance                                                             1
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@INITSTARTFAILED                                                          1
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters\pnpinterface (not active ControlSet)                               
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters\pnpinterface@1                                                     1
Reg             HKLM\SYSTEM\ControlSet001\services\vdrv1000\security (not active ControlSet)                                              
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7                                  0x52 0x8F 0xFF 0xE2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655                                  0xC5 0x59 0x86 0x88 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary                                                             C:\Windows\system32\drivers\VDRV1000.SYS
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group                                                                     SCSI Miniport
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath                                                                 system32\DRIVERS\vdrv1000.sys
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl                                                              1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start                                                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type                                                                      1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag                                                                       64
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum                                                                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0                                                                    ROOT\SCSIADAPTER\0000
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count                                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance                                                         1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@INITSTARTFAILED                                                      1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@1                                                 1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security                                                                  
Reg             HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c (not active ControlSet)                           
Reg             HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7                                      0x52 0x8F 0xFF 0xE2 ...
Reg             HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655                                      0xC5 0x59 0x86 0x88 ...
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000@ServiceBinary                                                                 C:\Windows\system32\drivers\VDRV1000.SYS
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000@Group                                                                         SCSI Miniport
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000@ImagePath                                                                     system32\DRIVERS\vdrv1000.sys
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000@ErrorControl                                                                  1
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000@Start                                                                         1
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000@Type                                                                          1
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000@Tag                                                                           64
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum (not active ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@0                                                                        ROOT\SCSIADAPTER\0000
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@Count                                                                    1
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@NextInstance                                                             1
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@INITSTARTFAILED                                                          1
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters\pnpinterface (not active ControlSet)                               
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters\pnpinterface@1                                                     1
Reg             HKLM\SYSTEM\ControlSet003\services\vdrv1000\security (not active ControlSet)                                              

---- Files - GMER 1.0.15 ----

File            C:\## aswSnx private storage                                                                                              0 bytes
File            C:\## aswSnx private storage\snx_rhive                                                                                    262144 bytes
File            C:\## aswSnx private storage\snx_rhive.LOG1                                                                               9216 bytes
File            C:\## aswSnx private storage\snx_rhive.LOG2                                                                               0 bytes
File            C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TM.blf                                       65536 bytes
File            C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TMContainer00000000000000000001.regtrans-ms  524288 bytes
File            C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TMContainer00000000000000000002.regtrans-ms  524288 bytes

---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________

Alt 23.05.2012, 13:23   #4
Psychotic
/// Malwareteam
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



Auweh!
Mal gucken, of das hier tut:

TDSS-Killer (Scan)


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 23.05.2012, 13:46   #5
ThimoS.
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



vielen lieben dank, hier der anhang:

Code:
ATTFilter
0063 3396	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
13:41:30.0344 3396	============================================================
13:41:30.0344 3396	Current date / time: 2012/05/23 13:41:30.0344
13:41:30.0344 3396	SystemInfo:
13:41:30.0344 3396	
13:41:30.0344 3396	OS Version: 6.1.7601 ServicePack: 1.0
13:41:30.0344 3396	Product type: Workstation
13:41:30.0344 3396	ComputerName: -----
13:41:30.0344 3396	UserName: -----
13:41:30.0344 3396	Windows directory: C:\Windows
13:41:30.0344 3396	System windows directory: C:\Windows
13:41:30.0344 3396	Processor architecture: Intel x86
13:41:30.0344 3396	Number of processors: 1
13:41:30.0344 3396	Page size: 0x1000
13:41:30.0344 3396	Boot type: Normal boot
13:41:30.0344 3396	============================================================
13:41:31.0391 3396	Drive \Device\Harddisk0\DR0 - Size: 0x1BF4187E00 (111.81 Gb), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:41:31.0407 3396	Drive \Device\Harddisk1\DR1 - Size: 0x9515A5E00 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:41:31.0407 3396	============================================================
13:41:31.0407 3396	\Device\Harddisk0\DR0:
13:41:31.0422 3396	MBR partitions:
13:41:31.0422 3396	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FCF9C3
13:41:31.0438 3396	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6FCFA41, BlocksNum 0x6FCBB02
13:41:31.0438 3396	\Device\Harddisk1\DR1:
13:41:31.0438 3396	MBR partitions:
13:41:31.0438 3396	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
13:41:31.0438 3396	============================================================
13:41:31.0454 3396	C: <-> \Device\Harddisk0\DR0\Partition0
13:41:31.0485 3396	D: <-> \Device\Harddisk1\DR1\Partition0
13:41:31.0516 3396	E: <-> \Device\Harddisk0\DR0\Partition1
13:41:31.0516 3396	============================================================
13:41:31.0516 3396	Initialize success
13:41:31.0516 3396	============================================================
13:42:16.0374 3764	============================================================
13:42:16.0374 3764	Scan started
13:42:16.0374 3764	Mode: Manual; TDLFS; 
13:42:16.0374 3764	============================================================
13:42:17.0081 3764	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:42:17.0094 3764	1394ohci - ok
13:42:17.0154 3764	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:42:17.0170 3764	ACPI - ok
13:42:17.0230 3764	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:42:17.0233 3764	AcpiPmi - ok
13:42:17.0285 3764	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:42:17.0300 3764	adp94xx - ok
13:42:17.0339 3764	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:42:17.0359 3764	adpahci - ok
13:42:17.0407 3764	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:42:17.0426 3764	adpu320 - ok
13:42:17.0483 3764	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:42:17.0490 3764	AeLookupSvc - ok
13:42:17.0554 3764	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:42:17.0579 3764	AFD - ok
13:42:17.0624 3764	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:42:17.0625 3764	agp440 - ok
13:42:17.0684 3764	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:42:17.0693 3764	aic78xx - ok
13:42:17.0953 3764	ALCXWDM         (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
13:42:18.0003 3764	ALCXWDM - ok
13:42:18.0120 3764	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:42:18.0127 3764	ALG - ok
13:42:18.0195 3764	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:42:18.0198 3764	aliide - ok
13:42:18.0225 3764	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:42:18.0236 3764	amdagp - ok
13:42:18.0281 3764	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:42:18.0285 3764	amdide - ok
13:42:18.0321 3764	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:42:18.0330 3764	AmdK8 - ok
13:42:18.0351 3764	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:42:18.0355 3764	AmdPPM - ok
13:42:18.0401 3764	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:42:18.0408 3764	amdsata - ok
13:42:18.0443 3764	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:42:18.0457 3764	amdsbs - ok
13:42:18.0503 3764	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:42:18.0505 3764	amdxata - ok
13:42:18.0547 3764	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:42:18.0553 3764	AppID - ok
13:42:18.0589 3764	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:42:18.0597 3764	AppIDSvc - ok
13:42:18.0653 3764	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:42:18.0658 3764	Appinfo - ok
13:42:18.0699 3764	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:42:18.0713 3764	AppMgmt - ok
13:42:18.0753 3764	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:42:18.0759 3764	arc - ok
13:42:18.0797 3764	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:42:18.0804 3764	arcsas - ok
13:42:18.0934 3764	aswArKrn - ok
13:42:19.0024 3764	aswFsBlk        (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
13:42:19.0026 3764	aswFsBlk - ok
13:42:19.0070 3764	aswFW           (25ace55b10046e9e6e9b148fa7abd3b7) C:\Windows\system32\drivers\aswFW.sys
13:42:19.0073 3764	aswFW - ok
13:42:19.0105 3764	aswMonFlt       (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
13:42:19.0107 3764	aswMonFlt - ok
13:42:19.0141 3764	aswNdis         (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
13:42:19.0143 3764	aswNdis - ok
13:42:19.0189 3764	aswNdis2        (125febcb61d33b358afc20866b8a9842) C:\Windows\system32\drivers\aswNdis2.sys
13:42:19.0198 3764	aswNdis2 - ok
13:42:19.0225 3764	aswRdr          (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
13:42:19.0226 3764	aswRdr - ok
13:42:19.0281 3764	aswSnx          (81f10376af5f0f466f03cb2c5321b7ed) C:\Windows\system32\drivers\aswSnx.sys
13:42:19.0287 3764	aswSnx - ok
13:42:19.0326 3764	aswSP           (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
13:42:19.0328 3764	aswSP - ok
13:42:19.0375 3764	aswTdi          (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
13:42:19.0376 3764	aswTdi - ok
13:42:19.0403 3764	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:42:19.0405 3764	AsyncMac - ok
13:42:19.0438 3764	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:42:19.0440 3764	atapi - ok
13:42:19.0500 3764	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:42:19.0525 3764	AudioEndpointBuilder - ok
13:42:19.0561 3764	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:42:19.0569 3764	Audiosrv - ok
13:42:19.0650 3764	avast! Antivirus (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:42:19.0653 3764	avast! Antivirus - ok
13:42:19.0690 3764	avast! Firewall (8408b80b5d1927d5063e1250ea5d9a78) C:\Program Files\Alwil Software\Avast5\afwServ.exe
13:42:19.0693 3764	avast! Firewall - ok
13:42:19.0708 3764	avast! Web Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:42:19.0709 3764	avast! Web Scanner - ok
13:42:19.0760 3764	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:42:19.0766 3764	AxInstSV - ok
13:42:19.0824 3764	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:42:19.0847 3764	b06bdrv - ok
13:42:19.0890 3764	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:42:19.0917 3764	b57nd60x - ok
13:42:19.0967 3764	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:42:19.0974 3764	BDESVC - ok
13:42:20.0003 3764	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:42:20.0005 3764	Beep - ok
13:42:20.0075 3764	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
13:42:20.0105 3764	BITS - ok
13:42:20.0158 3764	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:42:20.0165 3764	blbdrive - ok
13:42:20.0213 3764	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:42:20.0218 3764	bowser - ok
13:42:20.0243 3764	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:42:20.0246 3764	BrFiltLo - ok
13:42:20.0264 3764	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:42:20.0266 3764	BrFiltUp - ok
13:42:20.0304 3764	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:42:20.0311 3764	Browser - ok
13:42:20.0347 3764	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:42:20.0367 3764	Brserid - ok
13:42:20.0391 3764	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:42:20.0400 3764	BrSerWdm - ok
13:42:20.0419 3764	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:42:20.0423 3764	BrUsbMdm - ok
13:42:20.0446 3764	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:42:20.0448 3764	BrUsbSer - ok
13:42:20.0483 3764	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
13:42:20.0491 3764	BthEnum - ok
13:42:20.0511 3764	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:42:20.0519 3764	BTHMODEM - ok
13:42:20.0547 3764	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:42:20.0556 3764	BthPan - ok
13:42:20.0621 3764	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
13:42:20.0644 3764	BTHPORT - ok
13:42:20.0678 3764	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:42:20.0685 3764	bthserv - ok
13:42:20.0716 3764	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
13:42:20.0723 3764	BTHUSB - ok
13:42:20.0764 3764	btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
13:42:20.0770 3764	btwaudio - ok
13:42:20.0817 3764	btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\DRIVERS\btwavdt.sys
13:42:20.0826 3764	btwavdt - ok
13:42:20.0861 3764	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:42:20.0875 3764	cdfs - ok
13:42:20.0924 3764	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:42:20.0930 3764	cdrom - ok
13:42:20.0971 3764	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:42:20.0977 3764	CertPropSvc - ok
13:42:21.0015 3764	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:42:21.0024 3764	circlass - ok
13:42:21.0086 3764	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:42:21.0103 3764	CLFS - ok
13:42:21.0185 3764	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:42:21.0196 3764	clr_optimization_v2.0.50727_32 - ok
13:42:21.0321 3764	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:42:21.0326 3764	clr_optimization_v4.0.30319_32 - ok
13:42:21.0359 3764	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:42:21.0361 3764	CmBatt - ok
13:42:21.0399 3764	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:42:21.0401 3764	cmdide - ok
13:42:21.0419 3764	cmuda3 - ok
13:42:21.0471 3764	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:42:21.0486 3764	CNG - ok
13:42:21.0513 3764	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:42:21.0516 3764	Compbatt - ok
13:42:21.0556 3764	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:42:21.0564 3764	CompositeBus - ok
13:42:21.0583 3764	COMSysApp - ok
13:42:21.0610 3764	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:42:21.0617 3764	crcdisk - ok
13:42:21.0669 3764	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:42:21.0680 3764	CryptSvc - ok
13:42:21.0749 3764	CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:42:21.0770 3764	CscService - ok
13:42:21.0837 3764	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:42:21.0869 3764	DcomLaunch - ok
13:42:21.0916 3764	DefragFS        (292e9ec82df08cbdd1cc51d963f38248) C:\Windows\system32\drivers\DefragFS.sys
13:42:21.0917 3764	DefragFS - ok
13:42:21.0971 3764	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:42:21.0983 3764	defragsvc - ok
13:42:22.0020 3764	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:42:22.0027 3764	DfsC - ok
13:42:22.0078 3764	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:42:22.0088 3764	Dhcp - ok
13:42:22.0124 3764	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:42:22.0131 3764	discache - ok
13:42:22.0163 3764	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:42:22.0164 3764	Disk - ok
13:42:22.0220 3764	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:42:22.0235 3764	Dnscache - ok
13:42:22.0280 3764	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:42:22.0292 3764	dot3svc - ok
13:42:22.0338 3764	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:42:22.0350 3764	DPS - ok
13:42:22.0386 3764	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:42:22.0389 3764	drmkaud - ok
13:42:22.0468 3764	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:42:22.0477 3764	DXGKrnl - ok
13:42:22.0513 3764	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:42:22.0528 3764	EapHost - ok
13:42:22.0731 3764	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:42:22.0838 3764	ebdrv - ok
13:42:22.0962 3764	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:42:22.0968 3764	EFS - ok
13:42:23.0067 3764	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:42:23.0084 3764	ehRecvr - ok
13:42:23.0133 3764	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:42:23.0141 3764	ehSched - ok
13:42:23.0237 3764	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:42:23.0258 3764	elxstor - ok
13:42:23.0292 3764	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:42:23.0294 3764	ErrDev - ok
13:42:23.0383 3764	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:42:23.0403 3764	EventSystem - ok
13:42:23.0440 3764	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:42:23.0454 3764	exfat - ok
13:42:23.0492 3764	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:42:23.0504 3764	fastfat - ok
13:42:23.0576 3764	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:42:23.0595 3764	Fax - ok
13:42:23.0627 3764	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:42:23.0635 3764	fdc - ok
13:42:23.0688 3764	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:42:23.0694 3764	fdPHost - ok
13:42:23.0723 3764	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:42:23.0730 3764	FDResPub - ok
13:42:23.0756 3764	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:42:23.0758 3764	FileInfo - ok
13:42:23.0811 3764	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:42:23.0819 3764	Filetrace - ok
13:42:23.0853 3764	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:42:23.0856 3764	flpydisk - ok
13:42:23.0898 3764	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:42:23.0910 3764	FltMgr - ok
13:42:23.0995 3764	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:42:24.0023 3764	FontCache - ok
13:42:24.0107 3764	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:42:24.0116 3764	FontCache3.0.0.0 - ok
13:42:24.0154 3764	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:42:24.0160 3764	FsDepends - ok
13:42:24.0217 3764	FsUsbExDisk     (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
13:42:24.0234 3764	FsUsbExDisk - ok
13:42:24.0271 3764	FsUsbExService  (96633419f4a1e37acb89b45ebccfe001) C:\Windows\system32\FsUsbExService.Exe
13:42:24.0291 3764	FsUsbExService - ok
13:42:24.0328 3764	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:42:24.0329 3764	Fs_Rec - ok
13:42:24.0379 3764	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:42:24.0390 3764	fvevol - ok
13:42:24.0433 3764	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:42:24.0439 3764	gagp30kx - ok
13:42:24.0510 3764	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:42:24.0537 3764	gpsvc - ok
13:42:24.0565 3764	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:42:24.0573 3764	hcw85cir - ok
13:42:24.0611 3764	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:42:24.0624 3764	HDAudBus - ok
13:42:24.0737 3764	HDDlife HDD Access service (dce43f051d80820a28307d527bd4e947) C:\Program Files\Common Files\BinarySense\hldasvc.exe
13:42:24.0767 3764	HDDlife HDD Access service - ok
13:42:24.0797 3764	HH10Help.sys    (d1c92d1e1620da2e22e3f483a73729d7) C:\Windows\system32\drivers\HH10Help.sys
13:42:24.0799 3764	HH10Help.sys - ok
13:42:24.0835 3764	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:42:24.0838 3764	HidBatt - ok
13:42:24.0864 3764	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:42:24.0874 3764	HidBth - ok
13:42:24.0902 3764	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:42:24.0909 3764	HidIr - ok
13:42:24.0951 3764	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:42:24.0973 3764	hidserv - ok
13:42:25.0007 3764	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:42:25.0010 3764	HidUsb - ok
13:42:25.0057 3764	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:42:25.0074 3764	hkmsvc - ok
13:42:25.0126 3764	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:42:25.0139 3764	HomeGroupListener - ok
13:42:25.0191 3764	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:42:25.0213 3764	HomeGroupProvider - ok
13:42:25.0253 3764	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:42:25.0260 3764	HpSAMD - ok
13:42:25.0318 3764	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:42:25.0347 3764	HTTP - ok
13:42:25.0374 3764	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:42:25.0375 3764	hwpolicy - ok
13:42:25.0411 3764	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:42:25.0417 3764	i8042prt - ok
13:42:25.0471 3764	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:42:25.0489 3764	iaStorV - ok
13:42:25.0617 3764	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:42:25.0644 3764	idsvc - ok
13:42:25.0687 3764	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:42:25.0695 3764	iirsp - ok
13:42:25.0775 3764	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:42:25.0797 3764	IKEEXT - ok
13:42:25.0838 3764	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:42:25.0840 3764	intelide - ok
13:42:25.0885 3764	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:42:25.0891 3764	intelppm - ok
13:42:25.0926 3764	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:42:25.0943 3764	IPBusEnum - ok
13:42:25.0974 3764	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:42:25.0980 3764	IpFilterDriver - ok
13:42:26.0023 3764	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:42:26.0034 3764	IPMIDRV - ok
13:42:26.0076 3764	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:42:26.0083 3764	IPNAT - ok
13:42:26.0105 3764	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:42:26.0108 3764	IRENUM - ok
13:42:26.0145 3764	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:42:26.0153 3764	isapnp - ok
13:42:26.0199 3764	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:42:26.0213 3764	iScsiPrt - ok
13:42:26.0245 3764	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:42:26.0247 3764	kbdclass - ok
13:42:26.0279 3764	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:42:26.0287 3764	kbdhid - ok
13:42:26.0321 3764	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:26.0327 3764	KeyIso - ok
13:42:26.0360 3764	KMWDFILTERx86   (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:42:26.0368 3764	KMWDFILTERx86 - ok
13:42:26.0414 3764	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:42:26.0419 3764	KSecDD - ok
13:42:26.0458 3764	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:42:26.0471 3764	KSecPkg - ok
13:42:26.0525 3764	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:42:26.0544 3764	KtmRm - ok
13:42:26.0611 3764	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
13:42:26.0628 3764	LanmanServer - ok
13:42:26.0669 3764	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:42:26.0684 3764	LanmanWorkstation - ok
13:42:26.0733 3764	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:42:26.0740 3764	lltdio - ok
13:42:26.0789 3764	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:42:26.0806 3764	lltdsvc - ok
13:42:26.0831 3764	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:42:26.0836 3764	lmhosts - ok
13:42:26.0854 3764	LMImirr - ok
13:42:26.0892 3764	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:42:26.0898 3764	LSI_FC - ok
13:42:26.0922 3764	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:42:26.0934 3764	LSI_SAS - ok
13:42:26.0962 3764	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:42:26.0970 3764	LSI_SAS2 - ok
13:42:26.0995 3764	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:42:27.0006 3764	LSI_SCSI - ok
13:42:27.0037 3764	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:42:27.0043 3764	luafv - ok
13:42:27.0086 3764	LVUSBSta        (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\DRIVERS\LVUSBSta.sys
13:42:27.0087 3764	LVUSBSta - ok
13:42:27.0140 3764	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:42:27.0143 3764	MBAMProtector - ok
13:42:27.0255 3764	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:42:27.0279 3764	MBAMService - ok
13:42:27.0324 3764	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:42:27.0333 3764	Mcx2Svc - ok
13:42:27.0368 3764	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:42:27.0375 3764	megasas - ok
13:42:27.0416 3764	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:42:27.0427 3764	MegaSR - ok
13:42:27.0486 3764	Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:42:27.0493 3764	Microsoft Office Groove Audit Service - ok
13:42:27.0529 3764	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:42:27.0545 3764	MMCSS - ok
13:42:27.0625 3764	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:42:27.0633 3764	Modem - ok
13:42:27.0673 3764	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:42:27.0675 3764	monitor - ok
13:42:27.0714 3764	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:42:27.0716 3764	mouclass - ok
13:42:27.0748 3764	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:42:27.0755 3764	mouhid - ok
13:42:27.0801 3764	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:42:27.0807 3764	mountmgr - ok
13:42:27.0844 3764	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:42:27.0857 3764	mpio - ok
13:42:27.0900 3764	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:42:27.0907 3764	mpsdrv - ok
13:42:27.0953 3764	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:42:27.0966 3764	MRxDAV - ok
13:42:28.0014 3764	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:42:28.0028 3764	mrxsmb - ok
13:42:28.0070 3764	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:42:28.0081 3764	mrxsmb10 - ok
13:42:28.0120 3764	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:42:28.0126 3764	mrxsmb20 - ok
13:42:28.0156 3764	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:42:28.0164 3764	msahci - ok
13:42:28.0223 3764	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:42:28.0236 3764	msdsm - ok
13:42:28.0289 3764	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:42:28.0307 3764	MSDTC - ok
13:42:28.0364 3764	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:42:28.0366 3764	Msfs - ok
13:42:28.0390 3764	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:42:28.0395 3764	mshidkmdf - ok
13:42:28.0435 3764	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:42:28.0437 3764	msisadrv - ok
13:42:28.0484 3764	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:42:28.0498 3764	MSiSCSI - ok
13:42:28.0516 3764	msiserver - ok
13:42:28.0546 3764	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:42:28.0548 3764	MSKSSRV - ok
13:42:28.0568 3764	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:42:28.0571 3764	MSPCLOCK - ok
13:42:28.0589 3764	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:42:28.0593 3764	MSPQM - ok
13:42:28.0628 3764	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:42:28.0641 3764	MsRPC - ok
13:42:28.0693 3764	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:42:28.0695 3764	mssmbios - ok
13:42:28.0720 3764	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:42:28.0723 3764	MSTEE - ok
13:42:28.0744 3764	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:42:28.0746 3764	MTConfig - ok
13:42:28.0778 3764	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:42:28.0783 3764	Mup - ok
13:42:28.0853 3764	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:42:28.0886 3764	napagent - ok
13:42:28.0933 3764	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:42:28.0950 3764	NativeWifiP - ok
13:42:29.0030 3764	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:42:29.0060 3764	NDIS - ok
13:42:29.0088 3764	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:42:29.0096 3764	NdisCap - ok
13:42:29.0134 3764	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:42:29.0136 3764	NdisTapi - ok
13:42:29.0168 3764	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:42:29.0184 3764	Ndisuio - ok
13:42:29.0220 3764	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:42:29.0235 3764	NdisWan - ok
13:42:29.0286 3764	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:42:29.0292 3764	NDProxy - ok
13:42:29.0344 3764	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:42:29.0353 3764	NetBIOS - ok
13:42:29.0404 3764	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:42:29.0415 3764	NetBT - ok
13:42:29.0463 3764	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:29.0467 3764	Netlogon - ok
13:42:29.0519 3764	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:42:29.0546 3764	Netman - ok
13:42:29.0597 3764	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:42:29.0621 3764	netprofm - ok
13:42:29.0708 3764	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:42:29.0720 3764	NetTcpPortSharing - ok
13:42:29.0754 3764	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:42:29.0761 3764	nfrd960 - ok
13:42:29.0833 3764	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:42:29.0849 3764	NlaSvc - ok
13:42:29.0928 3764	nmwcd           (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
13:42:29.0931 3764	nmwcd - ok
13:42:29.0975 3764	nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
13:42:29.0977 3764	nmwcdc - ok
13:42:30.0015 3764	nmwcdnsu        (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys
13:42:30.0029 3764	nmwcdnsu - ok
13:42:30.0053 3764	nmwcdnsuc       (d23257682d349a5e2e4507ed33decc16) C:\Windows\system32\drivers\nmwcdnsuc.sys
13:42:30.0056 3764	nmwcdnsuc - ok
13:42:30.0104 3764	NPF             (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
13:42:30.0111 3764	NPF - ok
13:42:30.0139 3764	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:42:30.0147 3764	Npfs - ok
13:42:30.0199 3764	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:42:30.0207 3764	nsi - ok
13:42:30.0233 3764	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:42:30.0236 3764	nsiproxy - ok
13:42:30.0350 3764	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:42:30.0395 3764	Ntfs - ok
13:42:30.0428 3764	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:42:30.0430 3764	Null - ok
13:42:31.0133 3764	nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:42:31.0254 3764	nvlddmkm - ok
13:42:31.0422 3764	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:42:31.0435 3764	nvraid - ok
13:42:31.0483 3764	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:42:31.0495 3764	nvstor - ok
13:42:31.0559 3764	nvsvc           (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
13:42:31.0585 3764	nvsvc - ok
13:42:31.0819 3764	nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:42:31.0889 3764	nvUpdatusService - ok
13:42:32.0039 3764	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:42:32.0045 3764	nv_agp - ok
13:42:32.0125 3764	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:42:32.0139 3764	odserv - ok
13:42:32.0194 3764	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:42:32.0200 3764	ohci1394 - ok
13:42:32.0239 3764	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:42:32.0250 3764	ose - ok
13:42:32.0315 3764	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:42:32.0334 3764	p2pimsvc - ok
13:42:32.0386 3764	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:42:32.0410 3764	p2psvc - ok
13:42:32.0460 3764	PAC7311         (2085d5168fc0c56bb13304d180d244b6) C:\Windows\system32\DRIVERS\PA707UCM.SYS
13:42:32.0468 3764	PAC7311 - ok
13:42:32.0513 3764	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:42:32.0526 3764	Parport - ok
13:42:32.0559 3764	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:42:32.0561 3764	partmgr - ok
13:42:32.0585 3764	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:42:32.0587 3764	Parvdm - ok
13:42:32.0625 3764	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:42:32.0646 3764	PcaSvc - ok
13:42:32.0700 3764	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:42:32.0704 3764	pccsmcfd - ok
13:42:32.0744 3764	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:42:32.0757 3764	pci - ok
13:42:32.0796 3764	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:42:32.0799 3764	pciide - ok
13:42:32.0845 3764	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:42:32.0857 3764	pcmcia - ok
13:42:32.0885 3764	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:42:32.0887 3764	pcw - ok
13:42:33.0031 3764	PDAgent         (6abb7315658f35e448207b0ce69025bc) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
13:42:33.0073 3764	PDAgent - ok
13:42:33.0156 3764	PDEngine        (b5838b97235014d5378b80ed05d4ef30) C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
13:42:33.0193 3764	PDEngine - ok
13:42:33.0378 3764	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:42:33.0398 3764	PEAUTH - ok
13:42:33.0494 3764	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:42:33.0533 3764	PeerDistSvc - ok
13:42:33.0666 3764	PID_0928        (3551190e9cf1eb4c0971bdef4269ca25) C:\Windows\system32\DRIVERS\LV561AV.SYS
13:42:33.0689 3764	PID_0928 - ok
13:42:33.0809 3764	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:42:33.0874 3764	pla - ok
13:42:34.0018 3764	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:42:34.0038 3764	PlugPlay - ok
13:42:34.0083 3764	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:42:34.0090 3764	PNRPAutoReg - ok
13:42:34.0144 3764	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:42:34.0155 3764	PNRPsvc - ok
13:42:34.0221 3764	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:42:34.0246 3764	PolicyAgent - ok
13:42:34.0303 3764	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:42:34.0324 3764	Power - ok
13:42:34.0388 3764	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:42:34.0396 3764	PptpMiniport - ok
13:42:34.0441 3764	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:42:34.0457 3764	Processor - ok
13:42:34.0499 3764	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:42:34.0510 3764	ProfSvc - ok
13:42:34.0543 3764	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:34.0547 3764	ProtectedStorage - ok
13:42:34.0610 3764	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:42:34.0617 3764	Psched - ok
13:42:34.0716 3764	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:42:34.0773 3764	ql2300 - ok
13:42:34.0933 3764	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:42:34.0948 3764	ql40xx - ok
13:42:35.0010 3764	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:42:35.0031 3764	QWAVE - ok
13:42:35.0054 3764	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:42:35.0057 3764	QWAVEdrv - ok
13:42:35.0079 3764	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:42:35.0081 3764	RasAcd - ok
13:42:35.0121 3764	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:42:35.0128 3764	RasAgileVpn - ok
13:42:35.0169 3764	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:42:35.0194 3764	RasAuto - ok
13:42:35.0228 3764	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:42:35.0236 3764	Rasl2tp - ok
13:42:35.0293 3764	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:42:35.0314 3764	RasMan - ok
13:42:35.0351 3764	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:42:35.0360 3764	RasPppoe - ok
13:42:35.0397 3764	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:42:35.0405 3764	RasSstp - ok
13:42:35.0467 3764	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:42:35.0478 3764	rdbss - ok
13:42:35.0509 3764	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:42:35.0513 3764	rdpbus - ok
13:42:35.0553 3764	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:42:35.0555 3764	RDPCDD - ok
13:42:35.0604 3764	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:42:35.0616 3764	RDPDR - ok
13:42:35.0648 3764	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:42:35.0650 3764	RDPENCDD - ok
13:42:35.0688 3764	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:42:35.0690 3764	RDPREFMP - ok
13:42:35.0741 3764	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:42:35.0745 3764	RdpVideoMiniport - ok
13:42:35.0792 3764	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
13:42:35.0805 3764	RDPWD - ok
13:42:35.0841 3764	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:42:35.0854 3764	rdyboost - ok
13:42:35.0911 3764	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:42:35.0925 3764	RemoteAccess - ok
13:42:35.0971 3764	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:42:35.0986 3764	RemoteRegistry - ok
13:42:36.0023 3764	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:42:36.0035 3764	RFCOMM - ok
13:42:36.0096 3764	rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
13:42:36.0110 3764	rpcapd - ok
13:42:36.0168 3764	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:42:36.0198 3764	RpcEptMapper - ok
13:42:36.0234 3764	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:42:36.0239 3764	RpcLocator - ok
13:42:36.0292 3764	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:42:36.0304 3764	RpcSs - ok
13:42:36.0360 3764	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:42:36.0368 3764	rspndr - ok
13:42:36.0406 3764	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:42:36.0409 3764	s3cap - ok
13:42:36.0446 3764	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:36.0451 3764	SamSs - ok
13:42:36.0488 3764	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:42:36.0500 3764	sbp2port - ok
13:42:36.0548 3764	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:42:36.0564 3764	SCardSvr - ok
13:42:36.0597 3764	SCDEmu          (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys
13:42:36.0599 3764	SCDEmu - ok
13:42:36.0640 3764	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:42:36.0648 3764	scfilter - ok
13:42:36.0725 3764	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:42:36.0758 3764	Schedule - ok
13:42:36.0798 3764	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:42:36.0800 3764	SCPolicySvc - ok
13:42:36.0844 3764	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:42:36.0857 3764	SDRSVC - ok
13:42:36.0910 3764	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:42:36.0914 3764	secdrv - ok
13:42:36.0953 3764	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:42:36.0960 3764	seclogon - ok
13:42:36.0988 3764	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:42:37.0003 3764	SENS - ok
13:42:37.0045 3764	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:42:37.0063 3764	SensrSvc - ok
13:42:37.0097 3764	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:42:37.0100 3764	Serenum - ok
13:42:37.0139 3764	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:42:37.0146 3764	Serial - ok
13:42:37.0205 3764	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:42:37.0208 3764	sermouse - ok
13:42:37.0314 3764	ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:42:37.0321 3764	ServiceLayer - ok
13:42:37.0394 3764	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:42:37.0405 3764	SessionEnv - ok
13:42:37.0443 3764	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:42:37.0446 3764	sffdisk - ok
13:42:37.0478 3764	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:42:37.0481 3764	sffp_mmc - ok
13:42:37.0514 3764	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:42:37.0516 3764	sffp_sd - ok
13:42:37.0554 3764	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:42:37.0557 3764	sfloppy - ok
13:42:37.0647 3764	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:42:37.0672 3764	ShellHWDetection - ok
13:42:37.0710 3764	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:42:37.0721 3764	sisagp - ok
13:42:37.0758 3764	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:42:37.0766 3764	SiSRaid2 - ok
13:42:37.0790 3764	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:42:37.0794 3764	SiSRaid4 - ok
13:42:37.0820 3764	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:42:37.0830 3764	Smb - ok
13:42:37.0888 3764	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:42:37.0897 3764	SNMPTRAP - ok
13:42:37.0927 3764	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:42:37.0929 3764	spldr - ok
13:42:37.0993 3764	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:42:38.0009 3764	Spooler - ok
13:42:38.0226 3764	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:42:38.0340 3764	sppsvc - ok
13:42:38.0556 3764	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:42:38.0572 3764	sppuinotify - ok
13:42:38.0649 3764	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:42:38.0666 3764	srv - ok
13:42:38.0723 3764	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:42:38.0739 3764	srv2 - ok
13:42:38.0771 3764	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:42:38.0781 3764	srvnet - ok
13:42:38.0847 3764	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:42:38.0868 3764	SSDPSRV - ok
13:42:38.0905 3764	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:42:38.0918 3764	SstpSvc - ok
13:42:38.0955 3764	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:42:38.0963 3764	stexstor - ok
13:42:39.0045 3764	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:42:39.0074 3764	StiSvc - ok
13:42:39.0116 3764	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:42:39.0118 3764	storflt - ok
13:42:39.0166 3764	StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:42:39.0187 3764	StorSvc - ok
13:42:39.0214 3764	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:42:39.0223 3764	storvsc - ok
13:42:39.0253 3764	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:42:39.0255 3764	swenum - ok
13:42:39.0309 3764	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:42:39.0335 3764	swprv - ok
13:42:39.0429 3764	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:42:39.0483 3764	SysMain - ok
13:42:39.0539 3764	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:42:39.0555 3764	TabletInputService - ok
13:42:39.0604 3764	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:42:39.0623 3764	TapiSrv - ok
13:42:39.0680 3764	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:42:39.0696 3764	TBS - ok
13:42:39.0833 3764	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:42:39.0871 3764	Tcpip - ok
13:42:39.0904 3764	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:42:39.0917 3764	TCPIP6 - ok
13:42:39.0969 3764	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:42:39.0976 3764	tcpipreg - ok
13:42:40.0023 3764	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:42:40.0026 3764	TDPIPE - ok
13:42:40.0064 3764	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:42:40.0073 3764	TDTCP - ok
13:42:40.0113 3764	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:42:40.0119 3764	tdx - ok
13:42:40.0374 3764	TeamViewer7     (e8fc62b7a07123d6cd28fd82b9c4ccd7) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
13:42:40.0485 3764	TeamViewer7 - ok
13:42:40.0661 3764	teamviewervpn   (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
13:42:40.0668 3764	teamviewervpn - ok
13:42:40.0705 3764	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:42:40.0708 3764	TermDD - ok
13:42:40.0771 3764	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:42:40.0800 3764	TermService - ok
13:42:40.0848 3764	Themes          (59cfda4eacb3788f8b17f87b49b0ac0e) C:\Windows\system32\themeservice.dll
13:42:40.0864 3764	Themes - ok
13:42:40.0914 3764	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:42:40.0919 3764	THREADORDER - ok
13:42:40.0957 3764	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:42:40.0971 3764	TrkWks - ok
13:42:41.0039 3764	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:42:41.0049 3764	TrustedInstaller - ok
13:42:41.0108 3764	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:42:41.0116 3764	tssecsrv - ok
13:42:41.0144 3764	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:42:41.0151 3764	TsUsbFlt - ok
13:42:41.0328 3764	TuneUp.UtilitiesSvc (529ef4070a4a1f949ab254e38782b5d4) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
13:42:41.0399 3764	TuneUp.UtilitiesSvc - ok
13:42:41.0431 3764	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
13:42:41.0435 3764	TuneUpUtilitiesDrv - ok
13:42:41.0595 3764	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:42:41.0601 3764	tunnel - ok
13:42:41.0645 3764	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:42:41.0652 3764	uagp35 - ok
13:42:41.0696 3764	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:42:41.0707 3764	udfs - ok
13:42:41.0766 3764	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:42:41.0783 3764	UI0Detect - ok
13:42:41.0828 3764	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:42:41.0835 3764	uliagpkx - ok
13:42:41.0873 3764	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:42:41.0879 3764	umbus - ok
13:42:41.0913 3764	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:42:41.0915 3764	UmPass - ok
13:42:41.0965 3764	UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:42:41.0986 3764	UmRdpService - ok
13:42:42.0033 3764	UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
13:42:42.0034 3764	UnlockerDriver5 - ok
13:42:42.0091 3764	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:42:42.0115 3764	upnphost - ok
13:42:42.0168 3764	upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
13:42:42.0183 3764	upperdev - ok
13:42:42.0225 3764	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:42:42.0240 3764	usbccgp - ok
13:42:42.0284 3764	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:42:42.0297 3764	usbcir - ok
13:42:42.0330 3764	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:42:42.0337 3764	usbehci - ok
13:42:42.0385 3764	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:42:42.0405 3764	usbhub - ok
13:42:42.0444 3764	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:42:42.0447 3764	usbohci - ok
13:42:42.0494 3764	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:42:42.0497 3764	usbprint - ok
13:42:42.0541 3764	usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
13:42:42.0548 3764	usbser - ok
13:42:42.0608 3764	UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
13:42:42.0611 3764	UsbserFilt - ok
13:42:42.0655 3764	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:42:42.0661 3764	USBSTOR - ok
13:42:42.0696 3764	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:42:42.0698 3764	usbuhci - ok
13:42:42.0741 3764	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
13:42:42.0755 3764	usbvideo - ok
13:42:42.0792 3764	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:42:42.0809 3764	UxSms - ok
13:42:42.0849 3764	UxTuneUp        (866ed31801b008cacfb3276f78ab5800) C:\Windows\System32\uxtuneup.dll
13:42:42.0866 3764	UxTuneUp - ok
13:42:42.0905 3764	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:42.0911 3764	VaultSvc - ok
13:42:42.0988 3764	VC10SecS        (e5ad81b19e005394035473465d10d13f) C:\Program Files\Virtual CD v10\System\VC10SecS.exe
13:42:43.0000 3764	VC10SecS - ok
13:42:43.0010 3764	Suspicious service (NoAccess): vdrv1000
13:42:43.0057 3764	vdrv1000        (8e747ea561969ee0e267bc7c5b3f17e5) C:\Windows\system32\DRIVERS\vdrv1000.sys
13:42:43.0061 3764	vdrv1000 ( LockedService.Multi.Generic ) - warning
13:42:43.0061 3764	vdrv1000 - detected LockedService.Multi.Generic (1)
13:42:43.0115 3764	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:42:43.0118 3764	vdrvroot - ok
13:42:43.0203 3764	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:42:43.0241 3764	vds - ok
13:42:43.0279 3764	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:42:43.0287 3764	vga - ok
13:42:43.0317 3764	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:42:43.0325 3764	VgaSave - ok
13:42:43.0371 3764	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:42:43.0384 3764	vhdmp - ok
13:42:43.0424 3764	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:42:43.0431 3764	viaagp - ok
13:42:43.0471 3764	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:42:43.0479 3764	ViaC7 - ok
13:42:43.0506 3764	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:42:43.0509 3764	viaide - ok
13:42:43.0549 3764	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:42:43.0560 3764	vmbus - ok
13:42:43.0589 3764	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:42:43.0593 3764	VMBusHID - ok
13:42:43.0625 3764	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:42:43.0626 3764	volmgr - ok
13:42:43.0685 3764	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:42:43.0704 3764	volmgrx - ok
13:42:43.0757 3764	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:42:43.0767 3764	volsnap - ok
13:42:43.0803 3764	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:42:43.0817 3764	vsmraid - ok
13:42:43.0915 3764	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:42:43.0962 3764	VSS - ok
13:42:43.0984 3764	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:42:43.0987 3764	vwifibus - ok
13:42:44.0047 3764	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:42:44.0073 3764	W32Time - ok
13:42:44.0105 3764	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:42:44.0111 3764	WacomPen - ok
13:42:44.0159 3764	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:42:44.0166 3764	WANARP - ok
13:42:44.0194 3764	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:42:44.0197 3764	Wanarpv6 - ok
13:42:44.0301 3764	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:42:44.0343 3764	wbengine - ok
13:42:44.0381 3764	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:42:44.0404 3764	WbioSrvc - ok
13:42:44.0463 3764	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:42:44.0489 3764	wcncsvc - ok
13:42:44.0523 3764	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:42:44.0539 3764	WcsPlugInService - ok
13:42:44.0603 3764	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:42:44.0606 3764	Wd - ok
13:42:44.0658 3764	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:42:44.0681 3764	Wdf01000 - ok
13:42:44.0727 3764	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:42:44.0745 3764	WdiServiceHost - ok
13:42:44.0763 3764	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:42:44.0775 3764	WdiSystemHost - ok
13:42:44.0821 3764	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:42:44.0841 3764	WebClient - ok
13:42:44.0878 3764	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:42:44.0899 3764	Wecsvc - ok
13:42:44.0931 3764	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:42:44.0947 3764	wercplsupport - ok
13:42:44.0977 3764	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:42:44.0993 3764	WerSvc - ok
13:42:45.0027 3764	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:42:45.0029 3764	WfpLwf - ok
13:42:45.0061 3764	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:42:45.0065 3764	WIMMount - ok
13:42:45.0091 3764	WinHttpAutoProxySvc - ok
13:42:45.0163 3764	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:42:45.0185 3764	Winmgmt - ok
13:42:45.0283 3764	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:42:45.0333 3764	WinRM - ok
13:42:45.0439 3764	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:42:45.0447 3764	WinUsb - ok
13:42:45.0534 3764	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:42:45.0578 3764	Wlansvc - ok
13:42:45.0616 3764	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:42:45.0619 3764	WmiAcpi - ok
13:42:45.0700 3764	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:42:45.0713 3764	wmiApSrv - ok
13:42:45.0854 3764	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:42:45.0894 3764	WMPNetworkSvc - ok
13:42:45.0935 3764	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:42:45.0945 3764	WPCSvc - ok
13:42:45.0979 3764	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:42:45.0994 3764	WPDBusEnum - ok
13:42:46.0060 3764	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:42:46.0063 3764	ws2ifsl - ok
13:42:46.0084 3764	WSearch - ok
13:42:46.0246 3764	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:42:46.0318 3764	wuauserv - ok
13:42:46.0490 3764	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:42:46.0498 3764	WudfPf - ok
13:42:46.0535 3764	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:42:46.0546 3764	WUDFRd - ok
13:42:46.0579 3764	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:42:46.0594 3764	wudfsvc - ok
13:42:46.0651 3764	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:42:46.0677 3764	WwanSvc - ok
13:42:46.0745 3764	yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
13:42:46.0760 3764	yukonw7 - ok
13:42:46.0816 3764	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:42:47.0065 3764	\Device\Harddisk0\DR0 - ok
13:42:47.0080 3764	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
13:42:47.0125 3764	\Device\Harddisk1\DR1 - ok
13:42:47.0157 3764	Boot (0x1200)   (bd0c199d0050147d1085cb874fc5089b) \Device\Harddisk0\DR0\Partition0
13:42:47.0159 3764	\Device\Harddisk0\DR0\Partition0 - ok
13:42:47.0196 3764	Boot (0x1200)   (48a8abb42d8ff020e88e7f7102f6ad87) \Device\Harddisk0\DR0\Partition1
13:42:47.0197 3764	\Device\Harddisk0\DR0\Partition1 - ok
13:42:47.0210 3764	Boot (0x1200)   (8d32013968366f67c06a445e74ed335f) \Device\Harddisk1\DR1\Partition0
13:42:47.0213 3764	\Device\Harddisk1\DR1\Partition0 - ok
13:42:47.0220 3764	============================================================
13:42:47.0220 3764	Scan finished
13:42:47.0220 3764	============================================================
13:42:47.0249 1652	Detected object count: 1
13:42:47.0249 1652	Actual detected object count: 1
13:43:04.0477 1652	vdrv1000 ( LockedService.Multi.Generic ) - skipped by user
13:43:04.0477 1652	vdrv1000 ( LockedService.Multi.Generic ) - User select action: Skip 
13:43:12.0964 0200	Deinitialize success
         


Alt 23.05.2012, 16:55   #6
Psychotic
/// Malwareteam
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



Schritt 1: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Schritt 2: FSS


Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.
__________________
--> Registrierungsreparatur nach Trojanerbefall

Alt 23.05.2012, 18:24   #7
ThimoS.
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



vielen lieben dank fuer deine bemuehungen, leider hat "combofix" alles moegliche erstellt, nur kein logfile, ich werde es nochmal versuchen und dann reineditieren, anbei FFS:

Code:
ATTFilter
Farbar Service Scanner Version: 17-05-2012
Ran by ----- (administrator) on 23-05-2012 at 18:22:16
Running from "E:\Dwnlds"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         
ok nun 2ter versuch:

Combofix:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-23.05 - ----- 23/05/2012  18:49:26.2.1 - x86
Running from: e:\dwnlds\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-23 to 2012-05-23  )))))))))))))))))))))))))))))))
.
.
2012-05-24 02:34 . 2012-05-24 02:34	--------	d-----w-	C:\Boot
2012-05-23 17:16 . 2012-05-23 17:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-23 16:36 . 2012-05-23 17:17	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-23 16:01 . 2012-05-23 17:17	--------	d-----w-	c:\users\-----\AppData\Local\temp
2012-05-23 13:54 . 2012-05-23 13:55	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12	--------	d-----w-	c:\users\-----\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04	--------	d-----w-	c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21	--------	d-----w-	c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12	--------	d-----w-	c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03	--------	d-----w-	c:\users\-----\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58	--------	d-----w-	c:\users\-----\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58	--------	d-----w-	c:\users\-----\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58	--------	d-----w-	c:\users\-----\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29	989184	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50	--------	d-sh--w-	c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59	881984	----a-w-	c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59	19444544	----a-w-	c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59	1000256	----a-w-	c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09	--------	d-----w-	c:\users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09	--------	d-----w-	c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44	--------	d-----w-	c:\users\-----\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36	--------	d-----w-	c:\users\-----\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35	--------	d-----w-	c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35	--------	d-----w-	c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00	59904	----a-w-	c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00	102160	----a-w-	c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47	--------	d-----w-	c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43	16384	----a-w-	c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00	115016	----a-w-	c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18	77824	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18	225280	------w-	c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14	176128	------w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13	32768	------w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35	614532	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32	--------	d-----w-	c:\program files\DVD Genie
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 13:26 . 2009-07-13 23:40	249856	----a-w-	c:\windows\system32\uxtheme.dll
2012-05-22 13:26 . 2011-10-29 15:48	2755072	----a-w-	c:\windows\system32\themeui.dll
2012-05-22 13:26 . 2009-07-13 23:39	37376	----a-w-	c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40	60416	----a-w-	c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09	637848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09	567696	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40	60416	----a-w-	c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40	1010720	--s---r-	c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10	61248	----a-w-	c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10	5892928	----a-w-	c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10	2517312	----a-w-	c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10	2437440	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10	2301248	----a-w-	c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10	17543488	----a-w-	c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10	10819392	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19	15009600	----a-w-	c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10	3881792	----a-w-	c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10	2719040	----a-w-	c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10	108352	----a-w-	c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10	645440	----a-w-	c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10	62272	----a-w-	c:\windows\system32\nvshext.dll
2012-02-28 01:18 . 2012-04-12 14:42	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:42	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:42	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:42	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C159B521C73AA1E786DE7CE8DB0FCDF2 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14	152160	----a-w-	c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\-----\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-09491728.sys
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2176)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-05-23  19:25:19 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-23 17:25
.
Pre-Run: 38,529,597,440 bytes free
Post-Run: 38,445,678,592 bytes free
.
- - End Of File - - 50FF07CFB30CA7E70CD9AA7B80DD7E22
         
--- --- ---


FFS:

Code:
ATTFilter
Farbar Service Scanner Version: 17-05-2012
Ran by ----- (administrator) on 23-05-2012 at 19:28:46
Running from "E:\Dwnlds"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         
wie bekomme ich die eintraege von combofix wieder weg bei c:?

Alt 23.05.2012, 22:01   #8
Psychotic
/// Malwareteam
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



FRST


Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 23.05.2012, 22:46   #9
ThimoS.
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 23-05-2012 22:33:02
Running from H:\
Windows 7 Enterprise   (X86) OS Language: English(US) 
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKU\-----\...\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2838912 2010-09-07] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
Tcpip\..\Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: [NameServer]208.67.222.222,208.67.220.220

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [119200 2010-09-07] (AVAST Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
3 FMDY; C:\Users\-----\AppData\Local\Temp\FMDY.exe [564096 2012-05-23] (Sysinternals - www.sysinternals.com)
4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [238952 2010-07-04] (Teruten)
3 HDDlife HDD Access service; "C:\Program Files\Common Files\BinarySense\hldasvc.exe" [845640 2012-03-05] (BinarySense, Inc.)
3 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
3 PDAgent; "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" [939272 2010-01-26] (Raxco Software, Inc.)
3 PDEngine; "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" [1033480 2010-01-26] (Raxco Software, Inc.)
3 RJA; C:\Users\-----\AppData\Local\Temp\RJA.exe [539520 2012-05-23] (Sysinternals - www.sysinternals.com)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-02-05] (TeamViewer GmbH)
3 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [1483072 2010-10-27] (TuneUp Software)
3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29504 2010-10-27] (TuneUp Software)
3 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2010-02-24] (H+H Software GmbH)
3 ZSJXDG; C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe [568192 2012-05-23] (Sysinternals - www.sysinternals.com)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-09-07] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [99792 2010-09-07] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [50768 2010-09-07] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [190416 2010-09-07] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-09-07] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [340048 2010-09-07] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165584 2010-09-07] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-09-07] (AVAST Software)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [73232 2009-08-20] (Raxco Software, Inc.)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [18432 2008-11-06] (H+H Software GmbH)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-11-01] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-11-01] (Nokia)
3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-11] (Logitech Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-11-11] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2011-11-01] (Nokia)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 aswArKrn; \??\C:\Users\-----\AppData\Local\Temp\aswArKrn.sys [x]
3 catchme; \??\C:\Users\-----\AppData\Local\Temp\catchme.sys [x]
3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [x]
3 LMImirr; C:\Windows\System32\DRIVERS\LMImirr.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: UxTuneUp

============ One Month Created Files and Folders ==============

2012-05-23 22:32 - 2012-05-23 22:33 - 0000000 ____D C:\FRST
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 09:25 - 2012-05-23 09:25 - 0016574 ____A C:\ComboFix.txt
2012-05-23 09:22 - 2012-05-23 09:22 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-23 08:38 - 2012-05-23 09:33 - 0000000 ____D C:\Qoobox
2012-05-23 08:05 - 2012-05-23 12:29 - 0029975 ____A C:\Windows\WindowsUpdate.log
2012-05-23 07:25 - 2012-05-23 08:05 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:25 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-23 07:25 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-23 07:25 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-23 05:59 - 2012-05-23 09:17 - 0001434 ____A C:\Windows\PFRO.log
2012-05-23 05:59 - 2012-05-23 05:59 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 05:59 - 2012-05-23 05:59 - 0215606 ____A C:\Windows\ntbtlog.txt
2012-05-23 05:54 - 2012-05-23 05:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:53 - 2012-05-23 09:36 - 0000336 ____A C:\Windows\setupact.log
2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 05:50 - 2012-05-23 05:50 - 0109216 ____A C:\Users\-----\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\-----\defogger_reenable
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\-----\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\-----\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Language
2012-05-10 12:37 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 12:37 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 12:37 - 2012-03-30 18:36 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 12:37 - 2012-03-30 02:23 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 12:36 - 2012-03-16 23:27 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 12:36 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\-----\Documents\My Data Sources
2012-05-03 10:50 - 2012-05-03 15:38 - 0002038 ___AH C:\Users\-----\Documents\Default.rdp
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:36 - 2012-02-29 15:59 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 09:06 - 2012-04-28 09:09 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\-----\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\-----\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:41 - 2012-04-28 07:47 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:41 - 2012-04-28 07:47 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:41 - 2012-04-28 07:43 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2001-08-29 11:00 - 0059904 ____A (Microsoft Corporation) C:\Windows\System32\wbemdisp.tlb
2012-04-28 07:41 - 1998-07-21 14:00 - 0102160 ____A (Microsoft Corporation) C:\Windows\System32\VB6KO.DLL
2012-04-28 07:41 - 1998-06-23 14:00 - 0115016 ____A (Microsoft Corporation) C:\Windows\System32\MSINET.OCX
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie

============ 3 Months Modified Files and Folders ===============

2012-05-23 22:33 - 2012-05-23 22:32 - 0000000 ____D C:\FRST
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 12:29 - 2012-05-23 08:05 - 0029975 ____A C:\Windows\WindowsUpdate.log
2012-05-23 12:03 - 2011-10-29 10:11 - 0000107 ____A C:\Windows\System32\_WKERNEL.SYL
2012-05-23 09:36 - 2012-05-23 05:53 - 0000336 ____A C:\Windows\setupact.log
2012-05-23 09:36 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-23 09:33 - 2012-05-23 08:38 - 0000000 ____D C:\Qoobox
2012-05-23 09:25 - 2012-05-23 09:25 - 0016574 ____A C:\ComboFix.txt
2012-05-23 09:25 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-05-23 09:22 - 2012-05-23 09:22 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-23 09:17 - 2012-05-23 05:59 - 0001434 ____A C:\Windows\PFRO.log
2012-05-23 09:17 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-05-23 09:17 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:05 - 2012-05-23 07:25 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:31 - 2011-10-30 12:38 - 0000000 ____D C:\Users\-----\AppData\Roaming\SPlayer
2012-05-23 05:59 - 2012-05-23 05:59 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 05:59 - 2012-05-23 05:59 - 0215606 ____A C:\Windows\ntbtlog.txt
2012-05-23 05:55 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:54 - 2012-02-01 10:19 - 0000000 ____D C:\Users\-----\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 05:50 - 2012-05-23 05:50 - 0109216 ____A C:\Users\-----\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-23 04:58 - 2011-10-29 07:21 - 0000000 ___RD C:\Users\-----\Desktop\Clnr
2012-05-23 03:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\-----\defogger_reenable
2012-05-23 02:20 - 2011-10-29 05:58 - 0000000 ____D C:\users\-----
2012-05-22 12:18 - 2011-12-17 09:16 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skype
2012-05-22 08:11 - 2012-01-14 11:03 - 0000000 ____D C:\Users\-----\AppData\Roaming\Mozilla
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:26 - 2011-10-29 07:48 - 2755072 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-05-22 05:26 - 2009-07-13 15:40 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-05-22 05:26 - 2009-07-13 15:39 - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\-----\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-22 04:12 - 2011-12-06 09:56 - 0013824 ____A C:\Users\-----\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-21 03:12 - 2011-10-29 06:03 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-20 10:27 - 2012-03-23 08:36 - 0000000 ___RD C:\Users\-----\Desktop\Misc
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\-----\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Language
2012-05-14 02:50 - 2011-10-29 10:04 - 0000000 ____D C:\Program Files\IrfanView
2012-05-11 04:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-10 12:44 - 2009-07-13 23:20 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 22:54 - 2012-04-17 08:54 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-09 22:54 - 2011-10-29 10:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-07 04:00 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-05-07 03:30 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-07 00:35 - 2012-01-20 09:08 - 0000000 ____D C:\Users\-----\AppData\Roaming\FileZilla
2012-05-05 06:44 - 2011-10-29 05:58 - 3145728 ____A C:\Users\-----\NTUSER.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 44826624 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 14155776 ____A C:\Windows\System32\config\SYSTEM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0061440 ____A C:\Windows\System32\config\SAM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-05-05 06:40 - 2011-10-29 14:38 - 0035840 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-05-05 05:06 - 2011-12-30 07:40 - 0007605 ____A C:\Users\-----\AppData\Local\Resmon.ResmonCfg
2012-05-05 04:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Resources
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 04:35 - 2012-01-29 11:08 - 0000000 ____D C:\Program Files\Common Files\SYSTEM
2012-05-05 04:35 - 2012-01-29 11:07 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\-----\Documents\My Data Sources
2012-05-03 15:38 - 2012-05-03 10:50 - 0002038 ___AH C:\Users\-----\Documents\Default.rdp
2012-05-03 08:38 - 2011-10-29 09:53 - 0000000 ____D C:\Program Files\SRWare Iron
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-05-01 10:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\SchCache
2012-05-01 09:51 - 2011-10-29 12:31 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:37 - 2011-11-26 15:10 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-30 13:37 - 2011-11-26 15:09 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-30 13:37 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-30 03:45 - 2009-07-13 20:53 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 09:09 - 2012-04-28 09:06 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\-----\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\-----\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:47 - 2012-04-28 07:41 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:47 - 2012-04-28 07:41 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:43 - 2012-04-28 07:41 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2012-04-01 11:28 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2012-04-28 07:41 - 2011-11-11 10:57 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie
2012-04-26 03:57 - 2012-01-13 16:22 - 0000000 ____D C:\Users\-----\AppData\Roaming\Bitcoin
2012-04-25 06:48 - 2011-10-29 07:24 - 0000000 ____D C:\Program Files\CCleaner
2012-04-19 06:32 - 2012-04-19 06:32 - 0000000 ____D C:\Users\-----\AppData\Local\Apps\2.0
2012-04-18 12:52 - 2012-04-18 12:52 - 0708132 ____A C:\Windows\System32\config\aswrc1334782341.rcr
2012-04-18 10:25 - 2012-01-04 15:51 - 0000000 ____D C:\Program Files\WinPcap
2012-04-18 02:23 - 2009-07-13 18:04 - 0002577 ____A C:\Windows\System32\config.nt
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Users\All Users\Alwil Software
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Program Files\Alwil Software
2012-04-14 03:45 - 2012-04-14 03:45 - 0000641 ____A C:\Users\-----\Desktop\Dwnlds.lnk
2012-04-12 07:02 - 2009-07-13 18:03 - 12582912 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-04-11 10:10 - 2012-04-11 10:08 - 0000000 ____D C:\Users\-----\Documents\Command and Conquer Generals Data
2012-04-09 04:40 - 2012-04-09 02:28 - 0000000 ____D C:\Program Files\DVDFab 8 Qt
2012-04-09 04:30 - 2012-04-09 04:30 - 0000000 ____D C:\Users\All Users\vsosdk
2012-04-09 02:33 - 2012-04-09 02:33 - 0000000 ____D C:\Users\All Users\dvdfab
2012-04-09 02:32 - 2012-04-09 02:28 - 0000000 ____D C:\Users\-----\Documents\DVDFab
2012-04-08 08:35 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2012-04-04 10:51 - 2012-04-04 10:51 - 0000000 ____D C:\Users\-----\New folder
2012-04-04 06:20 - 2012-04-04 06:20 - 0000000 ____D C:\Users\-----\AppData\Roaming\MozillaControl
2012-04-04 05:56 - 2011-10-29 12:31 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 06:29 - 2012-04-01 11:40 - 0000000 ____D C:\Users\-----\Documents\Command and Conquer Generals Zero Hour Data
2012-04-02 03:41 - 2012-04-01 11:38 - 0000000 ___RD C:\Users\-----\Desktop\Gms
2012-04-01 11:37 - 2012-04-01 11:31 - 0000977 ____A C:\Windows\eReg.dat
2012-04-01 11:18 - 2012-04-01 11:18 - 0000632 ____A C:\Users\-----\Desktop\Ntwrk.lnk
2012-03-30 20:39 - 2012-05-10 12:37 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 12:37 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 12:37 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:38 - 2012-03-22 07:25 - 0000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-03-30 02:23 - 2012-05-10 12:37 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 08:01 - 2012-03-29 08:01 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-28 10:06 - 2011-10-29 14:02 - 0000000 ____D C:\Users\-----\AppData\Local\IM
2012-03-27 06:32 - 2012-03-27 06:28 - 0000000 ____D C:\Users\-----\AppData\Roaming\WordToPDF
2012-03-27 06:31 - 2012-03-27 06:31 - 0000000 ____D C:\Program Files\gs
2012-03-27 06:28 - 2012-03-27 06:28 - 0000000 ____D C:\Program Files\WordToPDF
2012-03-27 05:21 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Java
2012-03-27 04:58 - 2012-02-06 17:43 - 0000000 ____D C:\Windows\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0224136 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Users\All Users\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Common Files\Java
2012-03-27 04:54 - 2012-02-06 06:09 - 0637848 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-03-27 04:54 - 2012-02-06 06:09 - 0567696 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-24 03:40 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.EXE
2012-03-24 03:16 - 2012-03-24 03:16 - 0000000 ____D C:\Windows\PixArt
2012-03-24 03:16 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-03-24 02:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\system
2012-03-22 12:03 - 2011-10-30 08:56 - 0000000 ____D C:\Program Files\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----d\Documents\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----\Documents\My NPS Files
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----\AppData\Roaming\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\All Users\Samsung
2012-03-22 12:01 - 2012-03-22 12:01 - 0000000 ____D C:\Program Files\MarkAny
2012-03-22 11:23 - 2012-03-22 11:23 - 0000000 ____D C:\Users\-----\AppData\Local\Downloaded Installations
2012-03-22 10:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-03-22 07:53 - 2012-03-22 07:53 - 0000000 ____D C:\Users\-----\Documents\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:44 - 0000000 ____D C:\Users\-----\AppData\Roaming\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Roaming\Nokia
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Roaming\PC Suite
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Local\NokiaAccount
2012-03-22 07:32 - 2012-03-22 07:29 - 0000000 ____D C:\Users\All Users\PC Suite
2012-03-22 07:29 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Local\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Users\All Users\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Program Files\Common Files\Nokia
2012-03-22 07:28 - 2012-03-22 07:25 - 0000000 ____D C:\Program Files\Nokia
2012-03-22 07:26 - 2012-03-22 07:26 - 0000000 ____D C:\Program Files\PC Connectivity Solution
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\-----\Documents\Bluetooth Exchange Folder
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\-----\Bluetooth Software
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-MX
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-AR
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Program Files\WIDCOMM
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-18 12:11 - 2012-03-18 12:11 - 0000000 ____D C:\Program Files\PantsOff
2012-03-17 03:14 - 2012-03-17 03:14 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-03-17 02:13 - 2011-10-29 14:02 - 0000000 ____D C:\Users\All Users\IM
2012-03-16 23:27 - 2012-05-10 12:36 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-11 02:49 - 2012-03-07 11:44 - 0000000 ____D C:\Users\-----\AppData\Roaming\Notepad++
2012-03-07 13:10 - 2012-02-28 11:30 - 0000000 ____D C:\Users\-----\AppData\Roaming\TeamViewer
2012-03-07 12:40 - 2012-03-07 12:40 - 1010720 ___RS (Microsoft Corporation) C:\Windows\System32\MSCHRT20.OCX
2012-03-07 12:40 - 2012-03-07 12:40 - 0000000 ____D C:\Program Files\Technitium
2012-03-07 11:04 - 2012-03-07 11:04 - 0002252 ____R C:\Windows\RouterControl_Uninstall.in
2012-03-04 15:33 - 2012-03-04 15:33 - 1123304 ____A C:\Windows\System32\config\aswrc1330904033.rcr
2012-03-02 21:31 - 2012-05-10 12:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-29 21:46 - 2012-04-12 06:39 - 0019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:37 - 2012-04-12 06:39 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:33 - 2012-04-12 06:39 - 0159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 06:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 5892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2301248 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 10819392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 15:59 - 2011-11-26 15:10 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 0008772 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 15:59 - 2009-06-10 13:19 - 15009600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-02-29 12:56 - 2011-11-26 15:10 - 3881792 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 12:55 - 2011-11-26 15:10 - 2719040 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:53 - 2011-11-26 15:10 - 0108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-28 11:28 - 2012-02-28 11:28 - 0000000 ____D C:\Program Files\TeamViewer
2012-02-27 23:40 - 2012-02-27 23:40 - 0000000 ____D C:\Program Files\Notepad++
2012-02-27 17:52 - 2012-04-12 06:42 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-04-12 06:42 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-04-12 06:42 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-04-12 06:42 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-04-12 06:42 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 06:42 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-04-12 06:42 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-04-12 06:42 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 06:42 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-04-12 06:42 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-04-12 06:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 06:42 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 06:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-10-29 06:48] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) C159B521C73AA1E786DE7CE8DB0FCDF2

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ====================== 

Percentage of memory in use: 17%
Total physical RAM: 2559.56 MB
Available physical RAM: 2122.49 MB
Total Pagefile: 2555.77 MB
Available Pagefile: 2128.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.56 MB

======================= Partitions =========================

1 Drive c: (Main) (Fixed) (Total:55.91 GB) (Free:35.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:37.26 GB) (Free:14.66 GB) NTFS
3 Drive e: (Dwnlds) (Fixed) (Total:55.9 GB) (Free:39.87 GB) NTFS
4 Drive f: (GRMCULFRER_EN_DVD) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF
6 Drive h: (AVAST) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          111 GB     9 MB         
  Disk 1    Online           37 GB     9 MB         
  Disk 2    Online         3839 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             55 GB    31 KB
  Partition 0    Extended            55 GB    55 GB
  Partition 2    Logical             55 GB    55 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   Main         NTFS   Partition     55 GB  Healthy            

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   Dwnlds       NTFS   Partition     55 GB  Healthy            

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             37 GB    31 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     D   Data         NTFS   Partition     37 GB  Healthy            

======================================================================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           3839 MB      0 B

======================================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-19 00:24

======================= End Of Log ==========================
         

Alt 24.05.2012, 09:29   #10
Psychotic
/// Malwareteam
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



Schritt 1: Fix mit FRST


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
3 FMDY; C:\Users\-----\AppData\Local\Temp\FMDY.exe [564096 2012-05-23] (Sysinternals - www.sysinternals.com)
3 RJA; C:\Users\-----\AppData\Local\Temp\RJA.exe [539520 2012-05-23] (Sysinternals - www.sysinternals.com)
3 ZSJXDG; C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe [568192 2012-05-23] (Sysinternals - www.sysinternals.com)

C:\Users\-----\AppData\Local\Temp\FMDY.exe
C:\Users\-----\AppData\Local\Temp\RJA.exe
C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Schritt 2: Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 24.05.2012, 11:55   #11
ThimoS.
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



Frst: (benutzer vorher reineditiert)

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 2012-05-24 10:50:41 Run:2
Running from H:\

==============================================

FMDY service not found.
RJA service not found.
ZSJXDG service not found.
C:\Users\---\AppData\Local\Temp\FMDY.exe not found.
C:\Users\---\AppData\Local\Temp\RJA.exe not found.
C:\Users\---\AppData\Local\Temp\ZSJXDG.exe not found.

==== End of Fixlog ====
         

Combofix:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-23.06 - --- 24/05/2012  11:07:21.3.1 - x86
Running from: e:\dwnlds\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-24 to 2012-05-24  )))))))))))))))))))))))))))))))
.
.
2012-05-24 09:34 . 2012-05-24 09:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-24 08:53 . 2012-05-24 08:53	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-24 06:32 . 2012-05-24 06:34	--------	d-----w-	C:\FRST
2012-05-24 02:34 . 2012-05-24 02:34	--------	d-----w-	C:\Boot
2012-05-23 20:48 . 2012-05-24 09:34	--------	d-----w-	c:\users\---\AppData\Local\Temp
2012-05-23 13:54 . 2012-05-23 13:55	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12	--------	d-----w-	c:\users\---\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04	--------	d-----w-	c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21	--------	d-----w-	c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12	--------	d-----w-	c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03	--------	d-----w-	c:\users\---\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58	--------	d-----w-	c:\users\---\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58	--------	d-----w-	c:\users\---\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58	--------	d-----w-	c:\users\---\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29	989184	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50	--------	d-sh--w-	c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59	881984	----a-w-	c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59	19444544	----a-w-	c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59	1000256	----a-w-	c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09	--------	d-----w-	c:\users\---\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09	--------	d-----w-	c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44	--------	d-----w-	c:\users\---\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36	--------	d-----w-	c:\users\---\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35	--------	d-----w-	c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35	--------	d-----w-	c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00	59904	----a-w-	c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00	102160	----a-w-	c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47	--------	d-----w-	c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43	16384	----a-w-	c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00	115016	----a-w-	c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18	77824	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18	225280	------w-	c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14	176128	------w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13	32768	------w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35	614532	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32	--------	d-----w-	c:\program files\DVD Genie
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 13:26 . 2009-07-13 23:40	249856	----a-w-	c:\windows\system32\uxtheme.dll
2012-05-22 13:26 . 2011-10-29 15:48	2755072	----a-w-	c:\windows\system32\themeui.dll
2012-05-22 13:26 . 2009-07-13 23:39	37376	----a-w-	c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40	60416	----a-w-	c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09	637848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09	567696	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40	60416	----a-w-	c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40	1010720	--s---r-	c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10	61248	----a-w-	c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10	5892928	----a-w-	c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10	2517312	----a-w-	c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10	2437440	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10	2301248	----a-w-	c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10	17543488	----a-w-	c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10	10819392	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19	15009600	----a-w-	c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10	3881792	----a-w-	c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10	2719040	----a-w-	c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10	108352	----a-w-	c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10	645440	----a-w-	c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10	62272	----a-w-	c:\windows\system32\nvshext.dll
2012-02-28 01:18 . 2012-04-12 14:42	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:42	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:42	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:42	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C159B521C73AA1E786DE7CE8DB0FCDF2 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14	152160	----a-w-	c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2010-09-07 2838912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\---\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-24  11:40:16
ComboFix-quarantined-files.txt  2012-05-24 09:40
.
Pre-Run: 38,439,657,472 bytes free
Post-Run: 38,372,478,976 bytes free
.
- - End Of File - - 90DB237722C117C74BE62CCCB856109D
         
--- --- ---



vieleicht sollte ich erwaehnen, das ich nach dem kaspersky tdss-killer amateurhafterweise noch das avast antiroot (aswar) hab laufen lassen, es wurden 7 eintraege gefunden und gefixed, log hab ich nicht, die namen hatten aber alle so avast aehnliche nahmen.

der desktop laesst sich auch wieder so einstellen wie gewuenscht, die explorer ansicht kann ich nach dem einsatz von glary registry repair wieder speichern.

ich nutze auch uniblue speed up my pc, das tool startet aber selbst nach einer Neuinstallation nicht mehr, es wird also die registry verpfuscht sein.

Alt 24.05.2012, 11:59   #12
Psychotic
/// Malwareteam
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



Warum tust du Dinge, ohne sie mir zu erzählen, obwohl ich ausdrücklich davon abgeraten hatte?

Du hast aswMBR ausgeführt und auf Fix geklickt? Sportlich, denn damit kannst du das System ggf. unbootbar machen! Das Tool hat eine logdatei erstellt, bitte poste die hier.

Erstelle außerdem ein neues FRST-Log, das brauche ich ebenfalls!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 24.05.2012, 12:00   #13
ThimoS.
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



nicht aswMBR sondern aswar.exe www . avast . de/produkte/freeware/avast-antirootkit-tool . html

das logfile von dem avast tool ist nicht mehr da, das wichtigste log, ja war amateurhaft.

frst:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 24-05-2012 12:10:45
Running from H:\
Windows 7 Enterprise   (X86) OS Language: English(US) 
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKU\---\...\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2838912 2010-09-07] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
Tcpip\..\Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: [NameServer]208.67.222.222,208.67.220.220

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [119200 2010-09-07] (AVAST Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [238952 2010-07-04] (Teruten)
3 HDDlife HDD Access service; "C:\Program Files\Common Files\BinarySense\hldasvc.exe" [845640 2012-03-05] (BinarySense, Inc.)
3 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
3 PDAgent; "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" [939272 2010-01-26] (Raxco Software, Inc.)
3 PDEngine; "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" [1033480 2010-01-26] (Raxco Software, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-02-05] (TeamViewer GmbH)
3 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [1483072 2010-10-27] (TuneUp Software)
3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29504 2010-10-27] (TuneUp Software)
3 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2010-02-24] (H+H Software GmbH)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-09-07] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [99792 2010-09-07] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [50768 2010-09-07] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [190416 2010-09-07] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-09-07] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [340048 2010-09-07] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165584 2010-09-07] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-09-07] (AVAST Software)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [73232 2009-08-20] (Raxco Software, Inc.)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [18432 2008-11-06] (H+H Software GmbH)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-11-01] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-11-01] (Nokia)
3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-11] (Logitech Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-11-11] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2011-11-01] (Nokia)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 aswArKrn; \??\C:\Users\---\AppData\Local\Temp\aswArKrn.sys [x]
3 catchme; \??\C:\Users\---\AppData\Local\Temp\catchme.sys [x]
3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [x]
3 LMImirr; C:\Windows\System32\DRIVERS\LMImirr.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: UxTuneUp

============ One Month Created Files and Folders ==============

2012-05-24 01:40 - 2012-05-24 01:44 - 0014661 ____A C:\ComboFix.txt
2012-05-24 01:37 - 2012-05-24 01:37 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-24 00:57 - 2012-05-24 01:40 - 0000000 ____D C:\ComboFix
2012-05-23 22:32 - 2012-05-24 12:11 - 0000000 ____D C:\FRST
2012-05-23 21:48 - 2012-05-24 01:42 - 0000894 ____A C:\Windows\PFRO.log
2012-05-23 21:48 - 2012-05-24 01:42 - 0000280 ____A C:\Windows\setupact.log
2012-05-23 21:48 - 2012-05-23 21:49 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 21:48 - 2012-05-23 21:48 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 08:38 - 2012-05-24 01:40 - 0000000 ____D C:\Qoobox
2012-05-23 08:05 - 2012-05-24 02:07 - 0101988 ____A C:\Windows\WindowsUpdate.log
2012-05-23 07:25 - 2012-05-23 08:05 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:25 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-23 07:25 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-23 07:25 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-23 05:54 - 2012-05-23 05:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\---\defogger_reenable
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\---\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\---\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Language
2012-05-10 12:37 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 12:37 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 12:37 - 2012-03-30 18:36 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 12:37 - 2012-03-30 02:23 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 12:36 - 2012-03-16 23:27 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 12:36 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\---\Documents\My Data Sources
2012-05-03 10:50 - 2012-05-03 15:38 - 0002038 ___AH C:\Users\---\Documents\Default.rdp
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:36 - 2012-02-29 15:59 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\---\AppData\Roaming\HD Tune Pro
2012-04-28 09:06 - 2012-04-28 09:09 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\---\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\---\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:41 - 2012-04-28 07:47 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:41 - 2012-04-28 07:47 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:41 - 2012-04-28 07:43 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2001-08-29 11:00 - 0059904 ____A (Microsoft Corporation) C:\Windows\System32\wbemdisp.tlb
2012-04-28 07:41 - 1998-07-21 14:00 - 0102160 ____A (Microsoft Corporation) C:\Windows\System32\VB6KO.DLL
2012-04-28 07:41 - 1998-06-23 14:00 - 0115016 ____A (Microsoft Corporation) C:\Windows\System32\MSINET.OCX
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie

============ 3 Months Modified Files and Folders ===============

2012-05-24 12:11 - 2012-05-23 22:32 - 0000000 ____D C:\FRST
2012-05-24 12:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-24 02:07 - 2012-05-23 08:05 - 0101988 ____A C:\Windows\WindowsUpdate.log
2012-05-24 01:44 - 2012-05-24 01:40 - 0014661 ____A C:\ComboFix.txt
2012-05-24 01:42 - 2012-05-23 21:48 - 0000894 ____A C:\Windows\PFRO.log
2012-05-24 01:42 - 2012-05-23 21:48 - 0000280 ____A C:\Windows\setupact.log
2012-05-24 01:42 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-24 01:40 - 2012-05-24 00:57 - 0000000 ____D C:\ComboFix
2012-05-24 01:40 - 2012-05-23 08:38 - 0000000 ____D C:\Qoobox
2012-05-24 01:37 - 2012-05-24 01:37 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-24 01:34 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-05-23 21:49 - 2012-05-23 21:48 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 21:48 - 2012-05-23 21:48 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 14:13 - 2011-10-30 12:38 - 0000000 ____D C:\Users\---\AppData\Roaming\SPlayer
2012-05-23 12:03 - 2011-10-29 10:11 - 0000107 ____A C:\Windows\System32\_WKERNEL.SYL
2012-05-23 09:25 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-05-23 09:17 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:05 - 2012-05-23 07:25 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 05:55 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:54 - 2012-02-01 10:19 - 0000000 ____D C:\Users\---\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 04:58 - 2011-10-29 07:21 - 0000000 ___RD C:\Users\---\Desktop\Clnr
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\---\defogger_reenable
2012-05-23 02:20 - 2011-10-29 05:58 - 0000000 ____D C:\users\---
2012-05-22 12:18 - 2011-12-17 09:16 - 0000000 ____D C:\Users\---\AppData\Roaming\Skype
2012-05-22 08:11 - 2012-01-14 11:03 - 0000000 ____D C:\Users\---\AppData\Roaming\Mozilla
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:26 - 2011-10-29 07:48 - 2755072 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-05-22 05:26 - 2009-07-13 15:40 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-05-22 05:26 - 2009-07-13 15:39 - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\---\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-22 04:12 - 2011-12-06 09:56 - 0013824 ____A C:\Users\---\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-21 03:12 - 2011-10-29 06:03 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-20 10:27 - 2012-03-23 08:36 - 0000000 ___RD C:\Users\---\Desktop\Misc
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\---\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Language
2012-05-14 02:50 - 2011-10-29 10:04 - 0000000 ____D C:\Program Files\IrfanView
2012-05-11 04:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-10 12:44 - 2009-07-13 23:20 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 22:54 - 2012-04-17 08:54 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-09 22:54 - 2011-10-29 10:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-07 04:00 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-05-07 03:30 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-07 00:35 - 2012-01-20 09:08 - 0000000 ____D C:\Users\---\AppData\Roaming\FileZilla
2012-05-05 06:44 - 2011-10-29 05:58 - 3145728 ____A C:\Users\---\NTUSER.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 44826624 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 14155776 ____A C:\Windows\System32\config\SYSTEM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0061440 ____A C:\Windows\System32\config\SAM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-05-05 06:40 - 2011-10-29 14:38 - 0035840 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-05-05 05:06 - 2011-12-30 07:40 - 0007605 ____A C:\Users\---\AppData\Local\Resmon.ResmonCfg
2012-05-05 04:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Resources
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 04:35 - 2012-01-29 11:08 - 0000000 ____D C:\Program Files\Common Files\SYSTEM
2012-05-05 04:35 - 2012-01-29 11:07 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\---\Documents\My Data Sources
2012-05-03 15:38 - 2012-05-03 10:50 - 0002038 ___AH C:\Users\---\Documents\Default.rdp
2012-05-03 08:38 - 2011-10-29 09:53 - 0000000 ____D C:\Program Files\SRWare Iron
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-05-01 10:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\SchCache
2012-05-01 09:51 - 2011-10-29 12:31 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:37 - 2011-11-26 15:10 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-30 13:37 - 2011-11-26 15:09 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-30 13:37 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-30 03:45 - 2009-07-13 20:53 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\---\AppData\Roaming\HD Tune Pro
2012-04-28 09:09 - 2012-04-28 09:06 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\---\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\---\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:47 - 2012-04-28 07:41 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:47 - 2012-04-28 07:41 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:43 - 2012-04-28 07:41 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2012-04-01 11:28 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2012-04-28 07:41 - 2011-11-11 10:57 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie
2012-04-26 03:57 - 2012-01-13 16:22 - 0000000 ____D C:\Users\---\AppData\Roaming\Bitcoin
2012-04-25 06:48 - 2011-10-29 07:24 - 0000000 ____D C:\Program Files\CCleaner
2012-04-19 06:32 - 2012-04-19 06:32 - 0000000 ____D C:\Users\---\AppData\Local\Apps\2.0
2012-04-18 12:52 - 2012-04-18 12:52 - 0708132 ____A C:\Windows\System32\config\aswrc1334782341.rcr
2012-04-18 10:25 - 2012-01-04 15:51 - 0000000 ____D C:\Program Files\WinPcap
2012-04-18 02:23 - 2009-07-13 18:04 - 0002577 ____A C:\Windows\System32\config.nt
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Users\All Users\Alwil Software
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Program Files\Alwil Software
2012-04-14 03:45 - 2012-04-14 03:45 - 0000641 ____A C:\Users\---\Desktop\Dwnlds.lnk
2012-04-12 07:02 - 2009-07-13 18:03 - 12582912 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-04-11 10:10 - 2012-04-11 10:08 - 0000000 ____D C:\Users\---\Documents\Command and Conquer Generals Data
2012-04-09 04:40 - 2012-04-09 02:28 - 0000000 ____D C:\Program Files\DVDFab 8 Qt
2012-04-09 04:30 - 2012-04-09 04:30 - 0000000 ____D C:\Users\All Users\vsosdk
2012-04-09 02:33 - 2012-04-09 02:33 - 0000000 ____D C:\Users\All Users\dvdfab
2012-04-09 02:32 - 2012-04-09 02:28 - 0000000 ____D C:\Users\---\Documents\DVDFab
2012-04-08 08:35 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2012-04-04 10:51 - 2012-04-04 10:51 - 0000000 ____D C:\Users\---\New folder
2012-04-04 06:20 - 2012-04-04 06:20 - 0000000 ____D C:\Users\---\AppData\Roaming\MozillaControl
2012-04-04 05:56 - 2011-10-29 12:31 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 06:29 - 2012-04-01 11:40 - 0000000 ____D C:\Users\---\Documents\Command and Conquer Generals Zero Hour Data
2012-04-02 03:41 - 2012-04-01 11:38 - 0000000 ___RD C:\Users\---\Desktop\Gms
2012-04-01 11:37 - 2012-04-01 11:31 - 0000977 ____A C:\Windows\eReg.dat
2012-04-01 11:18 - 2012-04-01 11:18 - 0000632 ____A C:\Users\---\Desktop\Ntwrk.lnk
2012-03-30 20:39 - 2012-05-10 12:37 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 12:37 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 12:37 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:38 - 2012-03-22 07:25 - 0000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-03-30 02:23 - 2012-05-10 12:37 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 08:01 - 2012-03-29 08:01 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-28 10:06 - 2011-10-29 14:02 - 0000000 ____D C:\Users\---\AppData\Local\IM
2012-03-27 06:32 - 2012-03-27 06:28 - 0000000 ____D C:\Users\---\AppData\Roaming\WordToPDF
2012-03-27 06:31 - 2012-03-27 06:31 - 0000000 ____D C:\Program Files\gs
2012-03-27 06:28 - 2012-03-27 06:28 - 0000000 ____D C:\Program Files\WordToPDF
2012-03-27 05:21 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Java
2012-03-27 04:58 - 2012-02-06 17:43 - 0000000 ____D C:\Windows\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0224136 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Users\All Users\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Common Files\Java
2012-03-27 04:54 - 2012-02-06 06:09 - 0637848 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-03-27 04:54 - 2012-02-06 06:09 - 0567696 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-24 03:40 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.EXE
2012-03-24 03:16 - 2012-03-24 03:16 - 0000000 ____D C:\Windows\PixArt
2012-03-24 03:16 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-03-24 02:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\system
2012-03-22 12:03 - 2011-10-30 08:56 - 0000000 ____D C:\Program Files\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\Documents\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\Documents\My NPS Files
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\AppData\Roaming\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\All Users\Samsung
2012-03-22 12:01 - 2012-03-22 12:01 - 0000000 ____D C:\Program Files\MarkAny
2012-03-22 11:23 - 2012-03-22 11:23 - 0000000 ____D C:\Users\---\AppData\Local\Downloaded Installations
2012-03-22 10:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-03-22 07:53 - 2012-03-22 07:53 - 0000000 ____D C:\Users\---\Documents\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:44 - 0000000 ____D C:\Users\---\AppData\Roaming\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Roaming\Nokia
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Roaming\PC Suite
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Local\NokiaAccount
2012-03-22 07:32 - 2012-03-22 07:29 - 0000000 ____D C:\Users\All Users\PC Suite
2012-03-22 07:29 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Local\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Users\All Users\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Program Files\Common Files\Nokia
2012-03-22 07:28 - 2012-03-22 07:25 - 0000000 ____D C:\Program Files\Nokia
2012-03-22 07:26 - 2012-03-22 07:26 - 0000000 ____D C:\Program Files\PC Connectivity Solution
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\---\Documents\Bluetooth Exchange Folder
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\---\Bluetooth Software
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-MX
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-AR
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Program Files\WIDCOMM
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-18 12:11 - 2012-03-18 12:11 - 0000000 ____D C:\Program Files\PantsOff
2012-03-17 03:14 - 2012-03-17 03:14 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-03-17 02:13 - 2011-10-29 14:02 - 0000000 ____D C:\Users\All Users\IM
2012-03-16 23:27 - 2012-05-10 12:36 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-11 02:49 - 2012-03-07 11:44 - 0000000 ____D C:\Users\---\AppData\Roaming\Notepad++
2012-03-07 13:10 - 2012-02-28 11:30 - 0000000 ____D C:\Users\---\AppData\Roaming\TeamViewer
2012-03-07 12:40 - 2012-03-07 12:40 - 1010720 ___RS (Microsoft Corporation) C:\Windows\System32\MSCHRT20.OCX
2012-03-07 12:40 - 2012-03-07 12:40 - 0000000 ____D C:\Program Files\Technitium
2012-03-07 11:04 - 2012-03-07 11:04 - 0002252 ____R C:\Windows\RouterControl_Uninstall.in
2012-03-04 15:33 - 2012-03-04 15:33 - 1123304 ____A C:\Windows\System32\config\aswrc1330904033.rcr
2012-03-02 21:31 - 2012-05-10 12:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-29 21:46 - 2012-04-12 06:39 - 0019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:37 - 2012-04-12 06:39 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:33 - 2012-04-12 06:39 - 0159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 06:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 5892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2301248 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 10819392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 15:59 - 2011-11-26 15:10 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 0008772 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 15:59 - 2009-06-10 13:19 - 15009600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-02-29 12:56 - 2011-11-26 15:10 - 3881792 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 12:55 - 2011-11-26 15:10 - 2719040 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:53 - 2011-11-26 15:10 - 0108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-28 11:28 - 2012-02-28 11:28 - 0000000 ____D C:\Program Files\TeamViewer
2012-02-27 23:40 - 2012-02-27 23:40 - 0000000 ____D C:\Program Files\Notepad++
2012-02-27 17:52 - 2012-04-12 06:42 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-04-12 06:42 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-04-12 06:42 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-04-12 06:42 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-04-12 06:42 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 06:42 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-04-12 06:42 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-04-12 06:42 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 06:42 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-04-12 06:42 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-04-12 06:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 06:42 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 06:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-10-29 06:48] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) C159B521C73AA1E786DE7CE8DB0FCDF2

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ====================== 

Percentage of memory in use: 17%
Total physical RAM: 2559.56 MB
Available physical RAM: 2120.11 MB
Total Pagefile: 2555.77 MB
Available Pagefile: 2125.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.48 MB

======================= Partitions =========================

1 Drive c: (Main) (Fixed) (Total:55.91 GB) (Free:35.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:37.26 GB) (Free:14.66 GB) NTFS
3 Drive e: (Dwnlds) (Fixed) (Total:55.9 GB) (Free:39.88 GB) NTFS
4 Drive f: (GRMCULFRER_EN_DVD) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF
6 Drive h: (AVAST) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          111 GB     9 MB         
  Disk 1    Online           37 GB     9 MB         
  Disk 2    Online         3839 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             55 GB    31 KB
  Partition 0    Extended            55 GB    55 GB
  Partition 2    Logical             55 GB    55 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   Main         NTFS   Partition     55 GB  Healthy            

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   Dwnlds       NTFS   Partition     55 GB  Healthy            

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             37 GB    31 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     D   Data         NTFS   Partition     37 GB  Healthy            

======================================================================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           3839 MB      0 B

======================================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-19 00:24

======================= End Of Log ==========================
         

aswer:

Code:
ATTFilter
avast! Antirootkit, version 0.9.6
Scan started: 24 May 2012 12:23:41

File C:\Qoobox\BackEnv\AppData.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Cache.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Cookies.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Desktop.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Favorites.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\History.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\LocalAppData.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\LocalSettings.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Music.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\NetHood.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Personal.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Pictures.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\PrintHood.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Profiles.Folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Profiles.Folder.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Programs.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Recent.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\SendTo.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\SetPath.bat  **HIDDEN**
File C:\Qoobox\BackEnv\StartMenu.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\StartUp.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\SysPath.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Templates.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\VikPev00  **HIDDEN**

Scan finished: 24 May 2012 12:30:11
Hidden files found: 24
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------
         

Geändert von ThimoS. (24.05.2012 um 12:53 Uhr)

Alt 24.05.2012, 14:35   #14
Psychotic
/// Malwareteam
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



Hm...ich muss da mal Rücksprache halten, da scheint mehr im Argen zu liegen.
standby!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 24.05.2012, 16:13   #15
ThimoS.
 
Registrierungsreparatur nach Trojanerbefall - Standard

Registrierungsreparatur nach Trojanerbefall



vielen lieben dank fuer deine bemuehungen, das system laeuft eigentlich einwandfrei, diese "C:\Qoobox" eintraege kommen von dem combofix tool.
das avast antiroot tool hatte 7 eintraege gefunden, die namen waren alle so avastaehnliche "avas5" irgendwie so, weis es nicht mehr.

wie ich auch scanne, egal mit avast bart, malwarebytes, oder SUPERAntiSpyware im abgesicherten modus, bei deaktivierter auslagerungsdatei, es wird nichts gefunden.

das einzigste problem was jetzt noch ist, ich kann uniblue speed up my pc nicht mehr starten, auch nicht nach neuinstallation, es tut sich erst was, danach brichts ab ohne fehlermeldung.

ich vermute eine verpfuschte registry.

Antwort

Themen zu Registrierungsreparatur nach Trojanerbefall
00000008.@, ansicht, appdata, aufrufe, aufrufen, avast, code, einstellung, embedded, explorer, folge, folgende, frage, fragen, gespeichert, interne, internet, manuell, neustart, platte, problem, registry, roaming, schädlinge, speichern, standard, windos7, windows, ändern



Ähnliche Themen: Registrierungsreparatur nach Trojanerbefall


  1. Recovery nach Trojanerbefall
    Mülltonne - 20.01.2013 (1)
  2. BSOD nach Trojanerbefall bei Windows7
    Log-Analyse und Auswertung - 27.09.2012 (1)
  3. Entschlüsseln nach Trojanerbefall
    Log-Analyse und Auswertung - 17.06.2012 (4)
  4. Systemprobleme nach Trojanerbefall
    Plagegeister aller Art und deren Bekämpfung - 12.04.2011 (25)
  5. Nach Trojanerbefall
    Log-Analyse und Auswertung - 08.08.2010 (23)
  6. logs nach trojanerbefall
    Log-Analyse und Auswertung - 29.04.2010 (1)
  7. Sicherheitsbestätigung nach Trojanerbefall
    Log-Analyse und Auswertung - 29.12.2008 (0)
  8. Probleme nach Trojanerbefall
    Mülltonne - 21.12.2008 (0)
  9. Verdacht auf Trojanerbefall nach Malwarebytes Log
    Mülltonne - 09.12.2008 (3)
  10. System bereinigt nach Trojanerbefall
    Mülltonne - 02.12.2008 (1)
  11. Hijack Log nach Trojanerbefall
    Log-Analyse und Auswertung - 01.11.2008 (1)
  12. System neu aufgesetzt nach Trojanerbefall
    Log-Analyse und Auswertung - 07.10.2008 (1)
  13. Hijack this nach Trojanerbefall
    Log-Analyse und Auswertung - 13.03.2008 (1)
  14. Win2000: Initialisierungsfehler nach Trojanerbefall
    Plagegeister aller Art und deren Bekämpfung - 10.07.2007 (5)
  15. Logfile nach Trojanerbefall
    Log-Analyse und Auswertung - 10.07.2007 (3)
  16. Logfile nach Trojanerbefall
    Log-Analyse und Auswertung - 21.05.2005 (7)
  17. Was tun nach Trojanerbefall?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2004 (3)

Zum Thema Registrierungsreparatur nach Trojanerbefall - hy, hatte folgende schädlinge auf der windos7 platte: Code: Alles auswählen Aufklappen ATTFilter C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\U\00000008.@\[Embedded_R#00310]\[UPX] C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\n C:\Windows\assembly\GAC\Desktop.ini C:\Users\-----\AppData\Roaming\3.EXE C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe C:\Windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_99931ad927972550\AppLaunch.exe per avast bart cd entfernt im internet find ich nix jedenfalls - Registrierungsreparatur nach Trojanerbefall...
Archiv
Du betrachtest: Registrierungsreparatur nach Trojanerbefall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.