| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.09.2012, 12:31
| #1 |
| |  Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? Guten Tag! Ich quäle mich jetzt stundenlang mit dieser Rootkit.0Access.64 Malware rum, die einfach net weggehen will, beziehungsweise beim Neustart sofort wieder als Fund gemeldet wird. Mein Virenscanner ist Avira Free Antivirus. Dazu habe ich mir vorhin Malwarebytes Anti-Malware Programm geladen. Ich hatte zunächst das Problem, dass ich weder die Windows Firewall noch die Windowsupdates benutzen konnte. Ich habe Bezüglich der Fehlermeldung dann via Google folgendes gefunden und angewendet: hxxp://www.winvistaside.de/forum/index.php?showtopic=4282 Die Firewall ist nun aktiv aber die Windowsupdate schlagen immer noch fehl. Daher bin ich nun auf dieses Forum gestoßen und erhoffe mir professionellen Beistand. Ich habe die Schritte im Anleitungsfaden (hoffentlich) richtig befolgt und poste nun die Logs. Malwarebytes Anti-Malware Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.25.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jaffel :: JANFL [Administrator] Schutz: Aktiviert 25.09.2012 12:58:36 mbam-log-2012-09-25 (12-58-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 219966 Laufzeit: 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\U\80000000.@ (Rootkit.0Access.64) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL.Txt Code:
ATTFilter OTL logfile created on: 25.09.2012 13:05:25 - Run 1 OTL by OldTimer - Version 3.2.68.0 Folder = E:\Firefox DL 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 80,52% Memory free 15,82 Gb Paging File | 14,18 Gb Available in Paging File | 89,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 56,23 Gb Free Space | 47,19% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 330,49 Gb Free Space | 35,48% Space Free | Partition Type: NTFS Computer Name: JANFL | User Name: Jaffel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.25 13:00:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Firefox DL\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.08 19:53:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.13 17:26:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.13 17:26:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.08 17:04:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.03.05 19:13:31 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.08.16 16:06:22 | 007,531,304 | ---- | M] () -- C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe PRC - [2011.05.19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe PRC - [2011.02.22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- E:\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2010.12.18 18:56:48 | 000,095,272 | ---- | M] (EnTech Taiwan) -- C:\Windows\SysWOW64\softLCP.exe PRC - [2010.12.18 18:56:34 | 000,291,384 | ---- | M] (EnTech Taiwan) -- C:\Program Files (x86)\softOSD\softOSD.exe PRC - [2009.01.16 20:12:28 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe PRC - [2007.05.07 11:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe PRC - [2007.03.05 19:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 15:56:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll MOD - [2012.06.15 08:18:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.15 08:18:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 08:18:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.15 08:18:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.14 11:01:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 11:01:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.14 11:01:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.14 11:01:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.14 11:01:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.14 11:01:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.08.16 16:06:22 | 007,531,304 | ---- | M] () -- C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe MOD - [2011.05.04 17:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- E:\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- E:\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- E:\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- E:\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- E:\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.20 19:52:50 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ASRock Utility\AXTU\Bin\IccLibDll.DLL MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- E:\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2009.01.16 20:12:28 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe MOD - [2007.03.05 19:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe MOD - [2006.09.13 15:08:00 | 000,491,520 | ---- | M] () -- C:\Windows\system\cmau106.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.24 13:17:09 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.04 11:49:48 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.26 23:40:52 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.13 17:26:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.13 17:26:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.08 17:04:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.17 18:04:00 | 004,390,376 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011.07.04 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS) SRV - [2011.06.14 10:32:04 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe -- (dell_power_nap_service) SRV - [2011.02.22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.18 18:56:34 | 000,291,384 | ---- | M] (EnTech Taiwan) [Auto | Running] -- C:\Program Files (x86)\softOSD\softOSD.exe -- (softOSD) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.25 10:37:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.13 17:26:27 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.13 17:26:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.05 23:01:12 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2012.03.05 19:13:31 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.08 14:07:36 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM) DRV:64bit: - [2011.07.29 05:40:57 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.07.29 05:40:56 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.07.04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2011.04.21 20:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.15 05:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.10.01 20:04:54 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.05.03 18:19:38 | 000,014,032 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\se64a.sys -- (se64a) DRV:64bit: - [2007.04.11 17:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.05.03 18:19:38 | 000,014,032 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\se64a.sys -- (se64a) DRV - [2004.12.31 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 5A 12 13 F4 FA CC 01 [binary data] IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.com/" FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.04 11:49:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.02 16:38:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.04 11:49:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.02 16:38:21 | 000,000,000 | ---D | M] [2012.03.05 19:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jaffel\AppData\Roaming\mozilla\Extensions [2012.09.25 11:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jaffel\AppData\Roaming\mozilla\Firefox\Profiles\ky54ckso.default\extensions [2012.09.25 11:53:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jaffel\AppData\Roaming\mozilla\Firefox\Profiles\ky54ckso.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.07.25 01:22:53 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jaffel\AppData\Roaming\mozilla\firefox\profiles\ky54ckso.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.05 19:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.04 11:49:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.06.07 10:58:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.04 11:49:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.07 10:58:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.07 10:58:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.07 10:58:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.07 10:58:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WinampAgent] E:\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [zASRockInstantBoot] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E996A7F-B327-4670-B4B3-D05A3D5754BE}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3D805DF-D156-45C1-8E7D-1D774658F5C2}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AFA991-1C04-4865-8800-F57C57A5C544}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Programme\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Programme\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk E:\ O33 - MountPoints2\{9136f7dd-06eb-11e2-a144-002522f9b10e}\Shell - "" = AutoRun O33 - MountPoints2\{9136f7dd-06eb-11e2-a144-002522f9b10e}\Shell\AutoRun\command - "" = D:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.25 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\Jaffel\AppData\Roaming\Malwarebytes [2012.09.25 11:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.25 11:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.25 11:55:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.25 11:16:28 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012.09.25 11:15:34 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2012.09.25 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Jaffel\AppData\Local\SKIDROW [2012.09.25 11:00:03 | 000,000,000 | ---D | C] -- C:\Users\Jaffel\Documents\My Games [2012.09.25 10:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012.09.25 10:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.09.25 10:37:38 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.09.25 10:37:35 | 000,000,000 | ---D | C] -- C:\Users\Jaffel\AppData\Roaming\DAEMON Tools Lite [2012.09.25 10:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.09.03 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jaffel\AppData\Roaming\TeamViewer ========== Files - Modified Within 30 Days ========== [2012.09.25 13:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.25 13:02:22 | 2077,061,119 | -HS- | M] () -- C:\hiberfil.sys [2012.09.25 12:59:28 | 000,000,128 | ---- | M] () -- C:\Users\Jaffel\defogger_reenable [2012.09.25 12:39:33 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 12:39:33 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 12:36:43 | 001,471,828 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.25 12:36:43 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.25 12:36:43 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.25 12:36:43 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.25 12:36:43 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.25 12:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.25 11:55:37 | 000,000,625 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.25 11:17:49 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012.09.25 10:53:36 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Borderlands 2.lnk [2012.09.25 10:37:38 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.04 00:10:11 | 000,121,924 | ---- | M] () -- C:\Users\Jaffel\Desktop\uzguzguz.jpg ========== Files Created - No Company Name ========== [2012.09.25 12:59:28 | 000,000,128 | ---- | C] () -- C:\Users\Jaffel\defogger_reenable [2012.09.25 11:55:37 | 000,000,625 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.25 11:17:07 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe [2012.09.25 10:53:36 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Borderlands 2.lnk [2012.09.24 13:22:38 | 000,000,677 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.09.24 13:22:38 | 000,000,637 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.09.24 13:22:38 | 000,000,622 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.09.04 00:10:06 | 000,121,924 | ---- | C] () -- C:\Users\Jaffel\Desktop\uzguzguz.jpg [2012.06.05 21:18:33 | 000,094,016 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp [2012.03.08 15:43:21 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2012.03.08 15:43:21 | 000,000,605 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2012.03.08 15:43:15 | 000,003,059 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2012.03.08 15:43:15 | 000,001,098 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2012.03.08 15:43:14 | 000,000,964 | ---- | C] () -- C:\Windows\cm106.ini [2012.03.08 15:35:29 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.08 15:35:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.05 19:15:14 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012.03.05 19:15:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012.03.05 19:15:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012.03.05 19:15:12 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.03.05 19:15:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.03.05 19:13:41 | 000,000,003 | ---- | C] () -- C:\Users\Jaffel\AppData\Local\user_data.ini [2012.03.05 19:07:41 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.05 19:07:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.05 19:07:41 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.05 19:07:41 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.05 19:07:41 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.11.02 07:59:29 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\L [2012.09.25 13:05:08 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\U [2012.09.25 13:05:08 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\U\00000001.@ [2012.06.14 02:38:37 | 000,002,048 | -HS- | M] () -- C:\Users\Jaffel\AppData\Local\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Jaffel\AppData\Local\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Jaffel\AppData\Local\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Jaffel\AppData\Local\{d2de3d2f-cb40-23b1-de32-a708aa11cd92}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.10 12:17:37 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\BANDISOFT [2012.09.25 10:39:31 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\DAEMON Tools Lite [2012.06.05 21:18:43 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\ijjigame [2012.03.18 15:25:56 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\Notepad++ [2012.08.27 11:39:51 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\Origin [2012.07.29 23:55:30 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\Publish Providers [2012.07.30 00:21:47 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\Sony [2012.09.03 23:41:36 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\TeamViewer [2012.07.17 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\TS3Client [2012.09.25 06:17:52 | 000,000,000 | ---D | M] -- C:\Users\Jaffel\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 164 bytes -> C:\Users\Jaffel\Documents\Studentenbescheinung2012.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 164 bytes -> C:\Users\Jaffel\Desktop\Praktika-Zeugnis TECH.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 164 bytes -> C:\Users\Jaffel\Desktop\Praktika-Zeugnis EGing.jpeg:3or4kl4x13tuuug3Byamue2s4b < End of report > Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 25.09.2012 13:05:25 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = E:\Firefox DL
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 80,52% Memory free
15,82 Gb Paging File | 14,18 Gb Available in Paging File | 89,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 56,23 Gb Free Space | 47,19% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 330,49 Gb Free Space | 35,48% Space Free | Partition Type: NTFS
Computer Name: JANFL | User Name: Jaffel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E32A5456-15E4-423A-A990-3ACE5CF62F76}" = protocol=17 | dir=in | app=e:\borderlands 2\binaries\win32\launcher.exe |
"{EF35B41D-B8B0-4346-A2EB-09E94DA2C76E}" = protocol=6 | dir=in | app=e:\borderlands 2\binaries\win32\launcher.exe |
"TCP Query User{38E8B628-0EA5-4DC8-A2D3-3162C6F893D1}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{3F31E145-624E-46B2-8158-AC05E951C555}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"C-Media CM106 Like Sound Driver" = MEDUSA NX USB 5.1 Gaming Headset
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VIRTU_is1" = VIRTU 1.2.106
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"XFast LAN" = XFast LAN v6.61
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{922A8108-6233-4AD6-AFBB-6404D8FA80AF}" = PowerNap
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E6F012B0-E930-11E0-A67A-F04DA23A5C58}" = Vegas Pro 11.0
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.116
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Borderlands 2_is1" = Borderlands 2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"softOSD Client" = softOSD Client (Build 1445)
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"XFastUsb" = XFastUsb
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.09.2012 10:53:52 | Computer Name = Janfl | Source = WinMgmt | ID = 10
Description =
Error - 18.09.2012 11:40:01 | Computer Name = Janfl | Source = WinMgmt | ID = 10
Description =
Error - 23.09.2012 15:29:50 | Computer Name = Janfl | Source = WinMgmt | ID = 10
Description =
Error - 23.09.2012 16:04:58 | Computer Name = Janfl | Source = WinMgmt | ID = 10
Description =
Error - 23.09.2012 16:25:33 | Computer Name = Janfl | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 24.09.2012 06:27:39 | Computer Name = Janfl | Source = WinMgmt | ID = 10
Description =
Error - 24.09.2012 08:33:28 | Computer Name = Janfl | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 25.09.2012 04:34:36 | Computer Name = Janfl | Source = WinMgmt | ID = 10
Description =
Error - 25.09.2012 05:06:49 | Computer Name = Janfl | Source = WinMgmt | ID = 10
Description =
Error - 25.09.2012 05:14:06 | Computer Name = Janfl | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.09.2012 05:17:49 | Computer Name = Janfl | Source = Service Control Manager | ID = 7023
Description =
Error - 25.09.2012 05:17:49 | Computer Name = Janfl | Source = Service Control Manager | ID = 7001
Description =
Error - 25.09.2012 05:18:58 | Computer Name = Janfl | Source = Service Control Manager | ID = 7023
Description =
Error - 25.09.2012 05:18:59 | Computer Name = Janfl | Source = Service Control Manager | ID = 7001
Description =
Error - 25.09.2012 05:19:07 | Computer Name = Janfl | Source = Service Control Manager | ID = 7024
Description =
Error - 25.09.2012 05:19:23 | Computer Name = Janfl | Source = Service Control Manager | ID = 7023
Description =
Error - 25.09.2012 05:19:23 | Computer Name = Janfl | Source = Service Control Manager | ID = 7001
Description =
Error - 25.09.2012 05:35:03 | Computer Name = Janfl | Source = Service Control Manager | ID = 7023
Description =
Error - 25.09.2012 05:35:03 | Computer Name = Janfl | Source = Service Control Manager | ID = 7001
Description =
Error - 25.09.2012 05:36:02 | Computer Name = Janfl | Source = Service Control Manager | ID = 7024
Description =
< End of report >
Ich hoffe damit kann man was anfangen und mir irgendwie weiterhelfen. Danke schonmal im Voraus! Geändert von jaffel (25.09.2012 um 12:42 Uhr) |
|
25.09.2012, 12:38
| #2 |
| /// Malwareteam    |  Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Da hast du dir ein richtiges Herzchen eingefangen!  Zunächst, poste bitte den Inhalt der Logfiles in code-tags (die erhältst du unter dem #-Symbol oben im Antwortfenster). Danach kann ich dir helfen! 
__________________ |
|
25.09.2012, 12:45
| #3 |
| | Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? Danke für die schnelle Antwort.
__________________Ich habe den ersten Beitrag wie gewünscht editiert. Ich hab leider meine Win7 Installations-CD verbaselt, sonst hätte ich den PC auch einfach schnell formatiert. Trotzdem Danke für die Hilfe. |
|
25.09.2012, 13:06
| #4 |
| /// Malwareteam | Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall uTorrent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine infizierte Datei herunterlädst. Du kannst niemals wissen, woher diese stammt. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service, zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
25.09.2012, 13:14
| #5 |
| | Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? Dass P2P bzw Filesharing zu Infektionen führen kann ist mir durchaus bewusst. Aber ich nutze es bereits jahrelang um mir die von Fangruppen gesubbten Anime zu besorgen und bislang auch ohne Probleme. Ich habe es jetzt einfach mal deinstalliert und hoffe auf weitere Anweisungen. |
|
25.09.2012, 13:31
| #6 |
| /// Malwareteam | Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? |
|
25.09.2012, 13:46
| #7 |
| | Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? So, hier die Logs: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-25 14:35:27
-----------------------------
14:35:27.803 OS Version: Windows x64 6.1.7601 Service Pack 1
14:35:27.803 Number of processors: 4 586 0x2A07
14:35:27.805 ComputerName: JANFL UserName:
14:35:27.982 Initialize success
14:38:08.166 AVAST engine defs: 12092500
14:38:29.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:38:29.365 Disk 0 Vendor: M4-CT128M4SSD2 0309 Size: 122104MB BusType: 3
14:38:29.366 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-6
14:38:29.368 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA25C Size: 953869MB BusType: 3
14:38:29.369 Disk 0 MBR read successfully
14:38:29.370 Disk 0 MBR scan
14:38:29.373 Disk 0 Windows 7 default MBR code
14:38:29.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:38:29.378 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
14:38:29.383 Disk 0 scanning C:\Windows\system32\drivers
14:38:32.231 Service scanning
14:38:38.873 Modules scanning
14:38:38.876 Disk 0 trace - called modules:
14:38:38.880 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:38:38.884 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007500060]
14:38:38.885 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006f6c9b0]
14:38:38.888 5 ACPI.sys[fffff88000ed97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007303060]
14:38:39.065 AVAST engine scan C:\Windows
14:38:39.468 AVAST engine scan C:\Windows\system32
14:39:41.007 AVAST engine scan C:\Windows\system32\drivers
14:39:44.239 AVAST engine scan C:\Users\Jaffel
14:40:47.905 AVAST engine scan C:\ProgramData
14:40:50.448 Scan finished successfully
14:40:58.896 Disk 0 MBR has been saved successfully to "C:\Users\Jaffel\Desktop\MBR.dat"
14:40:58.899 The log file has been saved successfully to "C:\Users\Jaffel\Desktop\aswMBR.txt"
Code:
ATTFilter 14:41:40.0368 4964 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:41:40.0398 4964 ============================================================
14:41:40.0398 4964 Current date / time: 2012/09/25 14:41:40.0398
14:41:40.0398 4964 SystemInfo:
14:41:40.0398 4964
14:41:40.0398 4964 OS Version: 6.1.7601 ServicePack: 1.0
14:41:40.0398 4964 Product type: Workstation
14:41:40.0398 4964 ComputerName: JANFL
14:41:40.0398 4964 UserName: Jaffel
14:41:40.0398 4964 Windows directory: C:\Windows
14:41:40.0398 4964 System windows directory: C:\Windows
14:41:40.0398 4964 Running under WOW64
14:41:40.0398 4964 Processor architecture: Intel x64
14:41:40.0398 4964 Number of processors: 4
14:41:40.0398 4964 Page size: 0x1000
14:41:40.0398 4964 Boot type: Normal boot
14:41:40.0398 4964 ============================================================
14:41:40.0618 4964 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:41:40.0618 4964 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:41:40.0622 4964 ============================================================
14:41:40.0622 4964 \Device\Harddisk1\DR1:
14:41:40.0622 4964 MBR partitions:
14:41:40.0622 4964 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
14:41:40.0622 4964 \Device\Harddisk0\DR0:
14:41:40.0622 4964 MBR partitions:
14:41:40.0622 4964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:41:40.0622 4964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
14:41:40.0622 4964 ============================================================
14:41:40.0623 4964 C: <-> \Device\Harddisk0\DR0\Partition2
14:41:40.0638 4964 E: <-> \Device\Harddisk1\DR1\Partition1
14:41:40.0638 4964 ============================================================
14:41:40.0638 4964 Initialize success
14:41:40.0638 4964 ============================================================
14:42:17.0703 4548 ============================================================
14:42:17.0703 4548 Scan started
14:42:17.0703 4548 Mode: Manual; TDLFS;
14:42:17.0703 4548 ============================================================
14:42:18.0105 4548 ================ Scan system memory ========================
14:42:18.0105 4548 System memory - ok
14:42:18.0105 4548 ================ Scan services =============================
14:42:18.0133 4548 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:42:18.0134 4548 1394ohci - ok
14:42:18.0139 4548 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:42:18.0141 4548 ACPI - ok
14:42:18.0144 4548 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:42:18.0144 4548 AcpiPmi - ok
14:42:18.0164 4548 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:42:18.0165 4548 AdobeFlashPlayerUpdateSvc - ok
14:42:18.0171 4548 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:42:18.0174 4548 adp94xx - ok
14:42:18.0179 4548 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:42:18.0181 4548 adpahci - ok
14:42:18.0185 4548 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:42:18.0185 4548 adpu320 - ok
14:42:18.0189 4548 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:42:18.0189 4548 AeLookupSvc - ok
14:42:18.0195 4548 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:42:18.0198 4548 AFD - ok
14:42:18.0200 4548 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:42:18.0201 4548 agp440 - ok
14:42:18.0204 4548 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:42:18.0204 4548 ALG - ok
14:42:18.0205 4548 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:42:18.0206 4548 aliide - ok
14:42:18.0208 4548 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:42:18.0209 4548 amdide - ok
14:42:18.0210 4548 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:42:18.0211 4548 AmdK8 - ok
14:42:18.0213 4548 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:42:18.0214 4548 AmdPPM - ok
14:42:18.0216 4548 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:42:18.0216 4548 amdsata - ok
14:42:18.0221 4548 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:42:18.0223 4548 amdsbs - ok
14:42:18.0224 4548 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:42:18.0224 4548 amdxata - ok
14:42:18.0231 4548 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:42:18.0233 4548 AntiVirSchedulerService - ok
14:42:18.0235 4548 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:42:18.0235 4548 AntiVirService - ok
14:42:18.0238 4548 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:42:18.0238 4548 AppID - ok
14:42:18.0240 4548 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:42:18.0240 4548 AppIDSvc - ok
14:42:18.0243 4548 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:42:18.0244 4548 Appinfo - ok
14:42:18.0248 4548 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:42:18.0249 4548 AppMgmt - ok
14:42:18.0251 4548 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:42:18.0251 4548 arc - ok
14:42:18.0254 4548 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:42:18.0254 4548 arcsas - ok
14:42:18.0256 4548 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:18.0256 4548 AsyncMac - ok
14:42:18.0259 4548 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:42:18.0259 4548 atapi - ok
14:42:18.0266 4548 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:42:18.0270 4548 AudioEndpointBuilder - ok
14:42:18.0276 4548 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:42:18.0279 4548 AudioSrv - ok
14:42:18.0281 4548 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:42:18.0283 4548 avgntflt - ok
14:42:18.0285 4548 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:42:18.0286 4548 avipbb - ok
14:42:18.0288 4548 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:42:18.0289 4548 avkmgr - ok
14:42:18.0291 4548 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:42:18.0291 4548 AxInstSV - ok
14:42:18.0294 4548 AxtuDrv - ok
14:42:18.0300 4548 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:42:18.0303 4548 b06bdrv - ok
14:42:18.0308 4548 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:42:18.0309 4548 b57nd60a - ok
14:42:18.0313 4548 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:42:18.0313 4548 BDESVC - ok
14:42:18.0315 4548 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:42:18.0315 4548 Beep - ok
14:42:18.0321 4548 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:42:18.0326 4548 BFE - ok
14:42:18.0329 4548 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:42:18.0329 4548 blbdrive - ok
14:42:18.0331 4548 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:42:18.0333 4548 bowser - ok
14:42:18.0334 4548 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:42:18.0334 4548 BrFiltLo - ok
14:42:18.0336 4548 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:42:18.0336 4548 BrFiltUp - ok
14:42:18.0340 4548 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
14:42:18.0341 4548 Browser - ok
14:42:18.0345 4548 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:42:18.0346 4548 Brserid - ok
14:42:18.0349 4548 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:42:18.0349 4548 BrSerWdm - ok
14:42:18.0350 4548 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:42:18.0351 4548 BrUsbMdm - ok
14:42:18.0353 4548 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:42:18.0353 4548 BrUsbSer - ok
14:42:18.0355 4548 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:42:18.0355 4548 BTHMODEM - ok
14:42:18.0359 4548 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:42:18.0359 4548 bthserv - ok
14:42:18.0361 4548 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:42:18.0363 4548 cdfs - ok
14:42:18.0365 4548 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:42:18.0366 4548 cdrom - ok
14:42:18.0368 4548 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:42:18.0369 4548 CertPropSvc - ok
14:42:18.0383 4548 [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys
14:42:18.0388 4548 cFosSpeed - ok
14:42:18.0395 4548 [ 760085908644D2988F1B504C3FCA6959 ] cFosSpeedS C:\Program Files\ASRock\XFast LAN\spd.exe
14:42:18.0396 4548 cFosSpeedS - ok
14:42:18.0399 4548 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:42:18.0399 4548 circlass - ok
14:42:18.0404 4548 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:42:18.0406 4548 CLFS - ok
14:42:18.0411 4548 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:18.0413 4548 clr_optimization_v2.0.50727_32 - ok
14:42:18.0418 4548 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:42:18.0418 4548 clr_optimization_v2.0.50727_64 - ok
14:42:18.0420 4548 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:42:18.0420 4548 CmBatt - ok
14:42:18.0423 4548 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:42:18.0423 4548 cmdide - ok
14:42:18.0429 4548 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
14:42:18.0431 4548 CNG - ok
14:42:18.0434 4548 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:42:18.0434 4548 Compbatt - ok
14:42:18.0436 4548 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:42:18.0436 4548 CompositeBus - ok
14:42:18.0438 4548 COMSysApp - ok
14:42:18.0441 4548 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:42:18.0441 4548 crcdisk - ok
14:42:18.0445 4548 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:42:18.0446 4548 CryptSvc - ok
14:42:18.0451 4548 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:42:18.0455 4548 CSC - ok
14:42:18.0463 4548 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:42:18.0466 4548 CscService - ok
14:42:18.0473 4548 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:42:18.0476 4548 DcomLaunch - ok
14:42:18.0481 4548 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:42:18.0484 4548 defragsvc - ok
14:42:18.0485 4548 [ 76A3417B645EE045EBFCCC12F8EE3435 ] dell_power_nap_service C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe
14:42:18.0485 4548 dell_power_nap_service - ok
14:42:18.0488 4548 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:42:18.0489 4548 DfsC - ok
14:42:18.0494 4548 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:42:18.0495 4548 Dhcp - ok
14:42:18.0498 4548 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:42:18.0498 4548 discache - ok
14:42:18.0500 4548 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:42:18.0500 4548 Disk - ok
14:42:18.0503 4548 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:42:18.0504 4548 dmvsc - ok
14:42:18.0506 4548 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:42:18.0508 4548 Dnscache - ok
14:42:18.0511 4548 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:42:18.0514 4548 dot3svc - ok
14:42:18.0516 4548 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:42:18.0518 4548 DPS - ok
14:42:18.0520 4548 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:42:18.0520 4548 drmkaud - ok
14:42:18.0524 4548 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:42:18.0525 4548 dtsoftbus01 - ok
14:42:18.0546 4548 dump_wmimmc - ok
14:42:18.0555 4548 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:42:18.0559 4548 DXGKrnl - ok
14:42:18.0561 4548 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:42:18.0563 4548 EapHost - ok
14:42:18.0586 4548 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:42:18.0608 4548 ebdrv - ok
14:42:18.0611 4548 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:42:18.0611 4548 EFS - ok
14:42:18.0619 4548 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:42:18.0624 4548 ehRecvr - ok
14:42:18.0626 4548 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:42:18.0628 4548 ehSched - ok
14:42:18.0633 4548 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:42:18.0636 4548 elxstor - ok
14:42:18.0639 4548 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:42:18.0639 4548 ErrDev - ok
14:42:18.0643 4548 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
14:42:18.0643 4548 EtronHub3 - ok
14:42:18.0645 4548 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
14:42:18.0645 4548 EtronXHCI - ok
14:42:18.0651 4548 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:42:18.0654 4548 EventSystem - ok
14:42:18.0658 4548 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:42:18.0658 4548 exfat - ok
14:42:18.0661 4548 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:42:18.0663 4548 fastfat - ok
14:42:18.0670 4548 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:42:18.0674 4548 Fax - ok
14:42:18.0678 4548 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:42:18.0678 4548 fdc - ok
14:42:18.0680 4548 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:42:18.0680 4548 fdPHost - ok
14:42:18.0683 4548 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:42:18.0683 4548 FDResPub - ok
14:42:18.0685 4548 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:42:18.0686 4548 FileInfo - ok
14:42:18.0688 4548 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:42:18.0689 4548 Filetrace - ok
14:42:18.0690 4548 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:42:18.0690 4548 flpydisk - ok
14:42:18.0694 4548 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:42:18.0696 4548 FltMgr - ok
14:42:18.0699 4548 [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
14:42:18.0699 4548 FNETTBOH_305 - ok
14:42:18.0700 4548 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
14:42:18.0701 4548 FNETURPX - ok
14:42:18.0711 4548 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
14:42:18.0719 4548 FontCache - ok
14:42:18.0721 4548 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:42:18.0723 4548 FontCache3.0.0.0 - ok
14:42:18.0724 4548 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:42:18.0725 4548 FsDepends - ok
14:42:18.0728 4548 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:42:18.0728 4548 Fs_Rec - ok
14:42:18.0730 4548 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:42:18.0731 4548 fvevol - ok
14:42:18.0734 4548 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:42:18.0735 4548 gagp30kx - ok
14:42:18.0741 4548 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:42:18.0746 4548 gpsvc - ok
14:42:18.0750 4548 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:42:18.0750 4548 hcw85cir - ok
14:42:18.0755 4548 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:42:18.0756 4548 HdAudAddService - ok
14:42:18.0760 4548 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:42:18.0760 4548 HDAudBus - ok
14:42:18.0763 4548 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:42:18.0763 4548 HidBatt - ok
14:42:18.0765 4548 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:42:18.0765 4548 HidBth - ok
14:42:18.0768 4548 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:42:18.0769 4548 HidIr - ok
14:42:18.0770 4548 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:42:18.0771 4548 hidserv - ok
14:42:18.0774 4548 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:42:18.0774 4548 HidUsb - ok
14:42:18.0776 4548 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:42:18.0778 4548 hkmsvc - ok
14:42:18.0781 4548 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:42:18.0783 4548 HomeGroupListener - ok
14:42:18.0786 4548 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:42:18.0788 4548 HomeGroupProvider - ok
14:42:18.0790 4548 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:42:18.0790 4548 HpSAMD - ok
14:42:18.0798 4548 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:42:18.0801 4548 HTTP - ok
14:42:18.0804 4548 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:42:18.0804 4548 hwpolicy - ok
14:42:18.0806 4548 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:42:18.0808 4548 i8042prt - ok
14:42:18.0814 4548 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:42:18.0816 4548 iaStorV - ok
14:42:18.0824 4548 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:42:18.0830 4548 idsvc - ok
14:42:18.0913 4548 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:42:18.0991 4548 igfx - ok
14:42:18.0996 4548 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:42:18.0996 4548 iirsp - ok
14:42:19.0004 4548 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:42:19.0010 4548 IKEEXT - ok
14:42:19.0041 4548 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:42:19.0056 4548 IntcAzAudAddService - ok
14:42:19.0060 4548 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:42:19.0060 4548 intelide - ok
14:42:19.0063 4548 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:42:19.0063 4548 intelppm - ok
14:42:19.0065 4548 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:42:19.0066 4548 IPBusEnum - ok
14:42:19.0069 4548 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:19.0069 4548 IpFilterDriver - ok
14:42:19.0071 4548 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:42:19.0071 4548 IPMIDRV - ok
14:42:19.0075 4548 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:42:19.0075 4548 IPNAT - ok
14:42:19.0078 4548 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:42:19.0078 4548 IRENUM - ok
14:42:19.0080 4548 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:42:19.0080 4548 isapnp - ok
14:42:19.0084 4548 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:42:19.0085 4548 iScsiPrt - ok
14:42:19.0088 4548 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:42:19.0088 4548 kbdclass - ok
14:42:19.0090 4548 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:42:19.0090 4548 kbdhid - ok
14:42:19.0093 4548 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:42:19.0094 4548 KeyIso - ok
14:42:19.0095 4548 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:42:19.0096 4548 KSecDD - ok
14:42:19.0099 4548 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:42:19.0100 4548 KSecPkg - ok
14:42:19.0103 4548 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:42:19.0103 4548 ksthunk - ok
14:42:19.0106 4548 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:42:19.0110 4548 KtmRm - ok
14:42:19.0114 4548 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:42:19.0115 4548 LanmanServer - ok
14:42:19.0119 4548 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:42:19.0120 4548 LanmanWorkstation - ok
14:42:19.0123 4548 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:42:19.0124 4548 lltdio - ok
14:42:19.0128 4548 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:42:19.0130 4548 lltdsvc - ok
14:42:19.0131 4548 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:42:19.0133 4548 lmhosts - ok
14:42:19.0138 4548 [ 9AD4BEE2FE76D4CA39AC969B617E94FB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:42:19.0139 4548 LMS - ok
14:42:19.0143 4548 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:42:19.0144 4548 LSI_FC - ok
14:42:19.0146 4548 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:42:19.0146 4548 LSI_SAS - ok
14:42:19.0149 4548 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:42:19.0149 4548 LSI_SAS2 - ok
14:42:19.0151 4548 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:42:19.0153 4548 LSI_SCSI - ok
14:42:19.0155 4548 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:42:19.0155 4548 luafv - ok
14:42:19.0159 4548 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:42:19.0159 4548 MBAMProtector - ok
14:42:19.0205 4548 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler E:\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:42:19.0206 4548 MBAMScheduler - ok
14:42:19.0218 4548 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService E:\Malwarebytes' Anti-Malware\mbamservice.exe
14:42:19.0220 4548 MBAMService - ok
14:42:19.0223 4548 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
14:42:19.0224 4548 MBfilt - ok
14:42:19.0226 4548 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:42:19.0228 4548 Mcx2Svc - ok
14:42:19.0229 4548 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:42:19.0230 4548 megasas - ok
14:42:19.0234 4548 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:42:19.0235 4548 MegaSR - ok
14:42:19.0238 4548 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:42:19.0238 4548 MEIx64 - ok
14:42:19.0240 4548 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:42:19.0241 4548 MMCSS - ok
14:42:19.0244 4548 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:42:19.0244 4548 Modem - ok
14:42:19.0246 4548 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:42:19.0246 4548 monitor - ok
14:42:19.0249 4548 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:42:19.0249 4548 mouclass - ok
14:42:19.0251 4548 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:42:19.0251 4548 mouhid - ok
14:42:19.0254 4548 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:42:19.0254 4548 mountmgr - ok
14:42:19.0258 4548 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:42:19.0259 4548 MozillaMaintenance - ok
14:42:19.0261 4548 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:42:19.0263 4548 mpio - ok
14:42:19.0265 4548 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:42:19.0266 4548 mpsdrv - ok
14:42:19.0274 4548 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:42:19.0279 4548 MpsSvc - ok
14:42:19.0283 4548 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:42:19.0283 4548 MRxDAV - ok
14:42:19.0286 4548 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:19.0288 4548 mrxsmb - ok
14:42:19.0291 4548 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:19.0293 4548 mrxsmb10 - ok
14:42:19.0295 4548 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:19.0296 4548 mrxsmb20 - ok
14:42:19.0299 4548 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:42:19.0299 4548 msahci - ok
14:42:19.0301 4548 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:42:19.0303 4548 msdsm - ok
14:42:19.0305 4548 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:42:19.0306 4548 MSDTC - ok
14:42:19.0309 4548 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:42:19.0310 4548 Msfs - ok
14:42:19.0311 4548 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:42:19.0311 4548 mshidkmdf - ok
14:42:19.0314 4548 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:42:19.0314 4548 msisadrv - ok
14:42:19.0318 4548 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:42:19.0319 4548 MSiSCSI - ok
14:42:19.0320 4548 msiserver - ok
14:42:19.0323 4548 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:42:19.0323 4548 MSKSSRV - ok
14:42:19.0325 4548 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:19.0325 4548 MSPCLOCK - ok
14:42:19.0326 4548 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:42:19.0328 4548 MSPQM - ok
14:42:19.0331 4548 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:42:19.0334 4548 MsRPC - ok
14:42:19.0336 4548 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:42:19.0338 4548 mssmbios - ok
14:42:19.0339 4548 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:42:19.0340 4548 MSTEE - ok
14:42:19.0341 4548 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:42:19.0341 4548 MTConfig - ok
14:42:19.0344 4548 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:42:19.0345 4548 Mup - ok
14:42:19.0350 4548 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:42:19.0354 4548 napagent - ok
14:42:19.0358 4548 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:42:19.0360 4548 NativeWifiP - ok
14:42:19.0369 4548 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:42:19.0374 4548 NDIS - ok
14:42:19.0378 4548 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:42:19.0378 4548 NdisCap - ok
14:42:19.0379 4548 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:42:19.0380 4548 NdisTapi - ok
14:42:19.0381 4548 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:42:19.0383 4548 Ndisuio - ok
14:42:19.0385 4548 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:42:19.0386 4548 NdisWan - ok
14:42:19.0389 4548 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:42:19.0389 4548 NDProxy - ok
14:42:19.0391 4548 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:42:19.0391 4548 NetBIOS - ok
14:42:19.0395 4548 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:42:19.0396 4548 NetBT - ok
14:42:19.0399 4548 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:42:19.0400 4548 Netlogon - ok
14:42:19.0404 4548 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:42:19.0408 4548 Netman - ok
14:42:19.0413 4548 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:42:19.0415 4548 netprofm - ok
14:42:19.0424 4548 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
14:42:19.0430 4548 netr28ux - ok
14:42:19.0433 4548 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:42:19.0438 4548 NetTcpPortSharing - ok
14:42:19.0440 4548 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:42:19.0440 4548 nfrd960 - ok
14:42:19.0445 4548 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:42:19.0446 4548 NlaSvc - ok
14:42:19.0449 4548 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:42:19.0450 4548 Npfs - ok
14:42:19.0451 4548 npggsvc - ok
14:42:19.0454 4548 NPPTNT2 - ok
14:42:19.0456 4548 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:42:19.0458 4548 nsi - ok
14:42:19.0460 4548 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:42:19.0460 4548 nsiproxy - ok
14:42:19.0474 4548 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:42:19.0484 4548 Ntfs - ok
14:42:19.0486 4548 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:42:19.0486 4548 Null - ok
14:42:19.0491 4548 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:42:19.0491 4548 NVHDA - ok
14:42:19.0585 4548 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:42:19.0635 4548 nvlddmkm - ok
14:42:19.0641 4548 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:42:19.0643 4548 nvraid - ok
14:42:19.0645 4548 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:42:19.0646 4548 nvstor - ok
14:42:19.0655 4548 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:42:19.0659 4548 nvsvc - ok
14:42:19.0676 4548 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:42:19.0686 4548 nvUpdatusService - ok
14:42:19.0689 4548 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:42:19.0690 4548 nv_agp - ok
14:42:19.0693 4548 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:42:19.0693 4548 ohci1394 - ok
14:42:19.0698 4548 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:42:19.0700 4548 p2pimsvc - ok
14:42:19.0706 4548 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:42:19.0710 4548 p2psvc - ok
14:42:19.0713 4548 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:42:19.0713 4548 Parport - ok
14:42:19.0715 4548 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:42:19.0716 4548 partmgr - ok
14:42:19.0719 4548 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:42:19.0721 4548 PcaSvc - ok
14:42:19.0724 4548 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:42:19.0725 4548 pci - ok
14:42:19.0728 4548 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:42:19.0728 4548 pciide - ok
14:42:19.0731 4548 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:42:19.0733 4548 pcmcia - ok
14:42:19.0734 4548 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:42:19.0735 4548 pcw - ok
14:42:19.0740 4548 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:42:19.0744 4548 PEAUTH - ok
14:42:19.0756 4548 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:42:19.0765 4548 PeerDistSvc - ok
14:42:19.0785 4548 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:42:19.0785 4548 PerfHost - ok
14:42:19.0800 4548 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:42:19.0809 4548 pla - ok
14:42:19.0815 4548 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:42:19.0819 4548 PlugPlay - ok
14:42:19.0821 4548 PnkBstrA - ok
14:42:19.0824 4548 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:42:19.0824 4548 PNRPAutoReg - ok
14:42:19.0829 4548 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:42:19.0830 4548 PNRPsvc - ok
14:42:19.0836 4548 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:42:19.0840 4548 PolicyAgent - ok
14:42:19.0844 4548 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:42:19.0846 4548 Power - ok
14:42:19.0849 4548 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:42:19.0849 4548 PptpMiniport - ok
14:42:19.0851 4548 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:42:19.0851 4548 Processor - ok
14:42:19.0855 4548 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
14:42:19.0856 4548 ProfSvc - ok
14:42:19.0859 4548 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:42:19.0860 4548 ProtectedStorage - ok
14:42:19.0863 4548 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:42:19.0864 4548 Psched - ok
14:42:19.0875 4548 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:42:19.0885 4548 ql2300 - ok
14:42:19.0890 4548 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:42:19.0890 4548 ql40xx - ok
14:42:19.0894 4548 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:42:19.0896 4548 QWAVE - ok
14:42:19.0899 4548 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:42:19.0899 4548 QWAVEdrv - ok
14:42:19.0901 4548 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:42:19.0901 4548 RasAcd - ok
14:42:19.0904 4548 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:42:19.0904 4548 RasAgileVpn - ok
14:42:19.0906 4548 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:42:19.0908 4548 RasAuto - ok
14:42:19.0910 4548 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:42:19.0911 4548 Rasl2tp - ok
14:42:19.0915 4548 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:42:19.0919 4548 RasMan - ok
14:42:19.0921 4548 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:42:19.0921 4548 RasPppoe - ok
14:42:19.0924 4548 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:42:19.0924 4548 RasSstp - ok
14:42:19.0928 4548 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:42:19.0930 4548 rdbss - ok
14:42:19.0933 4548 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:42:19.0933 4548 rdpbus - ok
14:42:19.0934 4548 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:42:19.0935 4548 RDPCDD - ok
14:42:19.0939 4548 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:42:19.0939 4548 RDPDR - ok
14:42:19.0941 4548 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:42:19.0941 4548 RDPENCDD - ok
14:42:19.0945 4548 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:42:19.0945 4548 RDPREFMP - ok
14:42:19.0949 4548 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:42:19.0950 4548 RDPWD - ok
14:42:19.0954 4548 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:42:19.0955 4548 rdyboost - ok
14:42:19.0958 4548 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:42:19.0959 4548 RemoteAccess - ok
14:42:19.0961 4548 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:42:19.0963 4548 RemoteRegistry - ok
14:42:19.0965 4548 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:42:19.0966 4548 RpcEptMapper - ok
14:42:19.0969 4548 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:42:19.0969 4548 RpcLocator - ok
14:42:19.0975 4548 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:42:19.0978 4548 RpcSs - ok
14:42:19.0980 4548 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:42:19.0980 4548 rspndr - ok
14:42:20.0034 4548 [ 2E887E52E45BBA3C47CCD0E75FC5266F ] RTCore64 E:\MSI Afterburner\RTCore64.sys
14:42:20.0034 4548 RTCore64 - ok
14:42:20.0040 4548 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:42:20.0041 4548 RTL8167 - ok
14:42:20.0044 4548 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:42:20.0044 4548 s3cap - ok
14:42:20.0046 4548 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:42:20.0046 4548 SamSs - ok
14:42:20.0049 4548 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:42:20.0050 4548 sbp2port - ok
14:42:20.0053 4548 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:42:20.0055 4548 SCardSvr - ok
14:42:20.0058 4548 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:42:20.0058 4548 scfilter - ok
14:42:20.0066 4548 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:42:20.0074 4548 Schedule - ok
14:42:20.0076 4548 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:42:20.0078 4548 SCPolicySvc - ok
14:42:20.0080 4548 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:42:20.0083 4548 SDRSVC - ok
14:42:20.0086 4548 [ 0A6A1C9A7F80A2A5DCCED5C4C0473765 ] se64a C:\Windows\system32\Drivers\se64a.sys
14:42:20.0086 4548 se64a - ok
14:42:20.0089 4548 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:42:20.0089 4548 secdrv - ok
14:42:20.0091 4548 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:42:20.0091 4548 seclogon - ok
14:42:20.0094 4548 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:42:20.0095 4548 SENS - ok
14:42:20.0098 4548 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:42:20.0099 4548 SensrSvc - ok
14:42:20.0100 4548 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:42:20.0101 4548 Serenum - ok
14:42:20.0104 4548 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:42:20.0104 4548 Serial - ok
14:42:20.0106 4548 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:42:20.0106 4548 sermouse - ok
14:42:20.0111 4548 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:42:20.0113 4548 SessionEnv - ok
14:42:20.0115 4548 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:42:20.0115 4548 sffdisk - ok
14:42:20.0118 4548 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:42:20.0118 4548 sffp_mmc - ok
14:42:20.0119 4548 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:42:20.0120 4548 sffp_sd - ok
14:42:20.0121 4548 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:42:20.0121 4548 sfloppy - ok
14:42:20.0126 4548 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:42:20.0129 4548 SharedAccess - ok
14:42:20.0134 4548 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:42:20.0136 4548 ShellHWDetection - ok
14:42:20.0139 4548 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:42:20.0139 4548 SiSRaid2 - ok
14:42:20.0141 4548 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:42:20.0143 4548 SiSRaid4 - ok
14:42:20.0145 4548 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:42:20.0146 4548 SkypeUpdate - ok
14:42:20.0149 4548 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:42:20.0149 4548 Smb - ok
14:42:20.0151 4548 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:42:20.0153 4548 SNMPTRAP - ok
14:42:20.0158 4548 [ CAFD8337F594F341A18BD82545122469 ] softOSD C:\Program Files (x86)\softOSD\softOSD.exe
14:42:20.0159 4548 softOSD - ok
14:42:20.0160 4548 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:42:20.0161 4548 spldr - ok
14:42:20.0166 4548 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
14:42:20.0169 4548 Spooler - ok
14:42:20.0195 4548 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:42:20.0218 4548 sppsvc - ok
14:42:20.0220 4548 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:42:20.0221 4548 sppuinotify - ok
14:42:20.0226 4548 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:42:20.0230 4548 srv - ok
14:42:20.0235 4548 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:42:20.0238 4548 srv2 - ok
14:42:20.0240 4548 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:42:20.0241 4548 srvnet - ok
14:42:20.0245 4548 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:42:20.0246 4548 SSDPSRV - ok
14:42:20.0249 4548 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:42:20.0251 4548 SstpSvc - ok
14:42:20.0253 4548 Steam Client Service - ok
14:42:20.0258 4548 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:42:20.0259 4548 Stereo Service - ok
14:42:20.0261 4548 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:42:20.0263 4548 stexstor - ok
14:42:20.0268 4548 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:42:20.0273 4548 stisvc - ok
14:42:20.0275 4548 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:42:20.0275 4548 storflt - ok
14:42:20.0279 4548 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:42:20.0279 4548 StorSvc - ok
14:42:20.0281 4548 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:42:20.0283 4548 storvsc - ok
14:42:20.0284 4548 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:42:20.0285 4548 swenum - ok
14:42:20.0290 4548 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:42:20.0294 4548 swprv - ok
14:42:20.0308 4548 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:42:20.0319 4548 SysMain - ok
14:42:20.0323 4548 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:42:20.0324 4548 TabletInputService - ok
14:42:20.0328 4548 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:42:20.0330 4548 TapiSrv - ok
14:42:20.0333 4548 [ 827F682E9D2D9B2A49691C3A9697A3BB ] TarFltr C:\Windows\system32\drivers\UsbFltr.sys
14:42:20.0334 4548 TarFltr - ok
14:42:20.0336 4548 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:42:20.0338 4548 TBS - ok
14:42:20.0353 4548 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:42:20.0365 4548 Tcpip - ok
14:42:20.0380 4548 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:42:20.0388 4548 TCPIP6 - ok
14:42:20.0391 4548 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:42:20.0393 4548 tcpipreg - ok
14:42:20.0395 4548 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:42:20.0395 4548 TDPIPE - ok
14:42:20.0398 4548 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:42:20.0398 4548 TDTCP - ok
14:42:20.0400 4548 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:42:20.0401 4548 tdx - ok
14:42:20.0403 4548 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:42:20.0404 4548 TermDD - ok
14:42:20.0410 4548 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:42:20.0415 4548 TermService - ok
14:42:20.0418 4548 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:42:20.0419 4548 Themes - ok
14:42:20.0421 4548 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:42:20.0423 4548 THREADORDER - ok
14:42:20.0425 4548 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:42:20.0426 4548 TrkWks - ok
14:42:20.0430 4548 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:42:20.0431 4548 TrustedInstaller - ok
14:42:20.0434 4548 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:42:20.0434 4548 tssecsrv - ok
14:42:20.0436 4548 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:42:20.0438 4548 TsUsbFlt - ok
14:42:20.0439 4548 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:42:20.0440 4548 TsUsbGD - ok
14:42:20.0443 4548 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:42:20.0444 4548 tunnel - ok
14:42:20.0445 4548 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:42:20.0446 4548 uagp35 - ok
14:42:20.0450 4548 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:42:20.0453 4548 udfs - ok
14:42:20.0456 4548 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:42:20.0458 4548 UI0Detect - ok
14:42:20.0460 4548 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:42:20.0460 4548 uliagpkx - ok
14:42:20.0463 4548 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:42:20.0463 4548 umbus - ok
14:42:20.0465 4548 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:42:20.0465 4548 UmPass - ok
14:42:20.0469 4548 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:42:20.0471 4548 UmRdpService - ok
14:42:20.0491 4548 [ CD114CE02A10FA79C229770788106842 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:42:20.0501 4548 UNS - ok
14:42:20.0510 4548 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:42:20.0514 4548 upnphost - ok
14:42:20.0516 4548 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:42:20.0518 4548 usbaudio - ok
14:42:20.0520 4548 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:42:20.0520 4548 usbccgp - ok
14:42:20.0523 4548 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:42:20.0524 4548 usbcir - ok
14:42:20.0526 4548 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:42:20.0526 4548 usbehci - ok
14:42:20.0530 4548 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:42:20.0533 4548 usbhub - ok
14:42:20.0543 4548 [ F9B3054339A71F16430F6585EBC8BE96 ] USBMULCD C:\Windows\system32\drivers\CM10664.sys
14:42:20.0551 4548 USBMULCD - ok
14:42:20.0554 4548 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:42:20.0554 4548 usbohci - ok
14:42:20.0556 4548 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:42:20.0556 4548 usbprint - ok
14:42:20.0559 4548 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:42:20.0560 4548 usbscan - ok
14:42:20.0563 4548 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:42:20.0563 4548 USBSTOR - ok
14:42:20.0565 4548 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:42:20.0565 4548 usbuhci - ok
14:42:20.0568 4548 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:42:20.0569 4548 UxSms - ok
14:42:20.0570 4548 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:42:20.0571 4548 VaultSvc - ok
14:42:20.0574 4548 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:42:20.0574 4548 vdrvroot - ok
14:42:20.0580 4548 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:42:20.0584 4548 vds - ok
14:42:20.0586 4548 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:42:20.0586 4548 vga - ok
14:42:20.0589 4548 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:42:20.0589 4548 VgaSave - ok
14:42:20.0593 4548 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:42:20.0594 4548 vhdmp - ok
14:42:20.0596 4548 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:42:20.0596 4548 viaide - ok
14:42:20.0599 4548 [ 684A755DDFCB35FD52C3FC62A00A8399 ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
14:42:20.0599 4548 VirtuWDDM - ok
14:42:20.0603 4548 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:42:20.0604 4548 vmbus - ok
14:42:20.0605 4548 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:42:20.0606 4548 VMBusHID - ok
14:42:20.0609 4548 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:42:20.0609 4548 volmgr - ok
14:42:20.0613 4548 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:42:20.0615 4548 volmgrx - ok
14:42:20.0620 4548 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:42:20.0621 4548 volsnap - ok
14:42:20.0625 4548 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:42:20.0626 4548 vsmraid - ok
14:42:20.0639 4548 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:42:20.0649 4548 VSS - ok
14:42:20.0653 4548 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:42:20.0653 4548 vwifibus - ok
14:42:20.0655 4548 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:42:20.0656 4548 vwififlt - ok
14:42:20.0658 4548 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:42:20.0659 4548 vwifimp - ok
14:42:20.0663 4548 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:42:20.0666 4548 W32Time - ok
14:42:20.0669 4548 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:42:20.0670 4548 WacomPen - ok
14:42:20.0673 4548 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:42:20.0673 4548 WANARP - ok
14:42:20.0675 4548 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:42:20.0676 4548 Wanarpv6 - ok
14:42:20.0688 4548 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:42:20.0698 4548 wbengine - ok
14:42:20.0703 4548 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:42:20.0704 4548 WbioSrvc - ok
14:42:20.0709 4548 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:42:20.0711 4548 wcncsvc - ok
14:42:20.0715 4548 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:42:20.0716 4548 WcsPlugInService - ok
14:42:20.0718 4548 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:42:20.0719 4548 Wd - ok
14:42:20.0725 4548 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:42:20.0729 4548 Wdf01000 - ok
14:42:20.0731 4548 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:42:20.0733 4548 WdiServiceHost - ok
14:42:20.0735 4548 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:42:20.0736 4548 WdiSystemHost - ok
14:42:20.0740 4548 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:42:20.0741 4548 WebClient - ok
14:42:20.0745 4548 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:42:20.0748 4548 Wecsvc - ok
14:42:20.0750 4548 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:42:20.0751 4548 wercplsupport - ok
14:42:20.0754 4548 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:42:20.0755 4548 WerSvc - ok
14:42:20.0758 4548 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:42:20.0758 4548 WfpLwf - ok
14:42:20.0760 4548 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:42:20.0760 4548 WIMMount - ok
14:42:20.0763 4548 WinHttpAutoProxySvc - ok
14:42:20.0770 4548 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:42:20.0771 4548 Winmgmt - ok
14:42:20.0786 4548 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:42:20.0801 4548 WinRM - ok
14:42:20.0811 4548 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:42:20.0818 4548 Wlansvc - ok
14:42:20.0820 4548 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:42:20.0820 4548 WmiAcpi - ok
14:42:20.0825 4548 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:42:20.0826 4548 wmiApSrv - ok
14:42:20.0828 4548 WMPNetworkSvc - ok
14:42:20.0830 4548 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:42:20.0831 4548 WPCSvc - ok
14:42:20.0834 4548 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:42:20.0835 4548 WPDBusEnum - ok
14:42:20.0838 4548 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:42:20.0838 4548 ws2ifsl - ok
14:42:20.0840 4548 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:42:20.0843 4548 wscsvc - ok
14:42:20.0844 4548 WSearch - ok
14:42:20.0865 4548 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:42:20.0881 4548 wuauserv - ok
14:42:20.0885 4548 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:42:20.0886 4548 WudfPf - ok
14:42:20.0889 4548 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:42:20.0890 4548 WUDFRd - ok
14:42:20.0893 4548 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:42:20.0894 4548 wudfsvc - ok
14:42:20.0898 4548 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:42:20.0900 4548 WwanSvc - ok
14:42:20.0909 4548 ================ Scan global ===============================
14:42:20.0910 4548 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:42:20.0914 4548 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:42:20.0919 4548 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:42:20.0923 4548 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:42:20.0926 4548 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
14:42:20.0929 4548 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 014A9CB92514E27C0107614DF764BC06
14:42:20.0930 4548 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
14:42:20.0930 4548 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
14:42:20.0930 4548 ================ Scan MBR ==================================
14:42:20.0931 4548 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:42:21.0053 4548 \Device\Harddisk1\DR1 - ok
14:42:21.0054 4548 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:42:21.0148 4548 \Device\Harddisk0\DR0 - ok
14:42:21.0148 4548 ================ Scan VBR ==================================
14:42:21.0150 4548 [ A1E1595E37446D615DDF256107A653C0 ] \Device\Harddisk1\DR1\Partition1
14:42:21.0150 4548 \Device\Harddisk1\DR1\Partition1 - ok
14:42:21.0153 4548 [ 96D368F01D3DC2E41D048CAA2975C384 ] \Device\Harddisk0\DR0\Partition1
14:42:21.0154 4548 \Device\Harddisk0\DR0\Partition1 - ok
14:42:21.0155 4548 [ 12C83E11DECF0AEFCF70621AF1DCCFE8 ] \Device\Harddisk0\DR0\Partition2
14:42:21.0155 4548 \Device\Harddisk0\DR0\Partition2 - ok
14:42:21.0156 4548 ============================================================
14:42:21.0156 4548 Scan finished
14:42:21.0156 4548 ============================================================
14:42:21.0160 4272 Detected object count: 1
14:42:21.0161 4272 Actual detected object count: 1
14:42:45.0262 4272 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
14:42:45.0262 4272 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
|
|
25.09.2012, 14:03
| #8 | |
| /// Malwareteam | Rootkit.0Access.64 in C:\\Windows\Installer\ --> kein Windows Update? Warum eigentlich "Jaffel"? Was soll ich dazu sagen? "Päffgen" vielleicht?  Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
Linear-Darstellung
