Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.11.2012, 22:24   #1
daniskin
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Hallo zusammen,

bitte gebt mir Hilfestellung um oben im Betreff genannte Funde zu beseitigen.
Ich habe hier schonmal die Reporte der beiden Scans+OTL beigefügt.

mfg Daniel


Report Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel Graf :: DANIELPC [Administrator]

15.11.2012 18:47:06
mbam-log-2012-11-15 (18-47-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226831
Laufzeit: 6 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe (Trojan.ZbotR.Gen) -> 2240 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{D4C186CF-AC31-AD7F-E1C0-E6E3C3C3C5FE} (Trojan.ZbotR.Gen) -> Daten: "C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe (Trojan.ZbotR.Gen) -> Löschen bei Neustart.

(Ende)


Report Avira:



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 15. November 2012 18:00

Es wird nach 4498343 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : DANIELPC

Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 15.11.2012 10:29:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 09:05:55
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 09:05:55
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 14:11:12
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 09:23:48
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:37:55
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:21:14
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:49
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 19:06:06
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 10:36:27
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11.10.2012 14:26:16
VBASE008.VDF : 7.11.45.208 2048 Bytes 11.10.2012 14:26:16
VBASE009.VDF : 7.11.45.209 2048 Bytes 11.10.2012 14:26:16
VBASE010.VDF : 7.11.45.210 2048 Bytes 11.10.2012 14:26:16
VBASE011.VDF : 7.11.45.211 2048 Bytes 11.10.2012 14:26:16
VBASE012.VDF : 7.11.45.212 2048 Bytes 11.10.2012 14:26:16
VBASE013.VDF : 7.11.45.213 2048 Bytes 11.10.2012 14:26:16
VBASE014.VDF : 7.11.46.65 220160 Bytes 16.10.2012 17:27:08
VBASE015.VDF : 7.11.46.153 173568 Bytes 18.10.2012 17:27:08
VBASE016.VDF : 7.11.46.223 162304 Bytes 19.10.2012 18:14:08
VBASE017.VDF : 7.11.47.35 126464 Bytes 22.10.2012 14:59:14
VBASE018.VDF : 7.11.47.95 175616 Bytes 24.10.2012 14:57:30
VBASE019.VDF : 7.11.47.177 164352 Bytes 26.10.2012 14:57:29
VBASE020.VDF : 7.11.47.229 143360 Bytes 28.10.2012 11:59:59
VBASE021.VDF : 7.11.48.47 138240 Bytes 30.10.2012 14:23:29
VBASE022.VDF : 7.11.48.135 122880 Bytes 01.11.2012 15:29:17
VBASE023.VDF : 7.11.48.209 142848 Bytes 05.11.2012 15:28:34
VBASE024.VDF : 7.11.48.243 119296 Bytes 05.11.2012 15:28:35
VBASE025.VDF : 7.11.49.47 136704 Bytes 07.11.2012 15:28:34
VBASE026.VDF : 7.11.49.135 194560 Bytes 09.11.2012 23:12:14
VBASE027.VDF : 7.11.49.209 188416 Bytes 12.11.2012 09:42:27
VBASE028.VDF : 7.11.50.27 212992 Bytes 14.11.2012 10:29:47
VBASE029.VDF : 7.11.50.28 2048 Bytes 14.11.2012 10:29:47
VBASE030.VDF : 7.11.50.29 2048 Bytes 14.11.2012 10:29:47
VBASE031.VDF : 7.11.50.44 45056 Bytes 15.11.2012 10:29:47
Engineversion : 8.2.10.198
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 10:24:52
AESCRIPT.DLL : 8.1.4.66 463227 Bytes 12.11.2012 09:42:48
AESCN.DLL : 8.1.9.2 131444 Bytes 26.09.2012 17:29:27
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 07:46:30
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 15:28:37
AEPACK.DLL : 8.3.0.40 815479 Bytes 12.11.2012 09:42:48
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:28:37
AEHEUR.DLL : 8.1.4.132 5489016 Bytes 12.11.2012 09:42:48
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 14:26:14
AEGEN.DLL : 8.1.6.8 434548 Bytes 07.11.2012 15:28:34
AEEXP.DLL : 8.2.0.10 119158 Bytes 05.11.2012 15:28:37
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 10:24:51
AECORE.DLL : 8.1.29.2 201079 Bytes 07.11.2012 15:28:34
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:28:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 09:05:54
AVPREF.DLL : 12.3.0.32 50720 Bytes 15.11.2012 10:29:48
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 14:11:12
AVARKT.DLL : 12.3.0.33 209696 Bytes 15.11.2012 10:29:48
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 09:05:55
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 09:05:55
AVSMTP.DLL : 12.3.0.32 63480 Bytes 11.08.2012 19:11:04
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 09:05:55
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 11.08.2012 19:11:00
RCTEXT.DLL : 12.3.0.32 98848 Bytes 15.11.2012 10:29:47

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 15. November 2012 18:00

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD5
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtWlan.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtlService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'suki.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezprint.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxedmon.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'BWH32S.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2677' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Daniel Graf\AppData\Local\Temp\ICReinstall_AudioConverterSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
C:\Users\Daniel Graf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5cc70d22-117382c0
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
C:\Users\Daniel Graf\Downloads\AudioConverterSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
C:\Windows\System32\drivers\906d6994eace405d.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\Diskdump.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\drmk.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\drmkaud.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\Dumpata.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\dumpfve.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\dxapi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\dxg.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\dxgkrnl.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\dxgmms1.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\elxstor.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\errdev.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\evbda.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\exfat.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\fastfat.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\fdc.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\fileinfo.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\filetrace.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\flpydisk.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\fltMgr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\fsdepends.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\fssfltr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\fs_rec.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ftdibus.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ftser2k.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\fvevol.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\FWPKCLNT.SYS
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\GAGP30KX.SYS
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\GEARAspiWDM.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hcw85cir.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hdaudbus.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\HdAudio.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\HECIx64.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hidbatt.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hidbth.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hidclass.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hidir.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hidparse.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hidusb.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\HpSAMD.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\http.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\hwpolicy.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\i8042prt.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\iaStor.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\iaStorV.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\iirsp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\Impcd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\intelide.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\intelppm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ipfltdrv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\IPMIDrv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ipnat.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\irda.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\irenum.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\isapnp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ISASerial.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\jraid.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\kbdclass.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\kbdhid.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ks.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ksecdd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ksecpkg.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ksthunk.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\LHidFilt.Sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\lltdio.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\LMouFilt.Sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\LNonPnP.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\lsi_fc.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\lsi_sas.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\lsi_sas2.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\lsi_scsi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\luafv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\LUsbFilt.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mcd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\megasas.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\MegaSR.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\modem.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\monitor.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mouclass.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mouhid.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mountmgr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mpio.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mpsdrv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mrxdav.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mrxsmb.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mrxsmb10.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mrxsmb20.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\msahci.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\msdsm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\msfs.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mshidkmdf.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\msisadrv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\msiscsi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mskssrv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mspclock.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mspqm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\msrpc.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mssmbios.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mstee.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\MTConfig.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\MtsHID.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mup.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mv91xx.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\mvxxmm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ndis.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ndiscap.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ndistapi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ndisuio.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ndiswan.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ndproxy.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\netbios.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\netbt.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\netio.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nfrd960.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\npfs.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nsiproxy.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ntfs.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\null.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nusb3hub.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nusb3xhc.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nvamacpi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nvhda64v.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nvlddmkm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nvraid.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nvrd64.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nvsmu.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nvstor.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nvstor64.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\NV_AGP.SYS
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\nwifi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ohci1394.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\pacer.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\parport.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\partmgr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\pci.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\pciide.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\pciidex.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\PciIsaSerial.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\PciPPorts.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\PciSPorts.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\pcmcia.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\pcw.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\PEAuth.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\portcls.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\PPorts.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\processr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ql2300.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ql40xx.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\qwavedrv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rasacd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rasl2tp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\raspppoe.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\raspptp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rassstp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rdbss.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rdpbus.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\RDPCDD.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\RDPENCDD.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\RDPREFMP.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rdpwd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rdyboost.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rmcast.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\RNDISMP.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rootmdm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rspndr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\Rt64win7.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\rtl8192su.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sbp2port.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\scfilter.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\scsiport.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\secdrv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\serenum.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\serial.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sermouse.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sffdisk.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sffp_mmc.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sffp_sd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sfloppy.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\Si3124r5.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\SiRemFil.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sisraid2.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sisraid4.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\SiWinAcc.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\smb.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\smclib.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\spldr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\SPorts.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\spsys.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\srv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\srv2.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\srvnet.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ssudbus.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ssudmdm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\stexstor.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\storport.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\stream.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\swenum.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tape.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tcpip.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tcpipreg.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tdi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tdpipe.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tdtcp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tdx.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\termdd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tssecsrv.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\TsUsbFlt.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\tunnel.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\UAGP35.SYS
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\udfs.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ULIAGPKX.SYS
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\umbus.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\umpass.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usb8023.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbaapl64.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\USBCAMD2.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbccgp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbcir.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbehci.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbhub.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbohci.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbport.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbprint.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbrpm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbscan.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\USBSTOR.SYS
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\usbuhci.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vdrvroot.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vga.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vgapnp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vhdmp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\viaide.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\videoprt.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\volmgr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\volmgrx.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\volsnap.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vpchbus.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vpcnfltr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vpcusb.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vpcvmm.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vsmraid.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vwifibus.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vwififlt.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\vwifimp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\wacompen.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\wanarp.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\watchdog.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\wd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\Wdf01000.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\WdfLdr.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\wfplwf.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\wimmount.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\winusb.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\wmiacpi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\wmilib.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\ws2ifsl.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\WUDFPf.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\WUDFRd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\'
D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-05-22 200856\Backup files 3.zip
[0] Archivtyp: ZIP
--> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\DANIELPC\Backup Set 2012-06-17 190001\Backup Files 2012-06-17 190001\Backup files 13.zip
[0] Archivtyp: ZIP
--> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-08-13 212415\Backup files 22.zip
[0] Archivtyp: ZIP
--> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-10-29 124127\Backup files 1.zip
[0] Archivtyp: ZIP
--> C/Users/Daniel Graf/Downloads/AudioConverterSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 12.zip
[0] Archivtyp: ZIP
--> C/Users/Daniel Graf/Downloads/AudioConverterSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 29.zip
[0] Archivtyp: ZIP
--> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!

Beginne mit der Desinfektion:
D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 12.zip
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '544df491.qua' verschoben!
D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-10-29 124127\Backup files 1.zip
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cdadb31.qua' verschoben!
C:\Users\Daniel Graf\Downloads\AudioConverterSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e8481fc.qua' verschoben!
C:\Users\Daniel Graf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5cc70d22-117382c0
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '78b2ce20.qua' verschoben!
C:\Users\Daniel Graf\AppData\Local\Temp\ICReinstall_AudioConverterSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3cc9e33e.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 15. November 2012 22:06
Benötigte Zeit: 4:05:30 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

41800 Verzeichnisse wurden überprüft
5463890 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
5 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
259 Dateien konnten nicht durchsucht werden
5463626 Dateien ohne Befall
50477 Archive wurden durchsucht
267 Warnungen
5 Hinweise
64 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Report OTL:


OTL logfile created on: 15.11.2012 22:15:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel Graf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,17% Memory free
7,98 Gb Paging File | 5,94 Gb Available in Paging File | 74,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 527,89 Gb Free Space | 75,56% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 120,98 Gb Free Space | 17,32% Space Free | Partition Type: NTFS
Drive E: | 5,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: DANIELPC | User Name: Daniel Graf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.13 17:26:09 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.10.30 12:29:05 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.10.29 17:56:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.26 18:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe
PRC - [2012.09.29 18:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.08.11 20:11:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.08 10:05:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.11 00:15:28 | 000,016,448 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\agcp.exe
PRC - [2011.10.28 18:58:36 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.01.23 18:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
PRC - [2011.01.23 18:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
PRC - [2010.12.03 01:40:53 | 000,426,456 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe
PRC - [2010.05.14 17:07:16 | 001,093,632 | ---- | M] (Sitecom Corp.) -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtWlan.exe
PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.07.09 02:18:24 | 000,126,328 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.13 17:26:08 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.10.30 12:29:05 | 002,111,456 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012.10.30 12:29:05 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2012.10.30 12:29:05 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2012.10.29 17:56:20 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 01:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2011.01.23 18:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
MOD - [2011.01.23 18:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
MOD - [2010.12.03 01:40:53 | 000,426,456 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe
MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Epwizard.DLL
MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\customui.dll
MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Epfunct.DLL
MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Eputil.DLL
MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Imagutil.DLL
MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedDRS.dll
MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll
MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\EPOEMDll.dll
MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epstring.dll
MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\EPWizRes.dll
MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll
MOD - [2009.05.27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcats.dll
MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsmr.dll
MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\iptk.dll
MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll
MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll
MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.08.06 09:38:16 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\906d6994eace405d.sys -- (906d6994eace405d)
SRV:64bit: - [2010.04.14 15:01:15 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxedcoms.exe -- (lxed_device)
SRV:64bit: - [2010.04.14 15:01:07 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV:64bit: - [2007.11.08 00:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012.11.13 17:26:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 12:29:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.24 12:09:57 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.16 20:11:42 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.05.15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.08 10:05:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 10:05:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.28 18:58:36 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010.04.14 15:01:07 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV - [2010.04.14 15:00:56 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxedcoms.exe -- (lxed_device)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.11 14:19:01 | 000,204,800 | ---- | M] ( ) [Auto | Running] -- C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll -- (LexPrintListener)
SRV - [2009.07.09 02:18:24 | 000,126,328 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.02.10 09:03:26 | 000,156,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.06 09:38:16 | 000,085,976 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\906d6994eace405d.sys -- (906d6994eace405d)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.11 06:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.11 06:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.05.08 10:05:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 10:05:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.07 09:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.09.03 13:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.07.01 10:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.04.27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.04.13 14:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2010.04.13 14:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2010.04.13 14:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.06 15:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.01.28 11:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.15 11:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.08 14:44:58 | 000,232,464 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008.05.22 17:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
DRV:64bit: - [2008.05.22 17:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2008.05.22 17:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.02.20 16:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts)
DRV:64bit: - [2008.02.20 16:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts)
DRV:64bit: - [2008.02.20 16:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial)
DRV:64bit: - [2007.10.12 02:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2007.08.17 06:48:40 | 000,018,432 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 FD 1D 8C 86 8D CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{1086A097-7D1E-41F1-850C-A1A6C5BC8C4B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_deDE407
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel Graf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:56:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions
[2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.23 16:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions
[2012.06.14 10:33:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.19 10:04:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions\ich@maltegoetz.de
[2012.02.20 01:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 17:56:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.22 10:26:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 16:50:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.22 10:26:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 01:21:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.22 10:26:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 10:26:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 10:26:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://start.facemoods.com/?a=ddrnw

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [{D4C186CF-AC31-AD7F-E1C0-E6E3C3C3C5FE}] C:\Users\Daniel Graf\AppData\Roaming\Josye\suki.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133CCE8A-AE40-43EB-9C99-EB0E31A09208}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.25 07:27:21 | 000,000,133 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c5307947-f95c-11df-8098-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5307947-f95c-11df-8098-806e6f6e6963}\Shell\AutoRun\command - "" = SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.14 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\bERICHT FLUID
[2012.11.12 16:51:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Thermodynamik
[2012.11.02 23:13:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Fluidmechanik Übungsaufgaben
[2012.11.02 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Fluidmechanik Lösungen
[2012.10.30 12:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.30 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.10.26 21:32:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Tracing
[2012.10.26 21:27:01 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.10.26 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.10.26 21:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.10.26 21:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012.10.26 21:18:27 | 000,000,000 | R--D | C] -- C:\Users\Daniel Graf\SkyDrive
[2012.10.26 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012.10.26 18:33:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe
[2012.10.26 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\AppData\Roaming\Malwarebytes
[2012.10.26 17:54:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.26 11:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.10.18 16:52:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Bewerbungsschreiben
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2012.11.15 22:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 22:12:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.15 18:05:47 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 18:05:47 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:57:34 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.15 17:56:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 17:56:10 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 21:27:37 | 000,000,517 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\bERICHT FLUID.lnk
[2012.11.14 20:08:06 | 000,026,015 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Situationsanalyse.odt
[2012.11.14 11:27:16 | 001,763,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.14 11:27:16 | 000,756,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.14 11:27:16 | 000,700,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.14 11:27:16 | 000,173,058 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.14 11:27:16 | 000,139,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012.11.06 09:57:05 | 000,322,743 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\06-11-2012 09;37;48.JPG
[2012.11.02 18:27:41 | 000,038,856 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf
[2012.10.30 12:21:19 | 000,000,722 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Weihnachtsfeier für Senioren.sdx
[2012.10.26 21:33:25 | 000,324,198 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Video 12.MOV
[2012.10.26 18:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe
[2012.10.26 17:54:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 17:50:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.25 19:22:22 | 000,755,977 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Schaufelformen.odt
[2012.10.24 16:31:45 | 000,026,086 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Dreiecke.PNG
[2012.10.22 21:30:54 | 000,038,936 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 24.pdf
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2012.11.14 21:26:07 | 000,000,517 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\bERICHT FLUID.lnk
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012.11.13 17:16:30 | 000,026,015 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Situationsanalyse.odt
[2012.11.06 09:37:57 | 000,322,743 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\06-11-2012 09;37;48.JPG
[2012.11.02 18:27:41 | 000,038,856 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf
[2012.10.30 12:21:19 | 000,000,722 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Weihnachtsfeier für Senioren.sdx
[2012.10.26 21:33:01 | 000,324,198 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Video 12.MOV
[2012.10.26 21:26:36 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.10.26 21:26:32 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.10.26 21:26:24 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.10.26 21:26:19 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.10.26 21:25:36 | 000,057,856 | ---- | C] () -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012.10.26 21:18:27 | 000,002,198 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012.10.26 17:54:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.25 19:22:19 | 000,755,977 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Schaufelformen.odt
[2012.10.24 16:31:43 | 000,026,086 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Dreiecke.PNG
[2012.10.22 21:30:53 | 000,038,936 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 24.pdf
[2012.10.08 20:43:07 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.14 10:14:32 | 000,006,656 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.07 14:33:00 | 001,645,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.28 18:58:37 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.28 18:58:36 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.11 21:11:43 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2011.01.11 21:11:42 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2011.01.11 21:11:42 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2011.01.11 21:11:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2011.01.11 21:11:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2011.01.11 21:11:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcoms.exe
[2011.01.11 21:11:42 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2011.01.11 21:11:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[2011.01.11 21:11:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2011.01.11 21:11:42 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2011.01.11 21:11:42 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2011.01.11 21:11:42 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedih.exe
[2011.01.11 21:11:42 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2011.01.11 21:11:42 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2011.01.11 21:11:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2011.01.11 21:11:42 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2011.01.11 21:11:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2011.01.11 21:11:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2011.01.11 21:11:42 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2011.01.11 21:11:41 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2011.01.11 21:11:41 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcfg.exe
[2010.12.14 16:18:08 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010.12.14 16:18:07 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2010.11.29 23:17:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.29 23:17:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.11.26 17:21:38 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L
[2012.10.23 15:40:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U
[2012.08.04 23:59:50 | 000,002,048 | -HS- | M] () -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.05.28 00:14:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Downloaded Installations
[2012.11.15 17:58:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox
[2011.11.22 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\dvdisaster
[2012.07.19 13:03:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoft
[2012.06.14 10:33:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.08 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\e-academy Inc
[2012.09.24 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\eType
[2012.05.28 00:15:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\FileOpen
[2011.11.09 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\IObit
[2010.12.03 01:40:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Josye
[2011.05.12 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Leadertech
[2010.12.14 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\mresreg
[2012.06.19 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Nitro PDF
[2011.01.11 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Online Games Downloader
[2012.06.14 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenCandy
[2010.12.15 23:51:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenOffice.org
[2011.10.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Origin
[2010.11.27 22:22:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\PTC
[2011.06.20 01:21:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Thunderbird
[2012.06.14 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\TuneUp Software
[2010.11.28 05:33:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Tysuog
[2011.02.24 12:49:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Uniblue

========== Purity Check ==========



< End of report >

Alt 17.11.2012, 22:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 18.11.2012, 13:39   #3
daniskin
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Hallo Cosinus, vielen Dank dass du dich meinem Problem angnommen hast.

Grüsse Daniel

Hier die beiden Reporte, der von dir empfohlenen installationen:



aswMBR-Report:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 13:20:57
-----------------------------
13:20:57.505 OS Version: Windows x64 6.1.7601 Service Pack 1
13:20:57.505 Number of processors: 4 586 0x1E05
13:20:57.505 ComputerName: DANIELPC UserName:
13:20:59.081 Initialze error C0000001 - driver not loaded
13:21:04.322 AVAST engine defs: 12111800
13:21:35.532 Service scanning
13:21:35.877 Service 906d6994eace405d C:\Windows\System32\Drivers\906d6994eace405d.sys **HIDDEN**
13:21:55.019 Modules scanning
13:21:55.019 Disk 0 trace - called modules:
13:21:55.019
13:21:55.019 Scan finished successfully
13:22:24.706 The log file has been saved successfully to "C:\Users\Daniel Graf\Desktop\aswMBR.txt"






TDS-Killer:

13:26:20.0651 3648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:26:20.0841 3648 ============================================================
13:26:20.0841 3648 Current date / time: 2012/11/18 13:26:20.0841
13:26:20.0841 3648 SystemInfo:
13:26:20.0841 3648
13:26:20.0841 3648 OS Version: 6.1.7601 ServicePack: 1.0
13:26:20.0841 3648 Product type: Workstation
13:26:20.0841 3648 ComputerName: DANIELPC
13:26:20.0841 3648 UserName: Daniel Graf
13:26:20.0841 3648 Windows directory: C:\Windows
13:26:20.0841 3648 System windows directory: C:\Windows
13:26:20.0841 3648 Running under WOW64
13:26:20.0841 3648 Processor architecture: Intel x64
13:26:20.0841 3648 Number of processors: 4
13:26:20.0841 3648 Page size: 0x1000
13:26:20.0841 3648 Boot type: Normal boot
13:26:20.0841 3648 ============================================================
13:26:29.0001 3648 !crdlk
13:26:29.0344 3648 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
13:26:29.0375 3648 ============================================================
13:26:29.0375 3648 \Device\Harddisk0\DR0:
13:26:29.0375 3648 MBR partitions:
13:26:29.0375 3648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57542800
13:26:29.0375 3648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57543000, BlocksNum 0x57544000
13:26:29.0375 3648 ============================================================
13:26:29.0391 3648 C: <-> \Device\Harddisk0\DR0\Partition1
13:26:29.0437 3648 D: <-> \Device\Harddisk0\DR0\Partition2
13:26:29.0453 3648 ============================================================
13:26:29.0453 3648 Initialize success
13:26:29.0453 3648 ============================================================
13:26:44.0944 2196 ============================================================
13:26:44.0944 2196 Scan started
13:26:44.0944 2196 Mode: Manual; SigCheck; TDLFS;
13:26:44.0944 2196 ============================================================
13:26:45.0084 2196 ================ Scan system memory ========================
13:26:45.0084 2196 System memory - ok
13:26:45.0084 2196 ================ Scan services =============================
13:26:45.0349 2196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:26:45.0505 2196 1394ohci - ok
13:26:45.0521 2196 Suspicious service (NoAccess): 906d6994eace405d
13:26:45.0568 2196 [ 83527BC288885BBA3E8AFCE5FC0CC7EE ] 906d6994eace405d C:\Windows\System32\Drivers\906d6994eace405d.sys
13:26:45.0568 2196 Suspicious file (NoAccess): C:\Windows\System32\Drivers\906d6994eace405d.sys. md5: 83527BC288885BBA3E8AFCE5FC0CC7EE
13:26:45.0615 2196 906d6994eace405d ( Rootkit.Win32.Necurs.gen ) - infected
13:26:45.0615 2196 906d6994eace405d - detected Rootkit.Win32.Necurs.gen (0)
13:26:45.0661 2196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:26:45.0677 2196 ACPI - ok
13:26:45.0708 2196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:26:45.0786 2196 AcpiPmi - ok
13:26:45.0895 2196 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:26:45.0911 2196 AdobeFlashPlayerUpdateSvc - ok
13:26:45.0958 2196 [ 132190688D8E51D61F88A150D7DF9FB4 ] adp3132 C:\Windows\system32\DRIVERS\adp3132.sys
13:26:45.0989 2196 adp3132 - ok
13:26:46.0036 2196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:26:46.0051 2196 adp94xx - ok
13:26:46.0083 2196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:26:46.0083 2196 adpahci - ok
13:26:46.0114 2196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:26:46.0129 2196 adpu320 - ok
13:26:46.0176 2196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:26:46.0317 2196 AeLookupSvc - ok
13:26:46.0348 2196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:26:46.0457 2196 AFD - ok
13:26:46.0519 2196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:26:46.0519 2196 agp440 - ok
13:26:46.0551 2196 [ EDA7E60B5A47D9E47E0E843CAC624FF3 ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys
13:26:46.0551 2196 ahcix64s - ok
13:26:46.0582 2196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:26:46.0629 2196 ALG - ok
13:26:46.0660 2196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:26:46.0660 2196 aliide - ok
13:26:46.0691 2196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:26:46.0691 2196 amdide - ok
13:26:46.0722 2196 [ D52A2E98C5EEFF88CED28793B6B04D84 ] amdide64 C:\Windows\system32\DRIVERS\amdide64.sys
13:26:46.0738 2196 amdide64 - ok
13:26:46.0753 2196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:26:46.0831 2196 AmdK8 - ok
13:26:46.0847 2196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:26:46.0894 2196 AmdPPM - ok
13:26:46.0925 2196 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:26:46.0941 2196 amdsata - ok
13:26:46.0956 2196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:26:46.0972 2196 amdsbs - ok
13:26:47.0003 2196 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:26:47.0003 2196 amdxata - ok
13:26:47.0034 2196 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
13:26:47.0050 2196 amd_sata - ok
13:26:47.0065 2196 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
13:26:47.0065 2196 amd_xata - ok
13:26:47.0221 2196 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:26:47.0221 2196 AntiVirSchedulerService - ok
13:26:47.0268 2196 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:26:47.0268 2196 AntiVirService - ok
13:26:47.0315 2196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:26:47.0440 2196 AppID - ok
13:26:47.0471 2196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:26:47.0549 2196 AppIDSvc - ok
13:26:47.0596 2196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:26:47.0658 2196 Appinfo - ok
13:26:47.0736 2196 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:26:47.0752 2196 Apple Mobile Device - ok
13:26:47.0799 2196 [ D73AAD4946051D074909FDFD34D94C7B ] arc C:\Windows\system32\DRIVERS\arc.sys
13:26:47.0799 2196 arc - ok
13:26:47.0830 2196 [ 46E8C3EB03224A1E55C6F0C100A9D2CC ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:26:47.0845 2196 arcsas - ok
13:26:47.0970 2196 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:26:48.0048 2196 aspnet_state - ok
13:26:48.0095 2196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:26:48.0157 2196 AsyncMac - ok
13:26:48.0204 2196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:26:48.0204 2196 atapi - ok
13:26:48.0313 2196 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
13:26:48.0438 2196 atikmdag - ok
13:26:48.0501 2196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:26:48.0563 2196 AudioEndpointBuilder - ok
13:26:48.0594 2196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:26:48.0625 2196 AudioSrv - ok
13:26:48.0688 2196 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:26:48.0688 2196 avgntflt - ok
13:26:48.0719 2196 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:26:48.0735 2196 avipbb - ok
13:26:48.0781 2196 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:26:48.0797 2196 avkmgr - ok
13:26:48.0844 2196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:26:48.0922 2196 AxInstSV - ok
13:26:48.0969 2196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:26:49.0047 2196 b06bdrv - ok
13:26:49.0078 2196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:26:49.0109 2196 b57nd60a - ok
13:26:49.0156 2196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:26:49.0249 2196 BDESVC - ok
13:26:49.0265 2196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:26:49.0327 2196 Beep - ok
13:26:49.0374 2196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:26:49.0437 2196 BITS - ok
13:26:49.0468 2196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:26:49.0515 2196 blbdrive - ok
13:26:49.0608 2196 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:26:49.0624 2196 Bonjour Service - ok
13:26:49.0655 2196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:26:49.0686 2196 bowser - ok
13:26:49.0702 2196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:26:49.0749 2196 BrFiltLo - ok
13:26:49.0749 2196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:26:49.0764 2196 BrFiltUp - ok
13:26:49.0811 2196 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
13:26:49.0827 2196 Browser - ok
13:26:49.0858 2196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:26:49.0920 2196 Brserid - ok
13:26:49.0936 2196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:26:49.0951 2196 BrSerWdm - ok
13:26:49.0967 2196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:26:49.0998 2196 BrUsbMdm - ok
13:26:50.0014 2196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:26:50.0014 2196 BrUsbSer - ok
13:26:50.0029 2196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:26:50.0061 2196 BTHMODEM - ok
13:26:50.0107 2196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:26:50.0139 2196 bthserv - ok
13:26:50.0170 2196 [ 0063578F0E06B07D2EA60635C71746AC ] Bufeap C:\Windows\system32\DRIVERS\bufeap64.sys
13:26:50.0217 2196 Bufeap - ok
13:26:50.0263 2196 [ 6AE9F70F02A6E28E45B643A2834111BE ] BWH32S C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
13:26:50.0263 2196 BWH32S - ok
13:26:50.0295 2196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:26:50.0295 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A
13:26:50.0295 2196 cdfs ( LockedFile.Multi.Generic ) - warning
13:26:50.0295 2196 cdfs - detected LockedFile.Multi.Generic (1)
13:26:50.0357 2196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:26:50.0357 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416
13:26:50.0373 2196 cdrom ( LockedFile.Multi.Generic ) - warning
13:26:50.0373 2196 cdrom - detected LockedFile.Multi.Generic (1)
13:26:50.0404 2196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:26:50.0451 2196 CertPropSvc - ok
13:26:50.0466 2196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:26:50.0466 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF
13:26:50.0482 2196 circlass ( LockedFile.Multi.Generic ) - warning
13:26:50.0482 2196 circlass - detected LockedFile.Multi.Generic (1)
13:26:50.0529 2196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:26:50.0529 2196 Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206
13:26:50.0529 2196 CLFS ( LockedFile.Multi.Generic ) - warning
13:26:50.0529 2196 CLFS - detected LockedFile.Multi.Generic (1)
13:26:50.0591 2196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:50.0607 2196 clr_optimization_v2.0.50727_32 - ok
13:26:50.0669 2196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:26:50.0669 2196 clr_optimization_v2.0.50727_64 - ok
13:26:50.0778 2196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:50.0950 2196 clr_optimization_v4.0.30319_32 - ok
13:26:50.0981 2196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:26:51.0043 2196 clr_optimization_v4.0.30319_64 - ok
13:26:51.0075 2196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:26:51.0090 2196 CmBatt - ok
13:26:51.0121 2196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:26:51.0121 2196 cmdide - ok
13:26:51.0168 2196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:26:51.0168 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 9AC4F97C2D3E93367E2148EA940CD2CD
13:26:51.0168 2196 CNG ( LockedFile.Multi.Generic ) - warning
13:26:51.0168 2196 CNG - detected LockedFile.Multi.Generic (1)
13:26:51.0199 2196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:26:51.0199 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14
13:26:51.0215 2196 Compbatt ( LockedFile.Multi.Generic ) - warning
13:26:51.0215 2196 Compbatt - detected LockedFile.Multi.Generic (1)
13:26:51.0246 2196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:26:51.0246 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8
13:26:51.0246 2196 CompositeBus ( LockedFile.Multi.Generic ) - warning
13:26:51.0246 2196 CompositeBus - detected LockedFile.Multi.Generic (1)
13:26:51.0262 2196 COMSysApp - ok
13:26:51.0293 2196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:26:51.0293 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597
13:26:51.0293 2196 crcdisk ( LockedFile.Multi.Generic ) - warning
13:26:51.0293 2196 crcdisk - detected LockedFile.Multi.Generic (1)
13:26:51.0355 2196 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:26:51.0402 2196 CryptSvc - ok
13:26:51.0465 2196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:26:51.0511 2196 DcomLaunch - ok
13:26:51.0558 2196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:26:51.0605 2196 defragsvc - ok
13:26:51.0652 2196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:26:51.0652 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4
13:26:51.0652 2196 DfsC ( LockedFile.Multi.Generic ) - warning
13:26:51.0652 2196 DfsC - detected LockedFile.Multi.Generic (1)
13:26:51.0683 2196 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:26:51.0683 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ssudbus.sys. md5: 6060106CE00F32F63F1A73160E46E9D2
13:26:51.0699 2196 dg_ssudbus ( LockedFile.Multi.Generic ) - warning
13:26:51.0699 2196 dg_ssudbus - detected LockedFile.Multi.Generic (1)
13:26:51.0730 2196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:26:51.0761 2196 Dhcp - ok
13:26:51.0792 2196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:26:51.0792 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3
13:26:51.0792 2196 discache ( LockedFile.Multi.Generic ) - warning
13:26:51.0792 2196 discache - detected LockedFile.Multi.Generic (1)
13:26:51.0823 2196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:26:51.0823 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C
13:26:51.0823 2196 Disk ( LockedFile.Multi.Generic ) - warning
13:26:51.0823 2196 Disk - detected LockedFile.Multi.Generic (1)
13:26:51.0870 2196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:26:51.0979 2196 Dnscache - ok
13:26:52.0011 2196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:26:52.0089 2196 dot3svc - ok
13:26:52.0135 2196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:26:52.0167 2196 DPS - ok
13:26:52.0229 2196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:26:52.0229 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754
13:26:52.0229 2196 drmkaud ( LockedFile.Multi.Generic ) - warning
13:26:52.0229 2196 drmkaud - detected LockedFile.Multi.Generic (1)
13:26:52.0276 2196 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:26:52.0276 2196 Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: F5BEE30450E18E6B83A5012C100616FD
13:26:52.0276 2196 DXGKrnl ( LockedFile.Multi.Generic ) - warning
13:26:52.0276 2196 DXGKrnl - detected LockedFile.Multi.Generic (1)
13:26:52.0307 2196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:26:52.0369 2196 EapHost - ok
13:26:52.0432 2196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:26:52.0432 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F
13:26:52.0447 2196 ebdrv ( LockedFile.Multi.Generic ) - warning
13:26:52.0447 2196 ebdrv - detected LockedFile.Multi.Generic (1)
13:26:52.0479 2196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:26:52.0603 2196 EFS - ok
13:26:52.0666 2196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:26:52.0759 2196 ehRecvr - ok
13:26:52.0806 2196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:26:52.0915 2196 ehSched - ok
13:26:52.0962 2196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:26:52.0962 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184
13:26:52.0962 2196 elxstor ( LockedFile.Multi.Generic ) - warning
13:26:52.0962 2196 elxstor - detected LockedFile.Multi.Generic (1)
13:26:53.0009 2196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:26:53.0009 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B
13:26:53.0009 2196 ErrDev ( LockedFile.Multi.Generic ) - warning
13:26:53.0009 2196 ErrDev - detected LockedFile.Multi.Generic (1)
13:26:53.0071 2196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:26:53.0118 2196 EventSystem - ok
13:26:53.0149 2196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:26:53.0149 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B
13:26:53.0149 2196 exfat ( LockedFile.Multi.Generic ) - warning
13:26:53.0149 2196 exfat - detected LockedFile.Multi.Generic (1)
13:26:53.0181 2196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:26:53.0181 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D
13:26:53.0181 2196 fastfat ( LockedFile.Multi.Generic ) - warning
13:26:53.0181 2196 fastfat - detected LockedFile.Multi.Generic (1)
13:26:53.0243 2196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:26:53.0321 2196 Fax - ok
13:26:53.0337 2196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:26:53.0337 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB
13:26:53.0337 2196 fdc ( LockedFile.Multi.Generic ) - warning
13:26:53.0337 2196 fdc - detected LockedFile.Multi.Generic (1)
13:26:53.0368 2196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:26:53.0415 2196 fdPHost - ok
13:26:53.0446 2196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:26:53.0493 2196 FDResPub - ok
13:26:53.0524 2196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:26:53.0524 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930
13:26:53.0539 2196 FileInfo ( LockedFile.Multi.Generic ) - warning
13:26:53.0539 2196 FileInfo - detected LockedFile.Multi.Generic (1)
13:26:53.0555 2196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:26:53.0555 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47
13:26:53.0555 2196 Filetrace ( LockedFile.Multi.Generic ) - warning
13:26:53.0555 2196 Filetrace - detected LockedFile.Multi.Generic (1)
13:26:53.0571 2196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:53.0571 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5
13:26:53.0571 2196 flpydisk ( LockedFile.Multi.Generic ) - warning
13:26:53.0571 2196 flpydisk - detected LockedFile.Multi.Generic (1)
13:26:53.0602 2196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:26:53.0602 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741
13:26:53.0617 2196 FltMgr ( LockedFile.Multi.Generic ) - warning
13:26:53.0617 2196 FltMgr - detected LockedFile.Multi.Generic (1)
13:26:53.0680 2196 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:26:53.0727 2196 FontCache - ok
13:26:53.0805 2196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:26:53.0805 2196 FontCache3.0.0.0 - ok
13:26:53.0836 2196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:26:53.0836 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC
13:26:53.0851 2196 FsDepends ( LockedFile.Multi.Generic ) - warning
13:26:53.0851 2196 FsDepends - detected LockedFile.Multi.Generic (1)
13:26:53.0914 2196 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:26:53.0914 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fssfltr.sys. md5: B16B626996C74B564005BA855C5DEE90
13:26:53.0914 2196 fssfltr ( LockedFile.Multi.Generic ) - warning
13:26:53.0914 2196 fssfltr - detected LockedFile.Multi.Generic (1)
13:26:54.0023 2196 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:26:54.0054 2196 fsssvc - ok
13:26:54.0085 2196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:26:54.0085 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B
13:26:54.0085 2196 Fs_Rec ( LockedFile.Multi.Generic ) - warning
13:26:54.0085 2196 Fs_Rec - detected LockedFile.Multi.Generic (1)
13:26:54.0132 2196 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
13:26:54.0132 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ftdibus.sys. md5: FA169871D8FADCC6539C4E8726610286
13:26:54.0132 2196 FTDIBUS ( LockedFile.Multi.Generic ) - warning
13:26:54.0132 2196 FTDIBUS - detected LockedFile.Multi.Generic (1)
13:26:54.0163 2196 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
13:26:54.0163 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ftser2k.sys. md5: 24237091348D1EFB5635A1CF9649E311
13:26:54.0179 2196 FTSER2K ( LockedFile.Multi.Generic ) - warning
13:26:54.0179 2196 FTSER2K - detected LockedFile.Multi.Generic (1)
13:26:54.0210 2196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:26:54.0210 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED
13:26:54.0210 2196 fvevol ( LockedFile.Multi.Generic ) - warning
13:26:54.0210 2196 fvevol - detected LockedFile.Multi.Generic (1)
13:26:54.0241 2196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:26:54.0241 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6
13:26:54.0241 2196 gagp30kx ( LockedFile.Multi.Generic ) - warning
13:26:54.0241 2196 gagp30kx - detected LockedFile.Multi.Generic (1)
13:26:54.0304 2196 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:26:54.0304 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F
13:26:54.0304 2196 GEARAspiWDM ( LockedFile.Multi.Generic ) - warning
13:26:54.0304 2196 GEARAspiWDM - detected LockedFile.Multi.Generic (1)
13:26:54.0366 2196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:26:54.0413 2196 gpsvc - ok
13:26:54.0491 2196 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:26:54.0507 2196 gupdate - ok
13:26:54.0538 2196 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:26:54.0553 2196 gupdatem - ok
13:26:54.0600 2196 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:26:54.0600 2196 gusvc - ok
13:26:54.0631 2196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:26:54.0631 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0
13:26:54.0631 2196 hcw85cir ( LockedFile.Multi.Generic ) - warning
13:26:54.0631 2196 hcw85cir - detected LockedFile.Multi.Generic (1)
13:26:54.0678 2196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:26:54.0678 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A
13:26:54.0678 2196 HdAudAddService ( LockedFile.Multi.Generic ) - warning
13:26:54.0678 2196 HdAudAddService - detected LockedFile.Multi.Generic (1)
13:26:54.0709 2196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:26:54.0709 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB
13:26:54.0725 2196 HDAudBus ( LockedFile.Multi.Generic ) - warning
13:26:54.0725 2196 HDAudBus - detected LockedFile.Multi.Generic (1)
13:26:54.0756 2196 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:26:54.0756 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF
13:26:54.0772 2196 HECIx64 ( LockedFile.Multi.Generic ) - warning
13:26:54.0772 2196 HECIx64 - detected LockedFile.Multi.Generic (1)
13:26:54.0787 2196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:26:54.0787 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F
13:26:54.0787 2196 HidBatt ( LockedFile.Multi.Generic ) - warning
13:26:54.0787 2196 HidBatt - detected LockedFile.Multi.Generic (1)
13:26:54.0803 2196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:26:54.0803 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104
13:26:54.0819 2196 HidBth ( LockedFile.Multi.Generic ) - warning
13:26:54.0819 2196 HidBth - detected LockedFile.Multi.Generic (1)
13:26:54.0819 2196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:26:54.0819 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825
13:26:54.0834 2196 HidIr ( LockedFile.Multi.Generic ) - warning
13:26:54.0834 2196 HidIr - detected LockedFile.Multi.Generic (1)
13:26:54.0881 2196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:26:54.0928 2196 hidserv - ok
13:26:54.0959 2196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:26:54.0959 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536
13:26:54.0959 2196 HidUsb ( LockedFile.Multi.Generic ) - warning
13:26:54.0959 2196 HidUsb - detected LockedFile.Multi.Generic (1)
13:26:55.0006 2196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:26:55.0037 2196 hkmsvc - ok
13:26:55.0084 2196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:26:55.0146 2196 HomeGroupListener - ok
13:26:55.0193 2196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:26:55.0224 2196 HomeGroupProvider - ok
13:26:55.0255 2196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:26:55.0255 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC
13:26:55.0255 2196 HpSAMD ( LockedFile.Multi.Generic ) - warning
13:26:55.0255 2196 HpSAMD - detected LockedFile.Multi.Generic (1)
13:26:55.0302 2196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:26:55.0302 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28
13:26:55.0318 2196 HTTP ( LockedFile.Multi.Generic ) - warning
13:26:55.0318 2196 HTTP - detected LockedFile.Multi.Generic (1)
13:26:55.0365 2196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:26:55.0365 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392
13:26:55.0365 2196 hwpolicy ( LockedFile.Multi.Generic ) - warning
13:26:55.0365 2196 hwpolicy - detected LockedFile.Multi.Generic (1)
13:26:55.0411 2196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:26:55.0411 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3
13:26:55.0411 2196 i8042prt ( LockedFile.Multi.Generic ) - warning
13:26:55.0411 2196 i8042prt - detected LockedFile.Multi.Generic (1)
13:26:55.0443 2196 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:26:55.0443 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iaStor.sys. md5: ABBF174CB394F5C437410A788B7E404A
13:26:55.0458 2196 iaStor ( LockedFile.Multi.Generic ) - warning
13:26:55.0458 2196 iaStor - detected LockedFile.Multi.Generic (1)
13:26:55.0536 2196 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:26:55.0536 2196 IAStorDataMgrSvc - ok
13:26:55.0567 2196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:26:55.0567 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366
13:26:55.0583 2196 iaStorV ( LockedFile.Multi.Generic ) - warning
13:26:55.0583 2196 iaStorV - detected LockedFile.Multi.Generic (1)
13:26:55.0645 2196 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:26:55.0677 2196 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:26:55.0677 2196 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:26:55.0739 2196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:26:55.0755 2196 idsvc - ok
13:26:55.0801 2196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:26:55.0801 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21
13:26:55.0817 2196 iirsp ( LockedFile.Multi.Generic ) - warning
13:26:55.0817 2196 iirsp - detected LockedFile.Multi.Generic (1)
13:26:55.0848 2196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:26:55.0911 2196 IKEEXT - ok
13:26:55.0957 2196 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
13:26:55.0957 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Impcd.sys. md5: DD587A55390ED2295BCE6D36AD567DA9
13:26:55.0957 2196 Impcd ( LockedFile.Multi.Generic ) - warning
13:26:55.0957 2196 Impcd - detected LockedFile.Multi.Generic (1)
13:26:55.0989 2196 IntcAzAudAddService - ok
13:26:56.0004 2196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:26:56.0004 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA
13:26:56.0020 2196 intelide ( LockedFile.Multi.Generic ) - warning
13:26:56.0020 2196 intelide - detected LockedFile.Multi.Generic (1)
13:26:56.0035 2196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:26:56.0035 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1
13:26:56.0051 2196 intelppm ( LockedFile.Multi.Generic ) - warning
13:26:56.0051 2196 intelppm - detected LockedFile.Multi.Generic (1)
13:26:56.0098 2196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:26:56.0145 2196 IPBusEnum - ok
13:26:56.0176 2196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:56.0176 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6
13:26:56.0191 2196 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
13:26:56.0191 2196 IpFilterDriver - detected LockedFile.Multi.Generic (1)
13:26:56.0207 2196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:26:56.0207 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A
13:26:56.0223 2196 IPMIDRV ( LockedFile.Multi.Generic ) - warning
13:26:56.0223 2196 IPMIDRV - detected LockedFile.Multi.Generic (1)
13:26:56.0254 2196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:26:56.0254 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0
13:26:56.0254 2196 IPNAT ( LockedFile.Multi.Generic ) - warning
13:26:56.0254 2196 IPNAT - detected LockedFile.Multi.Generic (1)
13:26:56.0316 2196 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:26:56.0332 2196 iPod Service - ok
13:26:56.0363 2196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:26:56.0363 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9
13:26:56.0363 2196 IRENUM ( LockedFile.Multi.Generic ) - warning
13:26:56.0363 2196 IRENUM - detected LockedFile.Multi.Generic (1)
13:26:56.0394 2196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:26:56.0394 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38
13:26:56.0394 2196 isapnp ( LockedFile.Multi.Generic ) - warning
13:26:56.0394 2196 isapnp - detected LockedFile.Multi.Generic (1)
13:26:56.0410 2196 [ AC45D94185CF67267D06BF2F45E9E31E ] ISASerial C:\Windows\system32\DRIVERS\ISASerial.sys
13:26:56.0410 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ISASerial.sys. md5: AC45D94185CF67267D06BF2F45E9E31E
13:26:56.0410 2196 ISASerial ( LockedFile.Multi.Generic ) - warning
13:26:56.0410 2196 ISASerial - detected LockedFile.Multi.Generic (1)
13:26:56.0441 2196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:26:56.0441 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD
13:26:56.0457 2196 iScsiPrt ( LockedFile.Multi.Generic ) - warning
13:26:56.0457 2196 iScsiPrt - detected LockedFile.Multi.Generic (1)
13:26:56.0472 2196 [ 50DE7DD7EDB1B512B13666588AEFBF6F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
13:26:56.0472 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\jraid.sys. md5: 50DE7DD7EDB1B512B13666588AEFBF6F
13:26:56.0488 2196 JRAID ( LockedFile.Multi.Generic ) - warning
13:26:56.0488 2196 JRAID - detected LockedFile.Multi.Generic (1)
13:26:56.0519 2196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:26:56.0519 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5
13:26:56.0535 2196 kbdclass ( LockedFile.Multi.Generic ) - warning
13:26:56.0535 2196 kbdclass - detected LockedFile.Multi.Generic (1)
13:26:56.0550 2196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:26:56.0550 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484
13:26:56.0566 2196 kbdhid ( LockedFile.Multi.Generic ) - warning
13:26:56.0566 2196 kbdhid - detected LockedFile.Multi.Generic (1)
13:26:56.0581 2196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:26:56.0597 2196 KeyIso - ok
13:26:56.0628 2196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:26:56.0628 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4
13:26:56.0644 2196 KSecDD ( LockedFile.Multi.Generic ) - warning
13:26:56.0644 2196 KSecDD - detected LockedFile.Multi.Generic (1)
13:26:56.0675 2196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:26:56.0675 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07
13:26:56.0691 2196 KSecPkg ( LockedFile.Multi.Generic ) - warning
13:26:56.0691 2196 KSecPkg - detected LockedFile.Multi.Generic (1)
13:26:56.0706 2196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:26:56.0706 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4
13:26:56.0722 2196 ksthunk ( LockedFile.Multi.Generic ) - warning
13:26:56.0722 2196 ksthunk - detected LockedFile.Multi.Generic (1)
13:26:56.0753 2196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:26:56.0800 2196 KtmRm - ok
13:26:56.0862 2196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:26:56.0909 2196 LanmanServer - ok
13:26:56.0956 2196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:26:57.0003 2196 LanmanWorkstation - ok
13:26:57.0127 2196 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:26:57.0127 2196 LBTServ - ok
13:26:57.0221 2196 [ ADB665AC1313CFE6F106A68ECF97135C ] LexPrintListener C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll
13:26:57.0252 2196 LexPrintListener ( UnsignedFile.Multi.Generic ) - warning
13:26:57.0252 2196 LexPrintListener - detected UnsignedFile.Multi.Generic (1)
13:26:57.0299 2196 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:26:57.0299 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\LHidFilt.Sys. md5: 24E09882BA51B9830AE029888A3AAF18
13:26:57.0299 2196 LHidFilt ( LockedFile.Multi.Generic ) - warning
13:26:57.0299 2196 LHidFilt - detected LockedFile.Multi.Generic (1)
13:26:57.0330 2196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:26:57.0330 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827
13:26:57.0330 2196 lltdio ( LockedFile.Multi.Generic ) - warning
13:26:57.0330 2196 lltdio - detected LockedFile.Multi.Generic (1)
13:26:57.0377 2196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:26:57.0424 2196 lltdsvc - ok
13:26:57.0455 2196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:26:57.0486 2196 lmhosts - ok
13:26:57.0517 2196 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:26:57.0517 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\LMouFilt.Sys. md5: 2F94325D8C10E2B715F3D753C2422AAC
13:26:57.0517 2196 LMouFilt ( LockedFile.Multi.Generic ) - warning
13:26:57.0517 2196 LMouFilt - detected LockedFile.Multi.Generic (1)
13:26:57.0564 2196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:26:57.0564 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6
13:26:57.0580 2196 LSI_FC ( LockedFile.Multi.Generic ) - warning
13:26:57.0580 2196 LSI_FC - detected LockedFile.Multi.Generic (1)
13:26:57.0595 2196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:26:57.0595 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810
13:26:57.0611 2196 LSI_SAS ( LockedFile.Multi.Generic ) - warning
13:26:57.0611 2196 LSI_SAS - detected LockedFile.Multi.Generic (1)
13:26:57.0627 2196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:26:57.0627 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93
13:26:57.0642 2196 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
13:26:57.0642 2196 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
13:26:57.0642 2196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:26:57.0642 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A
13:26:57.0658 2196 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
13:26:57.0658 2196 LSI_SCSI - detected LockedFile.Multi.Generic (1)
13:26:57.0673 2196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:26:57.0673 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E
13:26:57.0689 2196 luafv ( LockedFile.Multi.Generic ) - warning
13:26:57.0689 2196 luafv - detected LockedFile.Multi.Generic (1)
13:26:57.0720 2196 [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
13:26:57.0720 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\LUsbFilt.Sys. md5: B8BE35421B9E8DC1AB4B0CB7B9B0328B
13:26:57.0720 2196 LUsbFilt ( LockedFile.Multi.Generic ) - warning
13:26:57.0720 2196 LUsbFilt - detected LockedFile.Multi.Generic (1)
13:26:57.0814 2196 [ D6CDF198518B8428B66AAD8F7BABC3BE ] lxedCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe
13:26:57.0829 2196 lxedCATSCustConnectService - ok
13:26:57.0845 2196 lxed_device - ok
13:26:57.0892 2196 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:26:57.0907 2196 MBAMProtector - ok
13:26:57.0954 2196 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:26:57.0970 2196 MBAMScheduler - ok
13:26:58.0001 2196 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:26:58.0017 2196 MBAMService - ok
13:26:58.0063 2196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:26:58.0095 2196 Mcx2Svc - ok
13:26:58.0126 2196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:26:58.0126 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4
13:26:58.0141 2196 megasas ( LockedFile.Multi.Generic ) - warning
13:26:58.0141 2196 megasas - detected LockedFile.Multi.Generic (1)
13:26:58.0173 2196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:26:58.0173 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3
13:26:58.0173 2196 MegaSR ( LockedFile.Multi.Generic ) - warning
13:26:58.0173 2196 MegaSR - detected LockedFile.Multi.Generic (1)
13:26:58.0297 2196 Microsoft SharePoint Workspace Audit Service - ok
13:26:58.0344 2196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:26:58.0391 2196 MMCSS - ok
13:26:58.0422 2196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:26:58.0422 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137
13:26:58.0422 2196 Modem ( LockedFile.Multi.Generic ) - warning
13:26:58.0422 2196 Modem - detected LockedFile.Multi.Generic (1)
13:26:58.0453 2196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:26:58.0453 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA
13:26:58.0469 2196 monitor ( LockedFile.Multi.Generic ) - warning
13:26:58.0469 2196 monitor - detected LockedFile.Multi.Generic (1)
13:26:58.0485 2196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:26:58.0485 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99
13:26:58.0485 2196 mouclass ( LockedFile.Multi.Generic ) - warning
13:26:58.0485 2196 mouclass - detected LockedFile.Multi.Generic (1)
13:26:58.0516 2196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:26:58.0516 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6
13:26:58.0516 2196 mouhid ( LockedFile.Multi.Generic ) - warning
13:26:58.0516 2196 mouhid - detected LockedFile.Multi.Generic (1)
13:26:58.0578 2196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:26:58.0578 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA
13:26:58.0578 2196 mountmgr ( LockedFile.Multi.Generic ) - warning
13:26:58.0578 2196 mountmgr - detected LockedFile.Multi.Generic (1)
13:26:58.0656 2196 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:26:58.0656 2196 MozillaMaintenance - ok
13:26:58.0687 2196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:26:58.0687 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58
13:26:58.0703 2196 mpio ( LockedFile.Multi.Generic ) - warning
13:26:58.0703 2196 mpio - detected LockedFile.Multi.Generic (1)
13:26:58.0743 2196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:26:58.0743 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F
13:26:58.0743 2196 mpsdrv ( LockedFile.Multi.Generic ) - warning
13:26:58.0743 2196 mpsdrv - detected LockedFile.Multi.Generic (1)
13:26:58.0803 2196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:26:58.0803 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380
13:26:58.0813 2196 MRxDAV ( LockedFile.Multi.Generic ) - warning
13:26:58.0813 2196 MRxDAV - detected LockedFile.Multi.Generic (1)
13:26:58.0853 2196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:58.0853 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC
13:26:58.0863 2196 mrxsmb ( LockedFile.Multi.Generic ) - warning
13:26:58.0863 2196 mrxsmb - detected LockedFile.Multi.Generic (1)
13:26:58.0913 2196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:58.0913 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163
13:26:58.0913 2196 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
13:26:58.0913 2196 mrxsmb10 - detected LockedFile.Multi.Generic (1)
13:26:58.0963 2196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:58.0963 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C
13:26:58.0963 2196 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
13:26:58.0963 2196 mrxsmb20 - detected LockedFile.Multi.Generic (1)
13:26:59.0003 2196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:26:59.0003 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796
13:26:59.0003 2196 msahci ( LockedFile.Multi.Generic ) - warning
13:26:59.0003 2196 msahci - detected LockedFile.Multi.Generic (1)
13:26:59.0023 2196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:26:59.0023 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900
13:26:59.0033 2196 msdsm ( LockedFile.Multi.Generic ) - warning
13:26:59.0033 2196 msdsm - detected LockedFile.Multi.Generic (1)
13:26:59.0063 2196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:26:59.0083 2196 MSDTC - ok
13:26:59.0123 2196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:26:59.0123 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96
13:26:59.0133 2196 Msfs ( LockedFile.Multi.Generic ) - warning
13:26:59.0133 2196 Msfs - detected LockedFile.Multi.Generic (1)
13:26:59.0163 2196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:26:59.0163 2196 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326
13:26:59.0163 2196 mshidkmdf ( LockedFile.Multi.Generic ) - warning
13:26:59.0163 2196 mshidkmdf - detected LockedFile.Multi.Generic (1)
13:26:59.0193 2196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:26:59.0193 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D
13:26:59.0193 2196 msisadrv ( LockedFile.Multi.Generic ) - warning
13:26:59.0193 2196 msisadrv - detected LockedFile.Multi.Generic (1)
13:26:59.0233 2196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:26:59.0303 2196 MSiSCSI - ok
13:26:59.0313 2196 msiserver - ok
13:26:59.0353 2196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:26:59.0353 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366
13:26:59.0363 2196 MSKSSRV ( LockedFile.Multi.Generic ) - warning
13:26:59.0363 2196 MSKSSRV - detected LockedFile.Multi.Generic (1)
13:26:59.0383 2196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:59.0383 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3
13:26:59.0383 2196 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
13:26:59.0383 2196 MSPCLOCK - detected LockedFile.Multi.Generic (1)
13:26:59.0403 2196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:26:59.0403 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0
13:26:59.0403 2196 MSPQM ( LockedFile.Multi.Generic ) - warning
13:26:59.0403 2196 MSPQM - detected LockedFile.Multi.Generic (1)
13:26:59.0443 2196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:26:59.0443 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D
13:26:59.0453 2196 MsRPC ( LockedFile.Multi.Generic ) - warning
13:26:59.0453 2196 MsRPC - detected LockedFile.Multi.Generic (1)
13:26:59.0483 2196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:26:59.0483 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288
13:26:59.0493 2196 mssmbios ( LockedFile.Multi.Generic ) - warning
13:26:59.0493 2196 mssmbios - detected LockedFile.Multi.Generic (1)
13:26:59.0553 2196 MSSQL$SQLEXPRESS - ok
13:26:59.0593 2196 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:26:59.0603 2196 MSSQLServerADHelper - ok
13:26:59.0623 2196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:26:59.0623 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779
13:26:59.0623 2196 MSTEE ( LockedFile.Multi.Generic ) - warning
13:26:59.0623 2196 MSTEE - detected LockedFile.Multi.Generic (1)
13:26:59.0773 2196 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
13:26:59.0843 2196 msvsmon90 - ok
13:26:59.0873 2196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:26:59.0873 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD
13:26:59.0873 2196 MTConfig ( LockedFile.Multi.Generic ) - warning
13:26:59.0873 2196 MTConfig - detected LockedFile.Multi.Generic (1)
13:26:59.0893 2196 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:26:59.0893 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 19B006B181E3875FD254F7B67ACF1E7C
13:26:59.0903 2196 MTsensor ( LockedFile.Multi.Generic ) - warning
13:26:59.0903 2196 MTsensor - detected LockedFile.Multi.Generic (1)
13:26:59.0943 2196 [ 07AD6825D5C658595CAB7F8F5849401C ] MtsHID C:\Windows\system32\drivers\MtsHID.sys
13:26:59.0943 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\MtsHID.sys. md5: 07AD6825D5C658595CAB7F8F5849401C
13:26:59.0943 2196 MtsHID ( LockedFile.Multi.Generic ) - warning
13:26:59.0943 2196 MtsHID - detected LockedFile.Multi.Generic (1)
13:26:59.0963 2196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:26:59.0963 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8
13:26:59.0973 2196 Mup ( LockedFile.Multi.Generic ) - warning
13:26:59.0973 2196 Mup - detected LockedFile.Multi.Generic (1)
13:27:00.0013 2196 [ C752AB67A50F921622FE65725D1F6856 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
13:27:00.0013 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mv91xx.sys. md5: C752AB67A50F921622FE65725D1F6856
13:27:00.0023 2196 mv91xx ( LockedFile.Multi.Generic ) - warning
13:27:00.0023 2196 mv91xx - detected LockedFile.Multi.Generic (1)
13:27:00.0073 2196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:27:00.0123 2196 napagent - ok
13:27:00.0153 2196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:27:00.0153 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33
13:27:00.0183 2196 NativeWifiP ( LockedFile.Multi.Generic ) - warning
13:27:00.0183 2196 NativeWifiP - detected LockedFile.Multi.Generic (1)
13:27:00.0223 2196 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:27:00.0223 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C
13:27:00.0243 2196 NDIS ( LockedFile.Multi.Generic ) - warning
13:27:00.0243 2196 NDIS - detected LockedFile.Multi.Generic (1)
13:27:00.0263 2196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:27:00.0263 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
13:27:00.0273 2196 NdisCap ( LockedFile.Multi.Generic ) - warning
13:27:00.0273 2196 NdisCap - detected LockedFile.Multi.Generic (1)
13:27:00.0293 2196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:27:00.0293 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5
13:27:00.0303 2196 NdisTapi ( LockedFile.Multi.Generic ) - warning
13:27:00.0303 2196 NdisTapi - detected LockedFile.Multi.Generic (1)
13:27:00.0343 2196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:27:00.0343 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356
13:27:00.0363 2196 Ndisuio ( LockedFile.Multi.Generic ) - warning
13:27:00.0363 2196 Ndisuio - detected LockedFile.Multi.Generic (1)
13:27:00.0393 2196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:27:00.0393 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11
13:27:00.0403 2196 NdisWan ( LockedFile.Multi.Generic ) - warning
13:27:00.0403 2196 NdisWan - detected LockedFile.Multi.Generic (1)
13:27:00.0433 2196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:27:00.0433 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879
13:27:00.0443 2196 NDProxy ( LockedFile.Multi.Generic ) - warning
13:27:00.0443 2196 NDProxy - detected LockedFile.Multi.Generic (1)
13:27:00.0463 2196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:27:00.0463 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4
13:27:00.0473 2196 NetBIOS ( LockedFile.Multi.Generic ) - warning
13:27:00.0473 2196 NetBIOS - detected LockedFile.Multi.Generic (1)
13:27:00.0493 2196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:27:00.0493 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068
13:27:00.0513 2196 NetBT ( LockedFile.Multi.Generic ) - warning
13:27:00.0513 2196 NetBT - detected LockedFile.Multi.Generic (1)
13:27:00.0533 2196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:27:00.0543 2196 Netlogon - ok
13:27:00.0583 2196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:27:00.0643 2196 Netman - ok
13:27:00.0693 2196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:27:00.0733 2196 NetMsmqActivator - ok
13:27:00.0749 2196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:27:00.0749 2196 NetPipeActivator - ok
13:27:00.0780 2196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:27:00.0827 2196 netprofm - ok
13:27:00.0842 2196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:27:00.0842 2196 NetTcpActivator - ok
13:27:00.0873 2196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:27:00.0889 2196 NetTcpPortSharing - ok
13:27:00.0920 2196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:27:00.0920 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92
13:27:00.0920 2196 nfrd960 ( LockedFile.Multi.Generic ) - warning
13:27:00.0920 2196 nfrd960 - detected LockedFile.Multi.Generic (1)
13:27:01.0014 2196 [ CEBCEBF19AF17489E60804F440F5CBFE ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
13:27:01.0029 2196 NitroReaderDriverReadSpool2 - ok
13:27:01.0076 2196 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:27:01.0123 2196 NlaSvc - ok
13:27:01.0139 2196 NmPar - ok
13:27:01.0154 2196 nmserial - ok
13:27:01.0185 2196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:27:01.0185 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7
13:27:01.0185 2196 Npfs ( LockedFile.Multi.Generic ) - warning
13:27:01.0185 2196 Npfs - detected LockedFile.Multi.Generic (1)
13:27:01.0232 2196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:27:01.0279 2196 nsi - ok
13:27:01.0310 2196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:27:01.0310 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001
13:27:01.0310 2196 nsiproxy ( LockedFile.Multi.Generic ) - warning
13:27:01.0310 2196 nsiproxy - detected LockedFile.Multi.Generic (1)
13:27:01.0388 2196 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:27:01.0388 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: A2F74975097F52A00745F9637451FDD8
13:27:01.0388 2196 Ntfs ( LockedFile.Multi.Generic ) - warning
13:27:01.0388 2196 Ntfs - detected LockedFile.Multi.Generic (1)
13:27:01.0419 2196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:27:01.0419 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1
13:27:01.0435 2196 Null ( LockedFile.Multi.Generic ) - warning
13:27:01.0435 2196 Null - detected LockedFile.Multi.Generic (1)
13:27:01.0451 2196 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:27:01.0451 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nusb3hub.sys. md5: 285ACEC1B13A15BA520AAE06BACB9CFF
13:27:01.0466 2196 nusb3hub ( LockedFile.Multi.Generic ) - warning
13:27:01.0466 2196 nusb3hub - detected LockedFile.Multi.Generic (1)
13:27:01.0513 2196 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:27:01.0513 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nusb3xhc.sys. md5: F6D625FF7B56BB6EA063F0D3A5BBC996
13:27:01.0529 2196 nusb3xhc ( LockedFile.Multi.Generic ) - warning
13:27:01.0529 2196 nusb3xhc - detected LockedFile.Multi.Generic (1)
13:27:01.0544 2196 [ 7FD5C060CB907489A5702F628226F54A ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys
13:27:01.0544 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NVAMACPI.sys. md5: 7FD5C060CB907489A5702F628226F54A
13:27:01.0560 2196 nvamacpi ( LockedFile.Multi.Generic ) - warning
13:27:01.0560 2196 nvamacpi - detected LockedFile.Multi.Generic (1)
13:27:01.0607 2196 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
13:27:01.0607 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvhda64v.sys. md5: 102806B360D0E6BC6E55BF47EF655D43
13:27:01.0622 2196 NVHDA ( LockedFile.Multi.Generic ) - warning
13:27:01.0622 2196 NVHDA - detected LockedFile.Multi.Generic (1)
13:27:01.0841 2196 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:27:01.0841 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: BA0B4889C40380A01ECDF84C227A89C9
13:27:01.0872 2196 nvlddmkm ( LockedFile.Multi.Generic ) - warning
13:27:01.0872 2196 nvlddmkm - detected LockedFile.Multi.Generic (1)
13:27:01.0919 2196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:27:01.0919 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD
13:27:01.0934 2196 nvraid ( LockedFile.Multi.Generic ) - warning
13:27:01.0934 2196 nvraid - detected LockedFile.Multi.Generic (1)
13:27:01.0950 2196 [ 694F5E9D9D624D47F432F5B2E66A0528 ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
13:27:01.0950 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvrd64.sys. md5: 694F5E9D9D624D47F432F5B2E66A0528
13:27:01.0965 2196 nvrd64 ( LockedFile.Multi.Generic ) - warning
13:27:01.0965 2196 nvrd64 - detected LockedFile.Multi.Generic (1)
13:27:01.0981 2196 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
13:27:01.0981 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvsmu.sys. md5: E58D81FB8616D0CB55C1E36AA0B213C9
13:27:01.0997 2196 nvsmu ( LockedFile.Multi.Generic ) - warning
13:27:01.0997 2196 nvsmu - detected LockedFile.Multi.Generic (1)
13:27:02.0012 2196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:27:02.0012 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A
13:27:02.0028 2196 nvstor ( LockedFile.Multi.Generic ) - warning
13:27:02.0028 2196 nvstor - detected LockedFile.Multi.Generic (1)
13:27:02.0059 2196 [ 05DE5DC43AFE6CAB78F9C7CA044CBCBE ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
13:27:02.0059 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvstor64.sys. md5: 05DE5DC43AFE6CAB78F9C7CA044CBCBE
13:27:02.0059 2196 nvstor64 ( LockedFile.Multi.Generic ) - warning
13:27:02.0059 2196 nvstor64 - detected LockedFile.Multi.Generic (1)
13:27:02.0106 2196 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:27:02.0121 2196 nvsvc - ok
13:27:02.0215 2196 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:27:02.0246 2196 nvUpdatusService - ok
13:27:02.0309 2196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:27:02.0309 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05
13:27:02.0309 2196 nv_agp ( LockedFile.Multi.Generic ) - warning
13:27:02.0309 2196 nv_agp - detected LockedFile.Multi.Generic (1)
13:27:02.0324 2196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:27:02.0324 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0
13:27:02.0340 2196 ohci1394 ( LockedFile.Multi.Generic ) - warning
13:27:02.0340 2196 ohci1394 - detected LockedFile.Multi.Generic (1)
13:27:02.0418 2196 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:27:02.0418 2196 ose - ok
13:27:02.0558 2196 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:27:02.0636 2196 osppsvc - ok
13:27:02.0699 2196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:27:02.0777 2196 p2pimsvc - ok
13:27:02.0808 2196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:27:02.0823 2196 p2psvc - ok
13:27:02.0886 2196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:27:02.0886 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887
13:27:02.0886 2196 Parport ( LockedFile.Multi.Generic ) - warning
13:27:02.0886 2196 Parport - detected LockedFile.Multi.Generic (1)
13:27:02.0933 2196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:27:02.0933 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C
13:27:02.0933 2196 partmgr ( LockedFile.Multi.Generic ) - warning
13:27:02.0933 2196 partmgr - detected LockedFile.Multi.Generic (1)
13:27:02.0964 2196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:27:03.0057 2196 PcaSvc - ok
13:27:03.0104 2196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:27:03.0104 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3
13:27:03.0104 2196 pci ( LockedFile.Multi.Generic ) - warning
13:27:03.0120 2196 pci - detected LockedFile.Multi.Generic (1)
13:27:03.0135 2196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:27:03.0135 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA
13:27:03.0151 2196 pciide ( LockedFile.Multi.Generic ) - warning
13:27:03.0151 2196 pciide - detected LockedFile.Multi.Generic (1)
13:27:03.0198 2196 [ D7C203015E2C2A2EAC8DACEF156D8DC3 ] PciIsaSerial C:\Windows\system32\DRIVERS\PciIsaSerial.sys
13:27:03.0198 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\PciIsaSerial.sys. md5: D7C203015E2C2A2EAC8DACEF156D8DC3
13:27:03.0198 2196 PciIsaSerial ( LockedFile.Multi.Generic ) - warning
13:27:03.0198 2196 PciIsaSerial - detected LockedFile.Multi.Generic (1)
13:27:03.0213 2196 [ 088B509B2F35A3CEE00AC0E0BC4C5BED ] PciPPorts C:\Windows\system32\DRIVERS\PciPPorts.sys
13:27:03.0213 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\PciPPorts.sys. md5: 088B509B2F35A3CEE00AC0E0BC4C5BED
13:27:03.0229 2196 PciPPorts ( LockedFile.Multi.Generic ) - warning
13:27:03.0229 2196 PciPPorts - detected LockedFile.Multi.Generic (1)
13:27:03.0229 2196 [ 7F97CDD5E91FC73DA2B01344957AA058 ] PciSPorts C:\Windows\system32\DRIVERS\PciSPorts.sys
13:27:03.0229 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\PciSPorts.sys. md5: 7F97CDD5E91FC73DA2B01344957AA058
13:27:03.0245 2196 PciSPorts ( LockedFile.Multi.Generic ) - warning
13:27:03.0245 2196 PciSPorts - detected LockedFile.Multi.Generic (1)
13:27:03.0260 2196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:27:03.0260 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F
13:27:03.0276 2196 pcmcia ( LockedFile.Multi.Generic ) - warning
13:27:03.0276 2196 pcmcia - detected LockedFile.Multi.Generic (1)
13:27:03.0291 2196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:27:03.0291 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603
13:27:03.0307 2196 pcw ( LockedFile.Multi.Generic ) - warning
13:27:03.0307 2196 pcw - detected LockedFile.Multi.Generic (1)
13:27:03.0338 2196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:27:03.0338 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E
13:27:03.0338 2196 PEAUTH ( LockedFile.Multi.Generic ) - warning
13:27:03.0338 2196 PEAUTH - detected LockedFile.Multi.Generic (1)
13:27:03.0447 2196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:27:03.0479 2196 PerfHost - ok
13:27:03.0541 2196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:27:03.0603 2196 pla - ok
13:27:03.0666 2196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:27:03.0744 2196 PlugPlay - ok
13:27:03.0775 2196 PnkBstrA - ok
13:27:03.0822 2196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:27:03.0837 2196 PNRPAutoReg - ok
13:27:03.0884 2196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:27:03.0884 2196 PNRPsvc - ok
13:27:03.0947 2196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:27:03.0993 2196 PolicyAgent - ok
13:27:04.0040 2196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:27:04.0087 2196 Power - ok
13:27:04.0118 2196 [ 14C04684A25C221EBE2105D169B4B6FF ] PPorts C:\Windows\system32\DRIVERS\PPorts.sys
13:27:04.0118 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\PPorts.sys. md5: 14C04684A25C221EBE2105D169B4B6FF
13:27:04.0118 2196 PPorts ( LockedFile.Multi.Generic ) - warning
13:27:04.0118 2196 PPorts - detected LockedFile.Multi.Generic (1)
13:27:04.0165 2196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:27:04.0165 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9
13:27:04.0165 2196 PptpMiniport ( LockedFile.Multi.Generic ) - warning
13:27:04.0165 2196 PptpMiniport - detected LockedFile.Multi.Generic (1)
13:27:04.0212 2196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:27:04.0212 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF
13:27:04.0212 2196 Processor ( LockedFile.Multi.Generic ) - warning
13:27:04.0212 2196 Processor - detected LockedFile.Multi.Generic (1)
13:27:04.0259 2196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:27:04.0337 2196 ProfSvc - ok
13:27:04.0352 2196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:27:04.0368 2196 ProtectedStorage - ok
13:27:04.0399 2196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:27:04.0399 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D
13:27:04.0415 2196 Psched ( LockedFile.Multi.Generic ) - warning
13:27:04.0415 2196 Psched - detected LockedFile.Multi.Generic (1)
13:27:04.0446 2196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:27:04.0461 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0
13:27:04.0461 2196 ql2300 ( LockedFile.Multi.Generic ) - warning
13:27:04.0461 2196 ql2300 - detected LockedFile.Multi.Generic (1)
13:27:04.0493 2196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:27:04.0493 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8
13:27:04.0493 2196 ql40xx ( LockedFile.Multi.Generic ) - warning
13:27:04.0493 2196 ql40xx - detected LockedFile.Multi.Generic (1)
13:27:04.0539 2196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:27:04.0555 2196 QWAVE - ok
13:27:04.0586 2196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:27:04.0586 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C
13:27:04.0586 2196 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
13:27:04.0586 2196 QWAVEdrv - detected LockedFile.Multi.Generic (1)
13:27:04.0617 2196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:27:04.0617 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704
13:27:04.0617 2196 RasAcd ( LockedFile.Multi.Generic ) - warning
13:27:04.0617 2196 RasAcd - detected LockedFile.Multi.Generic (1)
13:27:04.0649 2196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:27:04.0649 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90
13:27:04.0664 2196 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
13:27:04.0664 2196 RasAgileVpn - detected LockedFile.Multi.Generic (1)
13:27:04.0680 2196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:27:04.0711 2196 RasAuto - ok
13:27:04.0727 2196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:27:04.0727 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA
13:27:04.0742 2196 Rasl2tp ( LockedFile.Multi.Generic ) - warning
13:27:04.0742 2196 Rasl2tp - detected LockedFile.Multi.Generic (1)
13:27:04.0773 2196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:27:04.0836 2196 RasMan - ok
13:27:04.0867 2196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:27:04.0867 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25
13:27:04.0867 2196 RasPppoe ( LockedFile.Multi.Generic ) - warning
13:27:04.0867 2196 RasPppoe - detected LockedFile.Multi.Generic (1)
13:27:04.0898 2196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:27:04.0898 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB
13:27:04.0898 2196 RasSstp ( LockedFile.Multi.Generic ) - warning
13:27:04.0898 2196 RasSstp - detected LockedFile.Multi.Generic (1)
13:27:04.0929 2196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:27:04.0929 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F
13:27:04.0929 2196 rdbss ( LockedFile.Multi.Generic ) - warning
13:27:04.0929 2196 rdbss - detected LockedFile.Multi.Generic (1)
13:27:04.0961 2196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:27:04.0961 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D
13:27:04.0961 2196 rdpbus ( LockedFile.Multi.Generic ) - warning
13:27:04.0961 2196 rdpbus - detected LockedFile.Multi.Generic (1)
13:27:04.0992 2196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:27:04.0992 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24
13:27:05.0007 2196 RDPCDD ( LockedFile.Multi.Generic ) - warning
13:27:05.0007 2196 RDPCDD - detected LockedFile.Multi.Generic (1)
13:27:05.0039 2196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:27:05.0039 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365
13:27:05.0039 2196 RDPENCDD ( LockedFile.Multi.Generic ) - warning
13:27:05.0039 2196 RDPENCDD - detected LockedFile.Multi.Generic (1)
13:27:05.0070 2196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:27:05.0070 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A
13:27:05.0085 2196 RDPREFMP ( LockedFile.Multi.Generic ) - warning
13:27:05.0085 2196 RDPREFMP - detected LockedFile.Multi.Generic (1)
13:27:05.0132 2196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:27:05.0132 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A
13:27:05.0132 2196 RDPWD ( LockedFile.Multi.Generic ) - warning
13:27:05.0132 2196 RDPWD - detected LockedFile.Multi.Generic (1)
13:27:05.0179 2196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:27:05.0179 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520
13:27:05.0210 2196 rdyboost ( LockedFile.Multi.Generic ) - warning
13:27:05.0210 2196 rdyboost - detected LockedFile.Multi.Generic (1)
13:27:05.0288 2196 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
13:27:05.0319 2196 Realtek11nSU ( UnsignedFile.Multi.Generic ) - warning
13:27:05.0319 2196 Realtek11nSU - detected UnsignedFile.Multi.Generic (1)
13:27:05.0366 2196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:27:05.0413 2196 RemoteAccess - ok
13:27:05.0444 2196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:27:05.0507 2196 RemoteRegistry - ok
13:27:05.0538 2196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:27:05.0569 2196 RpcEptMapper - ok
13:27:05.0616 2196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:27:05.0631 2196 RpcLocator - ok
13:27:05.0678 2196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:27:05.0709 2196 RpcSs - ok
13:27:05.0725 2196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:27:05.0725 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF
13:27:05.0741 2196 rspndr ( LockedFile.Multi.Generic ) - warning
13:27:05.0741 2196 rspndr - detected LockedFile.Multi.Generic (1)
13:27:05.0787 2196 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:27:05.0787 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: B15C021C2C9BB217A799D9532E8F04D4
13:27:05.0787 2196 RTL8167 ( LockedFile.Multi.Generic ) - warning
13:27:05.0787 2196 RTL8167 - detected LockedFile.Multi.Generic (1)
13:27:05.0834 2196 [ 4629C5C4772D223B0ECD1EA8BA7A2A33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
13:27:05.0834 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RTL8192su.sys. md5: 4629C5C4772D223B0ECD1EA8BA7A2A33
13:27:05.0834 2196 RTL8192su ( LockedFile.Multi.Generic ) - warning
13:27:05.0834 2196 RTL8192su - detected LockedFile.Multi.Generic (1)
13:27:05.0865 2196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:27:05.0881 2196 SamSs - ok
13:27:05.0928 2196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:27:05.0928 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B
13:27:05.0928 2196 sbp2port ( LockedFile.Multi.Generic ) - warning
13:27:05.0928 2196 sbp2port - detected LockedFile.Multi.Generic (1)
13:27:05.0975 2196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:27:06.0006 2196 SCardSvr - ok
13:27:06.0037 2196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:27:06.0037 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B
13:27:06.0053 2196 scfilter ( LockedFile.Multi.Generic ) - warning
13:27:06.0053 2196 scfilter - detected LockedFile.Multi.Generic (1)
13:27:06.0115 2196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:27:06.0177 2196 Schedule - ok
13:27:06.0224 2196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:27:06.0255 2196 SCPolicySvc - ok
13:27:06.0302 2196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:27:06.0349 2196 SDRSVC - ok
13:27:06.0365 2196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:27:06.0365 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
13:27:06.0380 2196 secdrv ( LockedFile.Multi.Generic ) - warning
13:27:06.0380 2196 secdrv - detected LockedFile.Multi.Generic (1)
13:27:06.0396 2196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:27:06.0443 2196 seclogon - ok
13:27:06.0489 2196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:27:06.0536 2196 SENS - ok
13:27:06.0567 2196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:27:06.0614 2196 SensrSvc - ok
13:27:06.0661 2196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:27:06.0661 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B
13:27:06.0661 2196 Serenum ( LockedFile.Multi.Generic ) - warning
13:27:06.0661 2196 Serenum - detected LockedFile.Multi.Generic (1)
13:27:06.0677 2196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:27:06.0677 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
13:27:06.0692 2196 Serial ( LockedFile.Multi.Generic ) - warning
13:27:06.0692 2196 Serial - detected LockedFile.Multi.Generic (1)
13:27:06.0723 2196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:27:06.0723 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3
13:27:06.0723 2196 sermouse ( LockedFile.Multi.Generic ) - warning
13:27:06.0723 2196 sermouse - detected LockedFile.Multi.Generic (1)
13:27:06.0786 2196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:27:06.0817 2196 SessionEnv - ok
13:27:06.0848 2196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:27:06.0848 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF
13:27:06.0864 2196 sffdisk ( LockedFile.Multi.Generic ) - warning
13:27:06.0864 2196 sffdisk - detected LockedFile.Multi.Generic (1)
13:27:06.0879 2196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:27:06.0879 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF
13:27:06.0895 2196 sffp_mmc ( LockedFile.Multi.Generic ) - warning
13:27:06.0895 2196 sffp_mmc - detected LockedFile.Multi.Generic (1)
13:27:06.0895 2196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:27:06.0895 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C
13:27:06.0911 2196 sffp_sd ( LockedFile.Multi.Generic ) - warning
13:27:06.0911 2196 sffp_sd - detected LockedFile.Multi.Generic (1)
13:27:06.0942 2196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:27:06.0942 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4
13:27:06.0942 2196 sfloppy ( LockedFile.Multi.Generic ) - warning
13:27:06.0942 2196 sfloppy - detected LockedFile.Multi.Generic (1)
13:27:07.0004 2196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:27:07.0035 2196 ShellHWDetection - ok
13:27:07.0082 2196 [ DA492C8305434EC6F9BDD60C8B83B10E ] Si3124r5 C:\Windows\system32\DRIVERS\Si3124r5.sys
13:27:07.0082 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Si3124r5.sys. md5: DA492C8305434EC6F9BDD60C8B83B10E
13:27:07.0098 2196 Si3124r5 ( LockedFile.Multi.Generic ) - warning
13:27:07.0098 2196 Si3124r5 - detected LockedFile.Multi.Generic (1)
13:27:07.0113 2196 [ 8D10887A1699CF61E74467694B929B09 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
13:27:07.0113 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiWinAcc.sys. md5: 8D10887A1699CF61E74467694B929B09
13:27:07.0129 2196 SiFilter ( LockedFile.Multi.Generic ) - warning
13:27:07.0129 2196 SiFilter - detected LockedFile.Multi.Generic (1)
13:27:07.0145 2196 [ 94E1EDA9A0B305A67EE1BBD0A68CE21A ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
13:27:07.0145 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiRemFil.sys. md5: 94E1EDA9A0B305A67EE1BBD0A68CE21A
13:27:07.0145 2196 SiRemFil ( LockedFile.Multi.Generic ) - warning
13:27:07.0145 2196 SiRemFil - detected LockedFile.Multi.Generic (1)
13:27:07.0176 2196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:27:07.0176 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1
13:27:07.0191 2196 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
13:27:07.0191 2196 SiSRaid2 - detected LockedFile.Multi.Generic (1)
13:27:07.0207 2196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:27:07.0207 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4
13:27:07.0223 2196 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
13:27:07.0223 2196 SiSRaid4 - detected LockedFile.Multi.Generic (1)
13:27:07.0238 2196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:27:07.0238 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4
13:27:07.0254 2196 Smb ( LockedFile.Multi.Generic ) - warning
13:27:07.0254 2196 Smb - detected LockedFile.Multi.Generic (1)
13:27:07.0301 2196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:27:07.0332 2196 SNMPTRAP - ok
13:27:07.0363 2196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:27:07.0363 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9
13:27:07.0379 2196 spldr ( LockedFile.Multi.Generic ) - warning
13:27:07.0379 2196 spldr - detected LockedFile.Multi.Generic (1)
13:27:07.0410 2196 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:27:07.0441 2196 Spooler - ok
13:27:07.0457 2196 [ 739C2571867F351167D1D958990E9D84 ] SPorts C:\Windows\system32\DRIVERS\SPorts.sys
13:27:07.0457 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SPorts.sys. md5: 739C2571867F351167D1D958990E9D84
13:27:07.0472 2196 SPorts ( LockedFile.Multi.Generic ) - warning
13:27:07.0472 2196 SPorts - detected LockedFile.Multi.Generic (1)
13:27:07.0550 2196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:27:07.0644 2196 sppsvc - ok
13:27:07.0691 2196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:27:07.0737 2196 sppuinotify - ok
13:27:07.0800 2196 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:27:07.0815 2196 SQLBrowser - ok
13:27:07.0878 2196 [ 582F8B13E1042C49A4A5A7BB52F518E4 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:27:07.0893 2196 SQLWriter - ok
13:27:07.0925 2196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:27:07.0925 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B
13:27:07.0940 2196 srv ( LockedFile.Multi.Generic ) - warning
13:27:07.0940 2196 srv - detected LockedFile.Multi.Generic (1)
13:27:07.0971 2196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:27:07.0971 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28
13:27:07.0987 2196 srv2 ( LockedFile.Multi.Generic ) - warning
13:27:07.0987 2196 srv2 - detected LockedFile.Multi.Generic (1)
13:27:08.0034 2196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:27:08.0034 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3
13:27:08.0034 2196 srvnet ( LockedFile.Multi.Generic ) - warning
13:27:08.0034 2196 srvnet - detected LockedFile.Multi.Generic (1)
13:27:08.0065 2196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:27:08.0112 2196 SSDPSRV - ok
13:27:08.0143 2196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:27:08.0190 2196 SstpSvc - ok
13:27:08.0237 2196 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
13:27:08.0237 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ssudmdm.sys. md5: 855335BF5792E56164F98C012E3D92DD
13:27:08.0237 2196 ssudmdm ( LockedFile.Multi.Generic ) - warning
13:27:08.0237 2196 ssudmdm - detected LockedFile.Multi.Generic (1)
13:27:08.0268 2196 Steam Client Service - ok
13:27:08.0361 2196 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:27:08.0377 2196 Stereo Service - ok
13:27:08.0424 2196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:27:08.0424 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A
13:27:08.0439 2196 stexstor ( LockedFile.Multi.Generic ) - warning
13:27:08.0439 2196 stexstor - detected LockedFile.Multi.Generic (1)
13:27:08.0486 2196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:27:08.0502 2196 stisvc - ok
13:27:08.0533 2196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:27:08.0533 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90
13:27:08.0549 2196 swenum ( LockedFile.Multi.Generic ) - warning
13:27:08.0549 2196 swenum - detected LockedFile.Multi.Generic (1)
13:27:08.0595 2196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:27:08.0627 2196 swprv - ok
13:27:08.0705 2196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:27:08.0751 2196 SysMain - ok
13:27:08.0798 2196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:27:08.0814 2196 TabletInputService - ok
13:27:08.0845 2196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:27:08.0892 2196 TapiSrv - ok
13:27:08.0923 2196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:27:08.0954 2196 TBS - ok
13:27:09.0017 2196 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:27:09.0017 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
13:27:09.0048 2196 Tcpip ( LockedFile.Multi.Generic ) - warning
13:27:09.0048 2196 Tcpip - detected LockedFile.Multi.Generic (1)
13:27:09.0079 2196 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:27:09.0079 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
13:27:09.0095 2196 TCPIP6 ( LockedFile.Multi.Generic ) - warning
13:27:09.0095 2196 TCPIP6 - detected LockedFile.Multi.Generic (1)
13:27:09.0157 2196 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:27:09.0157 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519
13:27:09.0157 2196 tcpipreg ( LockedFile.Multi.Generic ) - warning
13:27:09.0157 2196 tcpipreg - detected LockedFile.Multi.Generic (1)
13:27:09.0188 2196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:27:09.0188 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C
13:27:09.0204 2196 TDPIPE ( LockedFile.Multi.Generic ) - warning
13:27:09.0204 2196 TDPIPE - detected LockedFile.Multi.Generic (1)
13:27:09.0235 2196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:27:09.0235 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
13:27:09.0251 2196 TDTCP ( LockedFile.Multi.Generic ) - warning
13:27:09.0251 2196 TDTCP - detected LockedFile.Multi.Generic (1)
13:27:09.0297 2196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:27:09.0297 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806
13:27:09.0297 2196 tdx ( LockedFile.Multi.Generic ) - warning
13:27:09.0297 2196 tdx - detected LockedFile.Multi.Generic (1)
13:27:09.0344 2196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:27:09.0344 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5
13:27:09.0344 2196 TermDD ( LockedFile.Multi.Generic ) - warning
13:27:09.0344 2196 TermDD - detected LockedFile.Multi.Generic (1)
13:27:09.0391 2196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:27:09.0453 2196 TermService - ok
13:27:09.0500 2196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:27:09.0531 2196 Themes - ok
13:27:09.0578 2196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:27:09.0609 2196 THREADORDER - ok
13:27:09.0641 2196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:27:09.0687 2196 TrkWks - ok
13:27:09.0765 2196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:27:09.0812 2196 TrustedInstaller - ok
13:27:09.0859 2196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:27:09.0859 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
13:27:09.0859 2196 tssecsrv ( LockedFile.Multi.Generic ) - warning
13:27:09.0859 2196 tssecsrv - detected LockedFile.Multi.Generic (1)
13:27:09.0906 2196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:27:09.0906 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9
13:27:09.0906 2196 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
13:27:09.0906 2196 TsUsbFlt - detected LockedFile.Multi.Generic (1)
13:27:09.0953 2196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:27:09.0953 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894
13:27:09.0968 2196 tunnel ( LockedFile.Multi.Generic ) - warning
13:27:09.0968 2196 tunnel - detected LockedFile.Multi.Generic (1)
13:27:10.0015 2196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:27:10.0015 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67
13:27:10.0015 2196 uagp35 ( LockedFile.Multi.Generic ) - warning
13:27:10.0015 2196 uagp35 - detected LockedFile.Multi.Generic (1)
13:27:10.0062 2196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:27:10.0062 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593
13:27:10.0062 2196 udfs ( LockedFile.Multi.Generic ) - warning
13:27:10.0062 2196 udfs - detected LockedFile.Multi.Generic (1)
13:27:10.0093 2196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:27:10.0109 2196 UI0Detect - ok
13:27:10.0140 2196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:27:10.0140 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320
13:27:10.0140 2196 uliagpkx ( LockedFile.Multi.Generic ) - warning
13:27:10.0140 2196 uliagpkx - detected LockedFile.Multi.Generic (1)
13:27:10.0171 2196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:27:10.0171 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561
13:27:10.0187 2196 umbus ( LockedFile.Multi.Generic ) - warning
13:27:10.0187 2196 umbus - detected LockedFile.Multi.Generic (1)
13:27:10.0218 2196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:27:10.0218 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D
13:27:10.0218 2196 UmPass ( LockedFile.Multi.Generic ) - warning
13:27:10.0218 2196 UmPass - detected LockedFile.Multi.Generic (1)
13:27:10.0249 2196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:27:10.0280 2196 upnphost - ok
13:27:10.0358 2196 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:27:10.0358 2196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbaapl64.sys. md5: AF1B9474D67897D0C2CFF58E0ACEACCC
13:27:10.0358 2196 USBAAPL64 ( LockedFile.Multi.Generic ) - warning
13:27:10.0358 2196 USBAAPL64 - detected LockedFile.Multi.Generic (1)
13:27:10.0405 2196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:27:10.0405 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
13:27:10.0405 2196 usbccgp ( LockedFile.Multi.Generic ) - warning
13:27:10.0405 2196 usbccgp - detected LockedFile.Multi.Generic (1)
13:27:10.0436 2196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:27:10.0436 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
13:27:10.0452 2196 usbcir ( LockedFile.Multi.Generic ) - warning
13:27:10.0452 2196 usbcir - detected LockedFile.Multi.Generic (1)
13:27:10.0483 2196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:27:10.0483 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
13:27:10.0483 2196 usbehci ( LockedFile.Multi.Generic ) - warning
13:27:10.0483 2196 usbehci - detected LockedFile.Multi.Generic (1)
13:27:10.0530 2196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:27:10.0545 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
13:27:10.0561 2196 usbhub ( LockedFile.Multi.Generic ) - warning
13:27:10.0561 2196 usbhub - detected LockedFile.Multi.Generic (1)
13:27:10.0608 2196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:27:10.0608 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
13:27:10.0608 2196 usbohci ( LockedFile.Multi.Generic ) - warning
13:27:10.0608 2196 usbohci - detected LockedFile.Multi.Generic (1)
13:27:10.0639 2196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:27:10.0639 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
13:27:10.0639 2196 usbprint ( LockedFile.Multi.Generic ) - warning
13:27:10.0639 2196 usbprint - detected LockedFile.Multi.Generic (1)
13:27:10.0686 2196 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:27:10.0686 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0
13:27:10.0686 2196 usbscan ( LockedFile.Multi.Generic ) - warning
13:27:10.0686 2196 usbscan - detected LockedFile.Multi.Generic (1)
13:27:10.0733 2196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:27:10.0733 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
13:27:10.0733 2196 USBSTOR ( LockedFile.Multi.Generic ) - warning
13:27:10.0733 2196 USBSTOR - detected LockedFile.Multi.Generic (1)
13:27:10.0748 2196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:27:10.0748 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
13:27:10.0748 2196 usbuhci ( LockedFile.Multi.Generic ) - warning
13:27:10.0748 2196 usbuhci - detected LockedFile.Multi.Generic (1)
13:27:10.0795 2196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:27:10.0811 2196 UxSms - ok
13:27:10.0826 2196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:27:10.0842 2196 VaultSvc - ok
13:27:10.0857 2196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:27:10.0857 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
13:27:10.0873 2196 vdrvroot ( LockedFile.Multi.Generic ) - warning
13:27:10.0873 2196 vdrvroot - detected LockedFile.Multi.Generic (1)
13:27:10.0935 2196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:27:10.0982 2196 vds - ok
13:27:10.0998 2196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:27:10.0998 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
13:27:10.0998 2196 vga ( LockedFile.Multi.Generic ) - warning
13:27:10.0998 2196 vga - detected LockedFile.Multi.Generic (1)
13:27:11.0013 2196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:27:11.0013 2196 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
13:27:11.0013 2196 VgaSave ( LockedFile.Multi.Generic ) - warning
13:27:11.0013 2196 VgaSave - detected LockedFile.Multi.Generic (1)
13:27:11.0060 2196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:27:11.0060 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
13:27:11.0076 2196 vhdmp ( LockedFile.Multi.Generic ) - warning
13:27:11.0076 2196 vhdmp - detected LockedFile.Multi.Generic (1)
13:27:11.0107 2196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:27:11.0107 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
13:27:11.0107 2196 viaide ( LockedFile.Multi.Generic ) - warning
13:27:11.0107 2196 viaide - detected LockedFile.Multi.Generic (1)
13:27:11.0138 2196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:27:11.0138 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
13:27:11.0138 2196 volmgr ( LockedFile.Multi.Generic ) - warning
13:27:11.0138 2196 volmgr - detected LockedFile.Multi.Generic (1)
13:27:11.0185 2196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:27:11.0185 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
13:27:11.0201 2196 volmgrx ( LockedFile.Multi.Generic ) - warning
13:27:11.0201 2196 volmgrx - detected LockedFile.Multi.Generic (1)
13:27:11.0216 2196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:27:11.0216 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
13:27:11.0232 2196 volsnap ( LockedFile.Multi.Generic ) - warning
13:27:11.0232 2196 volsnap - detected LockedFile.Multi.Generic (1)
13:27:11.0263 2196 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
13:27:11.0263 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: B4A73CA4EF9A02B9738CEA9AD5FE5917
13:27:11.0263 2196 vpcbus ( LockedFile.Multi.Generic ) - warning
13:27:11.0263 2196 vpcbus - detected LockedFile.Multi.Generic (1)
13:27:11.0341 2196 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:27:11.0341 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: E675FB2B48C54F09895482E2253B289C
13:27:11.0357 2196 vpcnfltr ( LockedFile.Multi.Generic ) - warning
13:27:11.0357 2196 vpcnfltr - detected LockedFile.Multi.Generic (1)
13:27:11.0372 2196 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
13:27:11.0372 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 5FB42082B0D19A0268705F1DD343DF20
13:27:11.0388 2196 vpcusb ( LockedFile.Multi.Generic ) - warning
13:27:11.0388 2196 vpcusb - detected LockedFile.Multi.Generic (1)
13:27:11.0450 2196 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
13:27:11.0450 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\vpcvmm.sys. md5: 207B6539799CC1C112661A9B620DD233
13:27:11.0450 2196 vpcvmm ( LockedFile.Multi.Generic ) - warning
13:27:11.0450 2196 vpcvmm - detected LockedFile.Multi.Generic (1)
13:27:11.0497 2196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid
__________________

Alt 18.11.2012, 13:40   #4
daniskin
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Hallo Cosinus, hier der zweite Teil des Reports des TDS.Killers, hatte wohl zu viel Zeicjen für
einen post.


C:\Windows\system32\DRIVERS\vsmraid.sys
13:27:11.0497 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
13:27:11.0513 2196 vsmraid ( LockedFile.Multi.Generic ) - warning
13:27:11.0513 2196 vsmraid - detected LockedFile.Multi.Generic (1)
13:27:11.0559 2196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:27:11.0606 2196 VSS - ok
13:27:11.0622 2196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:27:11.0622 2196 Suspicious file (NoAccess): C:\Windows\System32\drivers\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
13:27:11.0637 2196 vwifibus ( LockedFile.Multi.Generic ) - warning
13:27:11.0637 2196 vwifibus - detected LockedFile.Multi.Generic (1)
13:27:11.0684 2196 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:27:11.0684 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F
13:27:11.0684 2196 vwififlt ( LockedFile.Multi.Generic ) - warning
13:27:11.0684 2196 vwififlt - detected LockedFile.Multi.Generic (1)
13:27:11.0731 2196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:27:11.0778 2196 W32Time - ok
13:27:11.0825 2196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:27:11.0825 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
13:27:11.0825 2196 WacomPen ( LockedFile.Multi.Generic ) - warning
13:27:11.0825 2196 WacomPen - detected LockedFile.Multi.Generic (1)
13:27:11.0871 2196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:27:11.0871 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
13:27:11.0871 2196 WANARP ( LockedFile.Multi.Generic ) - warning
13:27:11.0871 2196 WANARP - detected LockedFile.Multi.Generic (1)
13:27:11.0887 2196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:27:11.0887 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
13:27:11.0903 2196 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
13:27:11.0903 2196 Wanarpv6 - detected LockedFile.Multi.Generic (1)
13:27:11.0949 2196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:27:12.0027 2196 wbengine - ok
13:27:12.0074 2196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:27:12.0090 2196 WbioSrvc - ok
13:27:12.0121 2196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:27:12.0168 2196 wcncsvc - ok
13:27:12.0199 2196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:27:12.0230 2196 WcsPlugInService - ok
13:27:12.0246 2196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:27:12.0246 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
13:27:12.0246 2196 Wd ( LockedFile.Multi.Generic ) - warning
13:27:12.0246 2196 Wd - detected LockedFile.Multi.Generic (1)
13:27:12.0293 2196 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:27:12.0293 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
13:27:12.0293 2196 Wdf01000 ( LockedFile.Multi.Generic ) - warning
13:27:12.0293 2196 Wdf01000 - detected LockedFile.Multi.Generic (1)
13:27:12.0324 2196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:27:12.0402 2196 WdiServiceHost - ok
13:27:12.0417 2196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:27:12.0433 2196 WdiSystemHost - ok
13:27:12.0480 2196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:27:12.0495 2196 WebClient - ok
13:27:12.0527 2196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:27:12.0573 2196 Wecsvc - ok
13:27:12.0620 2196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:27:12.0667 2196 wercplsupport - ok
13:27:12.0714 2196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:27:12.0745 2196 WerSvc - ok
13:27:12.0776 2196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:27:12.0776 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
13:27:12.0792 2196 WfpLwf ( LockedFile.Multi.Generic ) - warning
13:27:12.0792 2196 WfpLwf - detected LockedFile.Multi.Generic (1)
13:27:12.0807 2196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:27:12.0807 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
13:27:12.0823 2196 WIMMount ( LockedFile.Multi.Generic ) - warning
13:27:12.0823 2196 WIMMount - detected LockedFile.Multi.Generic (1)
13:27:12.0854 2196 WinHttpAutoProxySvc - ok
13:27:12.0932 2196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:27:12.0979 2196 Winmgmt - ok
13:27:13.0041 2196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:27:13.0088 2196 WinRM - ok
13:27:13.0166 2196 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:27:13.0166 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D
13:27:13.0166 2196 WinUsb ( LockedFile.Multi.Generic ) - warning
13:27:13.0166 2196 WinUsb - detected LockedFile.Multi.Generic (1)
13:27:13.0213 2196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:27:13.0229 2196 Wlansvc - ok
13:27:13.0353 2196 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:27:13.0400 2196 wlidsvc - ok
13:27:13.0447 2196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:27:13.0447 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
13:27:13.0463 2196 WmiAcpi ( LockedFile.Multi.Generic ) - warning
13:27:13.0463 2196 WmiAcpi - detected LockedFile.Multi.Generic (1)
13:27:13.0494 2196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:27:13.0525 2196 wmiApSrv - ok
13:27:13.0572 2196 WMPNetworkSvc - ok
13:27:13.0603 2196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:27:13.0665 2196 WPCSvc - ok
13:27:13.0712 2196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:27:13.0759 2196 WPDBusEnum - ok
13:27:13.0790 2196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:27:13.0790 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
13:27:13.0806 2196 ws2ifsl ( LockedFile.Multi.Generic ) - warning
13:27:13.0806 2196 ws2ifsl - detected LockedFile.Multi.Generic (1)
13:27:13.0821 2196 WSearch - ok
13:27:13.0884 2196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:27:13.0931 2196 wuauserv - ok
13:27:13.0977 2196 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:27:13.0977 2196 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
13:27:13.0993 2196 WudfPf ( LockedFile.Multi.Generic ) - warning
13:27:13.0993 2196 WudfPf - detected LockedFile.Multi.Generic (1)
13:27:14.0009 2196 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:27:14.0009 2196 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
13:27:14.0009 2196 WUDFRd ( LockedFile.Multi.Generic ) - warning
13:27:14.0009 2196 WUDFRd - detected LockedFile.Multi.Generic (1)
13:27:14.0055 2196 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:27:14.0071 2196 wudfsvc - ok
13:27:14.0102 2196 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:27:14.0133 2196 WwanSvc - ok
13:27:14.0180 2196 ================ Scan global ===============================
13:27:14.0211 2196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:27:14.0243 2196 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:27:14.0258 2196 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:27:14.0274 2196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:27:14.0305 2196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:27:14.0305 2196 [Global] - ok
13:27:14.0305 2196 ================ Scan MBR ==================================
13:27:14.0305 2196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:27:14.0664 2196 \Device\Harddisk0\DR0 - ok
13:27:14.0664 2196 ================ Scan VBR ==================================
13:27:14.0664 2196 [ 9164699B07EA2665E5B79683035A3A20 ] \Device\Harddisk0\DR0\Partition1
13:27:14.0664 2196 \Device\Harddisk0\DR0\Partition1 - ok
13:27:14.0679 2196 [ A93860736A9C9218535825594CA99AF3 ] \Device\Harddisk0\DR0\Partition2
13:27:14.0695 2196 \Device\Harddisk0\DR0\Partition2 - ok
13:27:14.0695 2196 ============================================================
13:27:14.0695 2196 Scan finished
13:27:14.0695 2196 ============================================================
13:27:14.0695 2208 Detected object count: 239
13:27:14.0695 2208 Actual detected object count: 239
13:27:49.0670 2208 906d6994eace405d ( Rootkit.Win32.Necurs.gen ) - skipped by user
13:27:49.0670 2208 906d6994eace405d ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
13:27:49.0670 2208 cdfs ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0670 2208 cdrom ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0670 2208 circlass ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 circlass ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0670 2208 CLFS ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 CLFS ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0670 2208 CNG ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 CNG ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0670 2208 Compbatt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0670 2208 CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0670 2208 crcdisk ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0670 2208 DfsC ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0670 2208 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 dg_ssudbus ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 dg_ssudbus ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 discache ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 discache ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 Disk ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 Disk ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 drmkaud ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 ebdrv ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 elxstor ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 exfat ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 fastfat ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 fdc ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 FileInfo ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 fssfltr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 fssfltr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 FTDIBUS ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 FTDIBUS ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0686 2208 FTSER2K ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0686 2208 FTSER2K ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 fvevol ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 GEARAspiWDM ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 GEARAspiWDM ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HECIx64 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HECIx64 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HidBth ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HidIr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 HTTP ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 iaStor ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 iaStor ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0701 2208 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0701 2208 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 iirsp ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 Impcd ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 Impcd ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 intelide ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 intelppm ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 isapnp ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 ISASerial ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 ISASerial ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 JRAID ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 JRAID ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0717 2208 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0717 2208 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 LexPrintListener ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 LexPrintListener ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 LHidFilt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 LHidFilt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 lltdio ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 LMouFilt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 LMouFilt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 luafv ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 LUsbFilt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 LUsbFilt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 megasas ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 Modem ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 monitor ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 mouclass ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 mouhid ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 mpio ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0733 2208 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0733 2208 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 msahci ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 msdsm ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 Msfs ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MTsensor ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0748 2208 MtsHID ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0748 2208 MtsHID ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 Mup ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 mv91xx ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 mv91xx ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NDIS ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NetBT ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 Npfs ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 Null ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 Null ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 nusb3hub ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 nusb3hub ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 nusb3xhc ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 nusb3xhc ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 nvamacpi ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 nvamacpi ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0764 2208 NVHDA ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0764 2208 NVHDA ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 nvlddmkm ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 nvlddmkm ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 nvraid ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 nvrd64 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 nvrd64 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 nvsmu ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 nvsmu ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 nvstor ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 nvstor64 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 nvstor64 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 Parport ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 partmgr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 pci ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 pci ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 pciide ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 PciIsaSerial ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 PciIsaSerial ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 PciPPorts ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 PciPPorts ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 PciSPorts ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 PciSPorts ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 pcw ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0779 2208 PPorts ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0779 2208 PPorts ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 Processor ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 Psched ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 rdbss ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0795 2208 Realtek11nSU ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:49.0795 2208 Realtek11nSU ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 rspndr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 RTL8192su ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 RTL8192su ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 scfilter ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 secdrv ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 Serenum ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 Serial ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 sermouse ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 Si3124r5 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 Si3124r5 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 SiFilter ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 SiFilter ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 SiRemFil ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 SiRemFil ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0811 2208 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0811 2208 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 Smb ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 spldr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 SPorts ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 SPorts ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 srv ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 srv ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 srv2 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 srvnet ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 ssudmdm ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 ssudmdm ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 stexstor ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 swenum ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 tdx ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 TermDD ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0826 2208 tunnel ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0826 2208 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 udfs ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 umbus ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 UmPass ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 USBAAPL64 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 USBAAPL64 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 usbcir ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 usbehci ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 usbhub ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 usbohci ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 usbprint ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 usbscan ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 vga ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 vga ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0842 2208 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0842 2208 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 viaide ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 volmgr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 volsnap ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 vpcbus ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 vpcbus ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 vpcnfltr ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 vpcnfltr ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 vpcusb ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 vpcusb ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 vpcvmm ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 vpcvmm ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 WANARP ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 Wd ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0857 2208 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0857 2208 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0873 2208 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0873 2208 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0873 2208 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0873 2208 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0873 2208 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0873 2208 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0873 2208 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0873 2208 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
13:27:49.0873 2208 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
13:27:49.0873 2208 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip

Alt 18.11.2012, 22:00   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Die Logs sollst du doch in CODE-Tags posten! Ich hab dich gebeten alles gut durchzulesen und das war schon im ersten Hinweisposting!

Außerdem ist das Log vom TDSS-Killer unvollständig

Das TDSS-Killer-Log kannst du gezippt in den Anhang legen, aber ansonsten die Logs bitte NICHT anhängen!!

Sie müssen nur dann in den Anhang (als eine ZIP-Datei mit allen Logdateien), wenn sie zu groß sind um direkt gepostet zu werden!


Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher, übersichtlicher und man spart sich ne Menge Rumklickerei!

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2012, 23:27   #6
daniskin
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Hallo cosinus;

Danke für die rasche Antwort!
hier nochmal die logfiles als code-Tag bzw. Anhang:
hoffe ich habe das mit dem Code-Tag richtig verstanden.

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 22:45:27
-----------------------------
22:45:27.721    OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:27.721    Number of processors: 4 586 0x1E05
22:45:27.721    ComputerName: DANIELPC  UserName: 
22:45:29.255    Initialze error C0000001 - driver not loaded
22:45:35.022    AVAST engine defs: 12111800
22:45:41.240    Service scanning
22:45:41.550    Service 1394ohci C:\Windows\system32\drivers\1394ohci.sys **LOCKED** 5
22:45:41.553    Service 906d6994eace405d C:\Windows\System32\Drivers\906d6994eace405d.sys **HIDDEN**
22:45:41.556    Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 5
22:45:41.562    Service AcpiPmi C:\Windows\system32\drivers\acpipmi.sys **LOCKED** 5
22:45:41.640    Service adp3132 C:\Windows\system32\DRIVERS\adp3132.sys **LOCKED** 5
22:45:41.651    Service adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys **LOCKED** 5
22:45:41.657    Service adpahci C:\Windows\system32\DRIVERS\adpahci.sys **LOCKED** 5
22:45:41.664    Service adpu320 C:\Windows\system32\DRIVERS\adpu320.sys **LOCKED** 5
22:45:41.700    Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 5
22:45:41.712    Service agp440 C:\Windows\system32\drivers\agp440.sys **LOCKED** 5
22:45:41.721    Service ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys **LOCKED** 5
22:45:41.758    Service aliide C:\Windows\system32\drivers\aliide.sys **LOCKED** 5
22:45:41.777    Service amdide C:\Windows\system32\drivers\amdide.sys **LOCKED** 5
22:45:41.804    Service amdide64 C:\Windows\system32\DRIVERS\amdide64.sys **LOCKED** 5
22:45:41.816    Service AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys **LOCKED** 5
22:45:41.832    Service AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys **LOCKED** 5
22:45:41.848    Service amdsata C:\Windows\system32\drivers\amdsata.sys **LOCKED** 5
22:45:41.864    Service amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys **LOCKED** 5
22:45:41.879    Service amdxata C:\Windows\system32\drivers\amdxata.sys **LOCKED** 5
22:45:41.895    Service amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys **LOCKED** 5
22:45:41.912    Service amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys **LOCKED** 5
22:45:42.032    Service AppID C:\Windows\system32\drivers\appid.sys **LOCKED** 5
22:45:42.174    Service arc C:\Windows\system32\DRIVERS\arc.sys **LOCKED** 5
22:45:42.188    Service arcsas C:\Windows\system32\DRIVERS\arcsas.sys **LOCKED** 5
22:45:42.319    Service AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys **LOCKED** 5
22:45:42.333    Service atapi C:\Windows\system32\drivers\atapi.sys **LOCKED** 5
22:45:42.342    Service atikmdag C:\Windows\system32\drivers\atikmdag.sys **LOCKED** 5
22:45:42.492    Service avipbb C:\Windows\system32\DRIVERS\avipbb.sys **LOCKED** 5
22:45:42.506    Service avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys **LOCKED** 5
22:45:42.551    Service b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys **LOCKED** 5
22:45:42.565    Service b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys **LOCKED** 5
22:45:42.607    Service Beep C:\Windows\System32\Drivers\Beep.sys **LOCKED** 5
22:45:42.670    Service blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys **LOCKED** 5
22:45:42.767    Service BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys **LOCKED** 5
22:45:42.780    Service BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys **LOCKED** 5
22:45:42.827    Service Brserid C:\Windows\System32\Drivers\Brserid.sys **LOCKED** 5
22:45:42.842    Service BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys **LOCKED** 5
22:45:42.852    Service BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys **LOCKED** 5
22:45:42.862    Service BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys **LOCKED** 5
22:45:42.873    Service BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys **LOCKED** 5
22:45:42.907    Service Bufeap C:\Windows\system32\DRIVERS\bufeap64.sys **LOCKED** 5
22:45:42.987    Service cdrom C:\Windows\system32\DRIVERS\cdrom.sys **LOCKED** 5
22:45:43.022    Service circlass C:\Windows\system32\DRIVERS\circlass.sys **LOCKED** 5
22:45:43.037    Service CLFS C:\Windows\System32\CLFS.sys **LOCKED** 5
22:45:43.261    Service CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys **LOCKED** 5
22:45:43.275    Service cmdide C:\Windows\system32\drivers\cmdide.sys **LOCKED** 5
22:45:43.286    Service CNG C:\Windows\System32\Drivers\cng.sys **LOCKED** 5
22:45:43.296    Service Compbatt C:\Windows\system32\DRIVERS\compbatt.sys **LOCKED** 5
22:45:43.307    Service CompositeBus C:\Windows\system32\drivers\CompositeBus.sys **LOCKED** 5
22:45:43.339    Service crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys **LOCKED** 5
22:45:43.469    Service dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys **LOCKED** 5
22:45:43.534    Service discache C:\Windows\System32\drivers\discache.sys **LOCKED** 5
22:45:43.549    Service Disk C:\Windows\system32\DRIVERS\disk.sys **LOCKED** 5
22:45:43.648    Service drmkaud C:\Windows\system32\drivers\drmkaud.sys **LOCKED** 5
22:45:43.663    Service DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys **LOCKED** 5
22:45:43.696    Service ebdrv C:\Windows\system32\DRIVERS\evbda.sys **LOCKED** 5
22:45:43.833    Service elxstor C:\Windows\system32\DRIVERS\elxstor.sys **LOCKED** 5
22:45:43.848    Service ErrDev C:\Windows\system32\drivers\errdev.sys **LOCKED** 5
22:45:44.029    Service fdc C:\Windows\system32\DRIVERS\fdc.sys **LOCKED** 5
22:45:44.090    Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **LOCKED** 5
22:45:44.216    Service fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys **LOCKED** 5
22:45:44.396    Service Fs_Rec C:\Windows\System32\Drivers\Fs_Rec.sys **LOCKED** 5
22:45:44.411    Service FTDIBUS C:\Windows\system32\drivers\ftdibus.sys **LOCKED** 5
22:45:44.421    Service FTSER2K C:\Windows\system32\drivers\ftser2k.sys **LOCKED** 5
22:45:44.431    Service fvevol C:\Windows\System32\DRIVERS\fvevol.sys **LOCKED** 5
22:45:44.442    Service gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys **LOCKED** 5
22:45:44.452    Service GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys **LOCKED** 5
22:45:44.694    Service hcw85cir C:\Windows\system32\drivers\hcw85cir.sys **LOCKED** 5
22:45:44.710    Service HdAudAddService C:\Windows\system32\drivers\HdAudio.sys **LOCKED** 5
22:45:44.720    Service HDAudBus C:\Windows\system32\drivers\HDAudBus.sys **LOCKED** 5
22:45:44.730    Service HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys **LOCKED** 5
22:45:44.741    Service HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys **LOCKED** 5
22:45:44.751    Service HidBth C:\Windows\system32\DRIVERS\hidbth.sys **LOCKED** 5
22:45:44.761    Service HidIr C:\Windows\system32\DRIVERS\hidir.sys **LOCKED** 5
22:45:44.806    Service HidUsb C:\Windows\system32\drivers\hidusb.sys **LOCKED** 5
22:45:44.910    Service HpSAMD C:\Windows\system32\drivers\HpSAMD.sys **LOCKED** 5
22:45:44.924    Service HTTP C:\Windows\system32\drivers\HTTP.sys **LOCKED** 5
22:45:44.935    Service hwpolicy C:\Windows\System32\drivers\hwpolicy.sys **LOCKED** 5
22:45:44.945    Service i8042prt C:\Windows\system32\drivers\i8042prt.sys **LOCKED** 5
22:45:44.956    Service iaStor C:\Windows\system32\DRIVERS\iaStor.sys **LOCKED** 5
22:45:45.030    Service iaStorV C:\Windows\system32\drivers\iaStorV.sys **LOCKED** 5
22:45:45.229    Service iirsp C:\Windows\system32\DRIVERS\iirsp.sys **LOCKED** 5
22:45:45.300    Service Impcd C:\Windows\system32\DRIVERS\Impcd.sys **LOCKED** 5
22:45:45.315    Service intelide C:\Windows\system32\drivers\intelide.sys **LOCKED** 5
22:45:45.328    Service intelppm C:\Windows\system32\DRIVERS\intelppm.sys **LOCKED** 5
22:45:45.375    Service IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys **LOCKED** 5
22:45:45.390    Service IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys **LOCKED** 5
22:45:45.400    Service IPNAT C:\Windows\System32\drivers\ipnat.sys **LOCKED** 5
22:45:45.496    Service IRENUM C:\Windows\system32\drivers\irenum.sys **LOCKED** 5
22:45:45.510    Service isapnp C:\Windows\system32\drivers\isapnp.sys **LOCKED** 5
22:45:45.521    Service ISASerial C:\Windows\system32\DRIVERS\ISASerial.sys **LOCKED** 5
22:45:45.532    Service iScsiPrt C:\Windows\system32\drivers\msiscsi.sys **LOCKED** 5
22:45:45.542    Service JRAID C:\Windows\system32\DRIVERS\jraid.sys **LOCKED** 5
22:45:45.552    Service kbdclass C:\Windows\system32\drivers\kbdclass.sys **LOCKED** 5
22:45:45.562    Service kbdhid C:\Windows\system32\drivers\kbdhid.sys **LOCKED** 5
22:45:45.586    Service KSecDD C:\Windows\System32\Drivers\ksecdd.sys **LOCKED** 5
22:45:45.600    Service KSecPkg C:\Windows\System32\Drivers\ksecpkg.sys **LOCKED** 5
22:45:45.610    Service ksthunk C:\Windows\system32\drivers\ksthunk.sys **LOCKED** 5
22:45:45.919    Service LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys **LOCKED** 5
22:45:45.934    Service lltdio C:\Windows\system32\DRIVERS\lltdio.sys **LOCKED** 5
22:45:45.996    Service LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys **LOCKED** 5
22:45:46.011    Service LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys **LOCKED** 5
22:45:46.021    Service LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys **LOCKED** 5
22:45:46.031    Service LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys **LOCKED** 5
22:45:46.042    Service LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys **LOCKED** 5
22:45:46.052    Service LUsbFilt C:\Windows\System32\Drivers\LUsbFilt.Sys **LOCKED** 5
22:45:46.368    Service megasas C:\Windows\system32\DRIVERS\megasas.sys **LOCKED** 5
22:45:46.383    Service MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys **LOCKED** 5
22:45:48.033    Service Modem C:\Windows\system32\drivers\modem.sys **LOCKED** 5
22:45:48.048    Service monitor C:\Windows\system32\DRIVERS\monitor.sys **LOCKED** 5
22:45:48.058    Service mouclass C:\Windows\system32\drivers\mouclass.sys **LOCKED** 5
22:45:48.069    Service mouhid C:\Windows\system32\DRIVERS\mouhid.sys **LOCKED** 5
22:45:48.080    Service mountmgr C:\Windows\System32\drivers\mountmgr.sys **LOCKED** 5
22:45:48.148    Service mpio C:\Windows\system32\drivers\mpio.sys **LOCKED** 5
22:45:48.163    Service mpsdrv C:\Windows\System32\drivers\mpsdrv.sys **LOCKED** 5
22:45:48.184    Service msahci C:\Windows\system32\drivers\msahci.sys **LOCKED** 5
22:45:48.197    Service msdsm C:\Windows\system32\drivers\msdsm.sys **LOCKED** 5
22:45:48.234    Service mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys **LOCKED** 5
22:45:48.247    Service msisadrv C:\Windows\system32\drivers\msisadrv.sys **LOCKED** 5
22:45:48.333    Service MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys **LOCKED** 5
22:45:48.348    Service MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys **LOCKED** 5
22:45:48.358    Service MSPQM C:\Windows\system32\drivers\MSPQM.sys **LOCKED** 5
22:45:48.370    Service MsRPC C:\Windows\System32\Drivers\MsRPC.sys **LOCKED** 5
22:45:48.380    Service mssmbios C:\Windows\system32\drivers\mssmbios.sys **LOCKED** 5
22:45:50.044    Service MSTEE C:\Windows\system32\drivers\MSTEE.sys **LOCKED** 5
22:45:50.282    Service MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys **LOCKED** 5
22:45:50.296    Service MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys **LOCKED** 5
22:45:50.307    Service MtsHID C:\Windows\system32\drivers\MtsHID.sys **LOCKED** 5
22:45:50.317    Service mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys **LOCKED** 5
22:45:50.426    Service NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys **LOCKED** 5
22:45:50.442    Service NDIS C:\Windows\system32\drivers\ndis.sys **LOCKED** 5
22:45:50.452    Service NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys **LOCKED** 5
22:45:50.462    Service NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys **LOCKED** 5
22:45:50.473    Service Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys **LOCKED** 5
22:45:50.483    Service NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys **LOCKED** 5
22:45:50.493    Service NDProxy C:\Windows\System32\Drivers\NDProxy.sys **LOCKED** 5
22:45:50.504    Service NetBT C:\Windows\System32\DRIVERS\netbt.sys **LOCKED** 5
22:45:50.737    Service nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys **LOCKED** 5
22:45:50.888    Service nsiproxy C:\Windows\system32\drivers\nsiproxy.sys **LOCKED** 5
22:45:50.904    Service Null C:\Windows\System32\Drivers\Null.sys **LOCKED** 5
22:45:50.918    Service nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys **LOCKED** 5
22:45:50.928    Service nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys **LOCKED** 5
22:45:50.938    Service nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys **LOCKED** 5
22:45:50.949    Service NVHDA C:\Windows\system32\drivers\nvhda64v.sys **LOCKED** 5
22:45:50.960    Service nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys **LOCKED** 5
22:45:50.970    Service nvraid C:\Windows\system32\drivers\nvraid.sys **LOCKED** 5
22:45:50.980    Service nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys **LOCKED** 5
22:45:50.991    Service nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys **LOCKED** 5
22:45:51.001    Service nvstor C:\Windows\system32\drivers\nvstor.sys **LOCKED** 5
22:45:51.012    Service nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys **LOCKED** 5
22:45:51.209    Service nv_agp C:\Windows\system32\drivers\nv_agp.sys **LOCKED** 5
22:45:51.223    Service ohci1394 C:\Windows\system32\drivers\ohci1394.sys **LOCKED** 5
22:45:51.663    Service Parport C:\Windows\system32\DRIVERS\parport.sys **LOCKED** 5
22:45:51.678    Service partmgr C:\Windows\System32\drivers\partmgr.sys **LOCKED** 5
22:45:51.713    Service pci C:\Windows\system32\drivers\pci.sys **LOCKED** 5
22:45:51.728    Service pciide C:\Windows\system32\drivers\pciide.sys **LOCKED** 5
22:45:51.739    Service PciIsaSerial C:\Windows\system32\DRIVERS\PciIsaSerial.sys **LOCKED** 5
22:45:51.749    Service PciPPorts C:\Windows\system32\DRIVERS\PciPPorts.sys **LOCKED** 5
22:45:51.760    Service PciSPorts C:\Windows\system32\DRIVERS\PciSPorts.sys **LOCKED** 5
22:45:51.770    Service pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys **LOCKED** 5
22:45:51.781    Service pcw C:\Windows\System32\drivers\pcw.sys **LOCKED** 5
22:45:51.791    Service PEAUTH C:\Windows\system32\drivers\peauth.sys **LOCKED** 5
22:45:52.097    Service PPorts C:\Windows\system32\DRIVERS\PPorts.sys **LOCKED** 5
22:45:52.112    Service PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys **LOCKED** 5
22:45:52.123    Service Processor C:\Windows\system32\DRIVERS\processr.sys **LOCKED** 5
22:45:52.213    Service Psched C:\Windows\system32\DRIVERS\pacer.sys **LOCKED** 5
22:45:52.228    Service ql2300 C:\Windows\system32\DRIVERS\ql2300.sys **LOCKED** 5
22:45:52.239    Service ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys **LOCKED** 5
22:45:52.278    Service QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys **LOCKED** 5
22:45:52.293    Service RasAcd C:\Windows\System32\DRIVERS\rasacd.sys **LOCKED** 5
22:45:52.303    Service RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys **LOCKED** 5
22:45:52.322    Service Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys **LOCKED** 5
22:45:52.377    Service RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys **LOCKED** 5
22:45:52.393    Service RasSstp C:\Windows\system32\DRIVERS\rassstp.sys **LOCKED** 5
22:45:52.403    Service rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys **LOCKED** 5
22:45:52.416    Service RDPCDD C:\Windows\System32\DRIVERS\RDPCDD.sys **LOCKED** 5
22:45:52.427    Service RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys **LOCKED** 5
22:45:52.438    Service RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys **LOCKED** 5
22:45:52.448    Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 5
22:45:52.458    Service rdyboost C:\Windows\System32\drivers\rdyboost.sys **LOCKED** 5
22:45:52.660    Service rspndr C:\Windows\system32\DRIVERS\rspndr.sys **LOCKED** 5
22:45:52.674    Service RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys **LOCKED** 5
22:45:52.685    Service RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys **LOCKED** 5
22:45:52.701    Service sbp2port C:\Windows\system32\drivers\sbp2port.sys **LOCKED** 5
22:45:52.737    Service scfilter C:\Windows\System32\DRIVERS\scfilter.sys **LOCKED** 5
22:45:52.918    Service secdrv C:\Windows\System32\Drivers\secdrv.sys **LOCKED** 5
22:45:52.975    Service Serenum C:\Windows\system32\DRIVERS\serenum.sys **LOCKED** 5
22:45:52.990    Service Serial C:\Windows\system32\DRIVERS\serial.sys **LOCKED** 5
22:45:53.001    Service sermouse C:\Windows\system32\DRIVERS\sermouse.sys **LOCKED** 5
22:45:53.034    Service sffdisk C:\Windows\system32\drivers\sffdisk.sys **LOCKED** 5
22:45:53.049    Service sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys **LOCKED** 5
22:45:53.060    Service sffp_sd C:\Windows\system32\drivers\sffp_sd.sys **LOCKED** 5
22:45:53.070    Service sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys **LOCKED** 5
22:45:53.130    Service Si3124r5 C:\Windows\system32\DRIVERS\Si3124r5.sys **LOCKED** 5
22:45:53.145    Service SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys **LOCKED** 5
22:45:53.155    Service SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys **LOCKED** 5
22:45:53.166    Service SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys **LOCKED** 5
22:45:53.177    Service SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys **LOCKED** 5
22:45:53.187    Service Smb C:\Windows\system32\DRIVERS\smb.sys **LOCKED** 5
22:45:53.212    Service spldr C:\Windows\System32\Drivers\spldr.sys **LOCKED** 5
22:45:53.261    Service SPorts C:\Windows\system32\DRIVERS\SPorts.sys **LOCKED** 5
22:45:53.646    Service ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys **LOCKED** 5
22:45:53.801    Service stexstor C:\Windows\system32\DRIVERS\stexstor.sys **LOCKED** 5
22:45:53.876    Service swenum C:\Windows\system32\drivers\swenum.sys **LOCKED** 5
22:45:54.074    Service Tcpip C:\Windows\System32\drivers\tcpip.sys **LOCKED** 5
22:45:54.087    Service TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys **LOCKED** 5
22:45:54.098    Service tcpipreg C:\Windows\System32\drivers\tcpipreg.sys **LOCKED** 5
22:45:54.108    Service TDPIPE C:\Windows\system32\drivers\tdpipe.sys **LOCKED** 5
22:45:54.119    Service TDTCP C:\Windows\system32\drivers\tdtcp.sys **LOCKED** 5
22:45:54.129    Service tdx C:\Windows\system32\DRIVERS\tdx.sys **LOCKED** 5
22:45:54.139    Service TermDD C:\Windows\system32\drivers\termdd.sys **LOCKED** 5
22:45:54.324    Service tssecsrv C:\Windows\System32\DRIVERS\tssecsrv.sys **LOCKED** 5
22:45:54.340    Service TsUsbFlt C:\Windows\System32\drivers\tsusbflt.sys **LOCKED** 5
22:45:54.350    Service tunnel C:\Windows\system32\DRIVERS\tunnel.sys **LOCKED** 5
22:45:54.361    Service uagp35 C:\Windows\system32\DRIVERS\uagp35.sys **LOCKED** 5
22:45:54.392    Service uliagpkx C:\Windows\system32\drivers\uliagpkx.sys **LOCKED** 5
22:45:54.407    Service umbus C:\Windows\system32\DRIVERS\umbus.sys **LOCKED** 5
22:45:54.417    Service UmPass C:\Windows\system32\DRIVERS\umpass.sys **LOCKED** 5
22:45:54.457    Service USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys **LOCKED** 5
22:45:54.471    Service usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys **LOCKED** 5
22:45:54.482    Service usbcir C:\Windows\system32\drivers\usbcir.sys **LOCKED** 5
22:45:54.492    Service usbehci C:\Windows\system32\drivers\usbehci.sys **LOCKED** 5
22:45:54.503    Service usbhub C:\Windows\system32\DRIVERS\usbhub.sys **LOCKED** 5
22:45:54.513    Service usbohci C:\Windows\system32\drivers\usbohci.sys **LOCKED** 5
22:45:54.524    Service usbprint C:\Windows\system32\DRIVERS\usbprint.sys **LOCKED** 5
22:45:54.534    Service usbscan C:\Windows\system32\DRIVERS\usbscan.sys **LOCKED** 5
22:45:54.545    Service USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS **LOCKED** 5
22:45:54.555    Service usbuhci C:\Windows\system32\drivers\usbuhci.sys **LOCKED** 5
22:45:54.624    Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED** 5
22:45:54.682    Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED** 5
22:45:54.697    Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED** 5
22:45:54.708    Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED** 5
22:45:54.718    Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED** 5
22:45:54.729    Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED** 5
22:45:54.739    Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED** 5
22:45:54.749    Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 5
22:45:54.760    Service vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys **LOCKED** 5
22:45:54.770    Service vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys **LOCKED** 5
22:45:54.781    Service vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys **LOCKED** 5
22:45:54.792    Service vpcvmm C:\Windows\system32\drivers\vpcvmm.sys **LOCKED** 5
22:45:54.802    Service vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys **LOCKED** 5
22:45:54.905    Service vwifibus C:\Windows\System32\drivers\vwifibus.sys **LOCKED** 5
22:45:54.921    Service vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys **LOCKED** 5
22:45:54.956    Service WacomPen C:\Windows\system32\DRIVERS\wacompen.sys **LOCKED** 5
22:45:54.971    Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 5
22:45:54.983    Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 5
22:45:55.151    Service Wd C:\Windows\system32\DRIVERS\wd.sys **LOCKED** 5
22:45:55.166    Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 5
22:45:55.277    Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED** 5
22:45:55.470    Service WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys **LOCKED** 5
22:45:55.754    Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED** 5
22:45:55.861    Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED** 5
22:45:56.058    Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED** 5
22:45:56.073    Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED** 5
22:45:56.630    Modules scanning
22:45:56.638    Disk 0 trace - called modules:
22:45:56.641    
22:45:56.647    Scan finished successfully
22:46:07.986    The log file has been saved successfully to "C:\Users\Daniel Graf\Desktop\aswMBR.txt"
         

Alt 20.11.2012, 10:27   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.11.2012, 12:15   #8
daniskin
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Hallo Cosinus,

hier das LOG von Combofix:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-20.01 - Daniel Graf 20.11.2012  11:45:51.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4087.2926 [GMT 1:00]
ausgeführt von:: c:\users\Daniel Graf\Desktop\ComboFix.exe
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\SPL164D.tmp
c:\programdata\SPL251C.tmp
c:\programdata\SPL4C2D.tmp
c:\programdata\SPL5425.tmp
c:\programdata\SPL5908.tmp
c:\programdata\SPLA2C3.tmp
c:\programdata\SPLA6B9.tmp
c:\programdata\SPLD6D0.tmp
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-20 bis 2012-11-20  ))))))))))))))))))))))))))))))
.
.
2012-11-18 12:35 . 2012-11-18 12:35	--------	d-----w-	c:\program files (x86)\7-Zip
2012-10-30 11:29 . 2012-10-30 15:05	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-10-30 10:16 . 2012-10-30 10:16	--------	d-----w-	c:\programdata\EA Logs
2012-10-29 11:53 . 2012-10-29 11:53	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-26 20:32 . 2012-10-26 20:32	--------	d-----w-	c:\users\Daniel Graf\Tracing
2012-10-26 20:27 . 2012-10-26 20:27	--------	d-----w-	c:\windows\de
2012-10-26 20:25 . 2012-09-12 13:20	57856	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2012-10-26 20:25 . 2012-10-26 20:25	--------	d-----w-	c:\program files\Windows Live
2012-10-26 20:24 . 2012-10-26 20:26	--------	d-----w-	c:\program files (x86)\Windows Live
2012-10-26 20:18 . 2012-10-26 20:18	--------	d-----w-	c:\program files (x86)\Microsoft SkyDrive
2012-10-26 20:18 . 2012-10-26 20:16	5659096	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\bc29cd961cdb3b603\skydrivesetup.exe
2012-10-26 20:18 . 2012-10-26 20:18	--------	d-----r-	c:\users\Daniel Graf\SkyDrive
2012-10-26 20:18 . 2012-10-26 20:18	--------	d-----w-	c:\programdata\Microsoft SkyDrive
2012-10-26 20:16 . 2012-10-26 20:16	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c2b334f71cdb3b604\DSETUP.dll
2012-10-26 20:16 . 2012-10-26 20:16	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c2b334f71cdb3b604\DXSETUP.exe
2012-10-26 20:16 . 2012-10-26 20:16	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\c2b334f71cdb3b604\dsetup32.dll
2012-10-26 20:16 . 2012-10-26 20:16	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\babffc6c1cdb3b602\DSETUP.dll
2012-10-26 20:16 . 2012-10-26 20:16	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\babffc6c1cdb3b602\DXSETUP.exe
2012-10-26 20:16 . 2012-10-26 20:16	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\babffc6c1cdb3b602\dsetup32.dll
2012-10-26 20:16 . 2012-10-26 20:16	94040	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\b7481b261cdb3b601\DSETUP.dll
2012-10-26 20:16 . 2012-10-26 20:16	525656	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\b7481b261cdb3b601\DXSETUP.exe
2012-10-26 20:16 . 2012-10-26 20:16	1691480	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\b7481b261cdb3b601\dsetup32.dll
2012-10-26 16:54 . 2012-10-26 16:54	--------	d-----w-	c:\users\Daniel Graf\AppData\Roaming\Malwarebytes
2012-10-26 16:54 . 2012-10-26 16:54	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-26 16:54 . 2012-10-26 16:54	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-26 16:54 . 2012-09-29 17:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 16:26 . 2012-04-15 13:29	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-13 16:26 . 2011-06-18 11:14	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 19:57 . 2012-09-30 19:57	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 19:57 . 2012-05-13 08:58	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 19:57 . 2010-12-15 22:47	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-12 14:07 . 2012-09-12 14:07	58368	----a-w-	c:\windows\SysWow64\sirenacm.dll
2012-09-12 13:57 . 2012-09-12 13:57	322048	----a-w-	c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-26 20:18	220632	----a-w-	c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-26 20:18	220632	----a-w-	c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-26 20:18	220632	----a-w-	c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-09-06 162408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [2010-04-14 45736]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 adp3132;adp3132;c:\windows\system32\DRIVERS\adp3132.sys [2010-01-28 385072]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-04-08 232464]
R3 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
R3 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2007-10-12 10632]
R3 Bufeap;BUFFALO EAP Driver;c:\windows\system32\DRIVERS\bufeap64.sys [2007-08-17 18432]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\DRIVERS\ISASerial.sys [2008-02-20 72192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [2009-07-15 27664]
R3 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-07-01 293416]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-07-16 28192]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\DRIVERS\PciIsaSerial.sys [2008-05-22 72192]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [2008-05-22 95744]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys [2008-05-22 126464]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\DRIVERS\PPorts.sys [2008-02-20 95744]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si3124r5.sys [2010-04-13 340008]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\DRIVERS\SPorts.sys [2008-02-20 124416]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-11 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S2 BWH32S;BWH32S;c:\program files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe [2009-07-09 126328]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LexPrintListener;LexPrint Listener;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-04-14 1052328]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-05-16 216080]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - 906d6994eace405d
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LexPrintListener	REG_MULTI_SZ   	LexPrintListener
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:26]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-27 23:37]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-27 23:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-26 20:18	244696	----a-w-	c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-26 20:18	244696	----a-w-	c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-26 20:18	244696	----a-w-	c:\users\Daniel Graf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxedmon.exe"="c:\program files (x86)\Lexmark S600 Series\lxedmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark S600 Series\ezprint.exe" [2011-01-23 148280]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bild.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to DVD Converter - c:\users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\Daniel Graf\AppData\Roaming\Mozilla\Firefox\Profiles\bguaee61.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bild.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\906d6994eace405d]
"ImagePath"="\SystemRoot\System32\Drivers\906d6994eace405d.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1861507059-4191554130-2990585910-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\SITECOM\300N USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-20  12:00:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-20 11:00
.
Vor Suchlauf: 9 Verzeichnis(se), 566.661.062.656 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 566.387.064.832 Bytes frei
.
- - End Of File - - 0EE49FDE092ED1BE95C0F2EB8E4EFE77
         
--- --- ---


Hallo Cosinus,

nachdem ich nun Combofix ausgeführt habe und nun den PC wieder normal nutze ist dieser
schon 2x abgestürzt.
Windows wurde herunter gefahren um vor Schäden zu schützen, stand im blauen Bildschirm.
Einmal ist es beim Versuch den Echtzeit-scanner (dieser lässt sich immer noch nicht aktivieren) von Antivirus zu aktivieren aufgetreten und ein zweites mal während dem Spiel COD BO 2.

Alt 20.11.2012, 14:23   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Mach bitte ein neues Log mit dem TDSS-Killer
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.11.2012, 14:40   #10
daniskin
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Hallo Cosinus,

hier das TDS-LOG als zip angehängt.

Alt 20.11.2012, 14:50   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Code:
ATTFilter
14:29:38.0895 4212  906d6994eace405d ( Rootkit.Win32.Necurs.gen ) - skipped by user
         
Da ist noch was aktiv

Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.11.2012, 15:05   #12
daniskin
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Code:
ATTFilter
14:59:14.0025 3700  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:59:14.0509 3700  ============================================================
14:59:14.0509 3700  Current date / time: 2012/11/20 14:59:14.0509
14:59:14.0509 3700  SystemInfo:
14:59:14.0509 3700  
14:59:14.0509 3700  OS Version: 6.1.7601 ServicePack: 1.0
14:59:14.0509 3700  Product type: Workstation
14:59:14.0509 3700  ComputerName: DANIELPC
14:59:14.0509 3700  UserName: Daniel Graf
14:59:14.0509 3700  Windows directory: C:\Windows
14:59:14.0509 3700  System windows directory: C:\Windows
14:59:14.0509 3700  Running under WOW64
14:59:14.0509 3700  Processor architecture: Intel x64
14:59:14.0509 3700  Number of processors: 4
14:59:14.0509 3700  Page size: 0x1000
14:59:14.0509 3700  Boot type: Normal boot
14:59:14.0509 3700  ============================================================
14:59:15.0710 3700  BG loaded
14:59:16.0225 3700  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:59:16.0256 3700  ============================================================
14:59:16.0256 3700  \Device\Harddisk0\DR0:
14:59:16.0271 3700  MBR partitions:
14:59:16.0271 3700  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57542800
14:59:16.0271 3700  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57543000, BlocksNum 0x57544000
14:59:16.0271 3700  ============================================================
14:59:16.0318 3700  C: <-> \Device\Harddisk0\DR0\Partition1
14:59:16.0396 3700  D: <-> \Device\Harddisk0\DR0\Partition2
14:59:16.0396 3700  ============================================================
14:59:16.0396 3700  Initialize success
14:59:16.0396 3700  ============================================================
14:59:38.0144 4680  ============================================================
14:59:38.0144 4680  Scan started
14:59:38.0144 4680  Mode: Manual; SigCheck; TDLFS; 
14:59:38.0144 4680  ============================================================
14:59:40.0390 4680  ================ Scan system memory ========================
14:59:40.0390 4680  System memory - ok
14:59:40.0390 4680  ================ Scan services =============================
14:59:42.0387 4680  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:59:46.0209 4680  1394ohci - ok
14:59:46.0318 4680  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:59:46.0506 4680  ACPI - ok
14:59:46.0615 4680  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:59:46.0911 4680  AcpiPmi - ok
14:59:48.0003 4680  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:59:48.0752 4680  AdobeFlashPlayerUpdateSvc - ok
14:59:48.0830 4680  [ 132190688D8E51D61F88A150D7DF9FB4 ] adp3132         C:\Windows\system32\DRIVERS\adp3132.sys
14:59:49.0080 4680  adp3132 - ok
14:59:49.0173 4680  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:59:49.0438 4680  adp94xx - ok
14:59:49.0548 4680  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:59:49.0750 4680  adpahci - ok
14:59:49.0813 4680  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:59:50.0016 4680  adpu320 - ok
14:59:50.0109 4680  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:59:51.0732 4680  AeLookupSvc - ok
14:59:51.0903 4680  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:59:52.0340 4680  AFD - ok
14:59:52.0418 4680  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:59:52.0574 4680  agp440 - ok
14:59:52.0668 4680  [ EDA7E60B5A47D9E47E0E843CAC624FF3 ] ahcix64s        C:\Windows\system32\DRIVERS\ahcix64s.sys
14:59:53.0042 4680  ahcix64s - ok
14:59:53.0104 4680  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:59:53.0416 4680  ALG - ok
14:59:53.0463 4680  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:59:53.0713 4680  aliide - ok
14:59:53.0760 4680  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:59:54.0181 4680  amdide - ok
14:59:54.0243 4680  [ D52A2E98C5EEFF88CED28793B6B04D84 ] amdide64        C:\Windows\system32\DRIVERS\amdide64.sys
14:59:54.0368 4680  amdide64 - ok
14:59:54.0462 4680  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:59:54.0945 4680  AmdK8 - ok
14:59:54.0976 4680  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:59:55.0257 4680  AmdPPM - ok
14:59:55.0335 4680  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:59:55.0429 4680  amdsata - ok
14:59:55.0522 4680  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:59:55.0694 4680  amdsbs - ok
14:59:55.0788 4680  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:59:55.0850 4680  amdxata - ok
14:59:55.0928 4680  [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
14:59:55.0990 4680  amd_sata - ok
14:59:56.0037 4680  [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
14:59:56.0084 4680  amd_xata - ok
14:59:57.0160 4680  [ 50AF3AD6EDE5CD341AAA2E795F6E4135 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:59:57.0223 4680  AntiVirSchedulerService - ok
14:59:57.0582 4680  [ 7AF2A53FC0CF1D8AF3C013DECFCB0099 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:59:57.0628 4680  AntiVirService - ok
14:59:57.0722 4680  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:59:59.0906 4680  AppID - ok
14:59:59.0968 4680  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:00:00.0062 4680  AppIDSvc - ok
15:00:00.0156 4680  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:00:00.0327 4680  Appinfo - ok
15:00:00.0608 4680  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:00:00.0655 4680  Apple Mobile Device - ok
15:00:00.0889 4680  [ D73AAD4946051D074909FDFD34D94C7B ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:00:00.0936 4680  arc - ok
15:00:00.0967 4680  [ 46E8C3EB03224A1E55C6F0C100A9D2CC ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:00:01.0014 4680  arcsas - ok
15:00:01.0731 4680  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:00:02.0277 4680  aspnet_state - ok
15:00:02.0355 4680  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:02.0620 4680  AsyncMac - ok
15:00:02.0698 4680  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:00:02.0761 4680  atapi - ok
15:00:04.0071 4680  [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag        C:\Windows\system32\drivers\atikmdag.sys
15:00:04.0960 4680  atikmdag - ok
15:00:05.0101 4680  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:05.0257 4680  AudioEndpointBuilder - ok
15:00:05.0272 4680  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:00:05.0319 4680  AudioSrv - ok
15:00:05.0506 4680  [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:00:05.0538 4680  avgntflt - ok
15:00:05.0678 4680  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:00:05.0694 4680  avipbb - ok
15:00:05.0803 4680  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:00:05.0834 4680  avkmgr - ok
15:00:05.0912 4680  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:00:06.0645 4680  AxInstSV - ok
15:00:06.0942 4680  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:00:07.0176 4680  b06bdrv - ok
15:00:07.0254 4680  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:07.0644 4680  b57nd60a - ok
15:00:07.0878 4680  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:00:08.0252 4680  BDESVC - ok
15:00:08.0392 4680  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:00:08.0736 4680  Beep - ok
15:00:08.0829 4680  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:00:08.0892 4680  BFE - ok
15:00:09.0110 4680  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:00:09.0204 4680  BITS - ok
15:00:09.0282 4680  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:09.0375 4680  blbdrive - ok
15:00:09.0843 4680  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:00:09.0906 4680  Bonjour Service - ok
15:00:09.0952 4680  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:00:10.0093 4680  bowser - ok
15:00:10.0140 4680  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:10.0701 4680  BrFiltLo - ok
15:00:10.0717 4680  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:10.0795 4680  BrFiltUp - ok
15:00:10.0966 4680  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:00:11.0809 4680  BridgeMP - ok
15:00:12.0199 4680  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
15:00:12.0308 4680  Browser - ok
15:00:12.0386 4680  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:00:12.0823 4680  Brserid - ok
15:00:12.0870 4680  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:13.0026 4680  BrSerWdm - ok
15:00:13.0135 4680  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:13.0806 4680  BrUsbMdm - ok
15:00:13.0962 4680  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:14.0086 4680  BrUsbSer - ok
15:00:14.0133 4680  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:14.0352 4680  BTHMODEM - ok
15:00:14.0430 4680  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:00:14.0804 4680  bthserv - ok
15:00:15.0132 4680  [ 0063578F0E06B07D2EA60635C71746AC ] Bufeap          C:\Windows\system32\DRIVERS\bufeap64.sys
15:00:15.0428 4680  Bufeap - ok
15:00:15.0553 4680  [ 6AE9F70F02A6E28E45B643A2834111BE ] BWH32S          C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
15:00:15.0693 4680  BWH32S - ok
15:00:15.0896 4680  catchme - ok
15:00:15.0943 4680  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:00:16.0068 4680  cdfs - ok
15:00:16.0192 4680  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:00:16.0302 4680  cdrom - ok
15:00:16.0442 4680  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:00:16.0614 4680  CertPropSvc - ok
15:00:16.0692 4680  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:00:16.0801 4680  circlass - ok
15:00:16.0894 4680  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:00:17.0004 4680  CLFS - ok
15:00:17.0331 4680  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:17.0456 4680  clr_optimization_v2.0.50727_32 - ok
15:00:17.0612 4680  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:17.0784 4680  clr_optimization_v2.0.50727_64 - ok
15:00:18.0298 4680  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:19.0609 4680  clr_optimization_v4.0.30319_32 - ok
15:00:19.0687 4680  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:20.0638 4680  clr_optimization_v4.0.30319_64 - ok
15:00:20.0685 4680  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:20.0919 4680  CmBatt - ok
15:00:20.0966 4680  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:00:21.0013 4680  cmdide - ok
15:00:21.0169 4680  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:00:21.0294 4680  CNG - ok
15:00:21.0325 4680  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:00:21.0387 4680  Compbatt - ok
15:00:21.0496 4680  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:00:21.0574 4680  CompositeBus - ok
15:00:21.0606 4680  COMSysApp - ok
15:00:21.0652 4680  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:21.0730 4680  crcdisk - ok
15:00:21.0871 4680  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:00:21.0964 4680  CryptSvc - ok
15:00:22.0120 4680  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:00:22.0230 4680  DcomLaunch - ok
15:00:22.0370 4680  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:00:22.0510 4680  defragsvc - ok
15:00:22.0588 4680  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:00:22.0698 4680  DfsC - ok
15:00:22.0760 4680  [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:00:22.0807 4680  dg_ssudbus - ok
15:00:22.0994 4680  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:00:23.0072 4680  Dhcp - ok
15:00:23.0166 4680  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:00:23.0322 4680  discache - ok
15:00:23.0384 4680  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:00:23.0431 4680  Disk - ok
15:00:23.0556 4680  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:00:23.0774 4680  Dnscache - ok
15:00:23.0852 4680  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:00:24.0024 4680  dot3svc - ok
15:00:24.0086 4680  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:00:24.0258 4680  DPS - ok
15:00:24.0336 4680  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:00:24.0492 4680  drmkaud - ok
15:00:24.0726 4680  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:00:24.0741 4680  DXGKrnl - ok
15:00:24.0866 4680  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:00:24.0944 4680  EapHost - ok
15:00:25.0677 4680  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:00:25.0864 4680  ebdrv - ok
15:00:25.0942 4680  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:00:26.0036 4680  EFS - ok
15:00:26.0488 4680  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:00:26.0769 4680  ehRecvr - ok
15:00:26.0863 4680  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:00:27.0019 4680  ehSched - ok
15:00:27.0190 4680  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:00:27.0284 4680  elxstor - ok
15:00:27.0346 4680  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:00:27.0456 4680  ErrDev - ok
15:00:27.0580 4680  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:00:27.0814 4680  EventSystem - ok
15:00:27.0924 4680  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:00:27.0986 4680  exfat - ok
15:00:28.0048 4680  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:00:28.0158 4680  fastfat - ok
15:00:28.0360 4680  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:00:28.0563 4680  Fax - ok
15:00:28.0579 4680  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:00:28.0626 4680  fdc - ok
15:00:28.0719 4680  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:00:28.0797 4680  fdPHost - ok
15:00:28.0828 4680  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:00:28.0891 4680  FDResPub - ok
15:00:28.0969 4680  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:00:29.0000 4680  FileInfo - ok
15:00:29.0016 4680  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:00:29.0094 4680  Filetrace - ok
15:00:29.0109 4680  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:29.0156 4680  flpydisk - ok
15:00:29.0250 4680  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:00:29.0265 4680  FltMgr - ok
15:00:29.0546 4680  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:00:29.0811 4680  FontCache - ok
15:00:29.0920 4680  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:29.0952 4680  FontCache3.0.0.0 - ok
15:00:29.0983 4680  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:00:30.0061 4680  FsDepends - ok
15:00:30.0279 4680  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:00:30.0388 4680  fssfltr - ok
15:00:30.0732 4680  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:00:30.0903 4680  fsssvc - ok
15:00:30.0981 4680  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:00:31.0028 4680  Fs_Rec - ok
15:00:31.0246 4680  [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
15:00:31.0340 4680  FTDIBUS - ok
15:00:31.0465 4680  [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
15:00:31.0636 4680  FTSER2K - ok
15:00:31.0714 4680  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:00:31.0886 4680  fvevol - ok
15:00:31.0933 4680  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:31.0995 4680  gagp30kx - ok
15:00:32.0089 4680  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:00:32.0120 4680  GEARAspiWDM - ok
15:00:32.0307 4680  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:00:32.0791 4680  gpsvc - ok
15:00:32.0853 4680  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:32.0900 4680  gupdate - ok
15:00:32.0994 4680  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:33.0025 4680  gupdatem - ok
15:00:33.0134 4680  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:00:33.0306 4680  gusvc - ok
15:00:33.0352 4680  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:00:34.0335 4680  hcw85cir - ok
15:00:34.0819 4680  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:00:34.0881 4680  HdAudAddService - ok
15:00:34.0975 4680  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:00:35.0037 4680  HDAudBus - ok
15:00:35.0100 4680  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
15:00:35.0162 4680  HECIx64 - ok
15:00:35.0209 4680  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:35.0318 4680  HidBatt - ok
15:00:35.0349 4680  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:00:35.0458 4680  HidBth - ok
15:00:35.0521 4680  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:00:35.0755 4680  HidIr - ok
15:00:35.0802 4680  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:00:35.0989 4680  hidserv - ok
15:00:36.0067 4680  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:00:36.0098 4680  HidUsb - ok
15:00:36.0192 4680  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:00:36.0675 4680  hkmsvc - ok
15:00:36.0769 4680  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:36.0972 4680  HomeGroupListener - ok
15:00:37.0065 4680  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:37.0268 4680  HomeGroupProvider - ok
15:00:37.0315 4680  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:00:37.0377 4680  HpSAMD - ok
15:00:37.0564 4680  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:00:37.0689 4680  HTTP - ok
15:00:37.0720 4680  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:00:37.0767 4680  hwpolicy - ok
15:00:37.0861 4680  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:00:37.0923 4680  i8042prt - ok
15:00:38.0095 4680  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:00:38.0126 4680  iaStor - ok
15:00:38.0298 4680  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:00:38.0391 4680  IAStorDataMgrSvc - ok
15:00:38.0516 4680  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:00:38.0594 4680  iaStorV - ok
15:00:38.0859 4680  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:00:39.0124 4680  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:00:39.0124 4680  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:00:39.0452 4680  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:39.0967 4680  idsvc - ok
15:00:40.0029 4680  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:00:40.0170 4680  iirsp - ok
15:00:40.0279 4680  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:00:40.0326 4680  IKEEXT - ok
15:00:40.0357 4680  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
15:00:40.0435 4680  Impcd - ok
15:00:40.0450 4680  IntcAzAudAddService - ok
15:00:40.0497 4680  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:00:40.0544 4680  intelide - ok
15:00:40.0575 4680  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:00:40.0606 4680  intelppm - ok
15:00:40.0747 4680  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:00:40.0825 4680  IPBusEnum - ok
15:00:40.0872 4680  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:40.0918 4680  IpFilterDriver - ok
15:00:41.0012 4680  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:00:41.0059 4680  iphlpsvc - ok
15:00:41.0074 4680  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:00:41.0184 4680  IPMIDRV - ok
15:00:41.0277 4680  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:00:41.0340 4680  IPNAT - ok
15:00:41.0683 4680  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:00:41.0698 4680  iPod Service - ok
15:00:41.0745 4680  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:00:42.0088 4680  IRENUM - ok
15:00:42.0120 4680  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:00:42.0151 4680  isapnp - ok
15:00:42.0166 4680  [ AC45D94185CF67267D06BF2F45E9E31E ] ISASerial       C:\Windows\system32\DRIVERS\ISASerial.sys
15:00:42.0291 4680  ISASerial - ok
15:00:42.0338 4680  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:00:42.0494 4680  iScsiPrt - ok
15:00:42.0525 4680  [ 50DE7DD7EDB1B512B13666588AEFBF6F ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
15:00:42.0588 4680  JRAID - ok
15:00:42.0634 4680  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:00:42.0666 4680  kbdclass - ok
15:00:42.0712 4680  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:00:42.0775 4680  kbdhid - ok
15:00:42.0853 4680  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:00:42.0884 4680  KeyIso - ok
15:00:42.0931 4680  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:00:43.0009 4680  KSecDD - ok
15:00:43.0071 4680  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:00:43.0118 4680  KSecPkg - ok
15:00:43.0165 4680  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:00:43.0243 4680  ksthunk - ok
15:00:43.0383 4680  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:00:43.0586 4680  KtmRm - ok
15:00:43.0680 4680  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:00:43.0742 4680  LanmanServer - ok
15:00:43.0789 4680  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:43.0882 4680  LanmanWorkstation - ok
15:00:44.0210 4680  [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:00:44.0460 4680  LBTServ - ok
15:00:44.0647 4680  [ ADB665AC1313CFE6F106A68ECF97135C ] LexPrintListener C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll
15:00:44.0756 4680  LexPrintListener ( UnsignedFile.Multi.Generic ) - warning
15:00:44.0756 4680  LexPrintListener - detected UnsignedFile.Multi.Generic (1)
15:00:44.0834 4680  [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:00:44.0881 4680  LHidFilt - ok
15:00:44.0959 4680  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:00:45.0037 4680  lltdio - ok
15:00:45.0146 4680  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:00:45.0333 4680  lltdsvc - ok
15:00:45.0427 4680  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:00:45.0474 4680  lmhosts - ok
15:00:45.0505 4680  [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:00:45.0614 4680  LMouFilt - ok
15:00:45.0786 4680  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:45.0879 4680  LSI_FC - ok
15:00:45.0910 4680  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:46.0004 4680  LSI_SAS - ok
15:00:46.0051 4680  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:46.0098 4680  LSI_SAS2 - ok
15:00:46.0144 4680  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:46.0207 4680  LSI_SCSI - ok
15:00:46.0269 4680  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:00:46.0363 4680  luafv - ok
15:00:46.0519 4680  [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
15:00:46.0550 4680  LUsbFilt - ok
15:00:46.0924 4680  [ D6CDF198518B8428B66AAD8F7BABC3BE ] lxedCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe
15:00:47.0065 4680  lxedCATSCustConnectService - ok
15:00:47.0158 4680  lxed_device - ok
15:00:47.0268 4680  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:00:47.0314 4680  MBAMProtector - ok
15:00:47.0502 4680  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:00:47.0564 4680  MBAMScheduler - ok
15:00:47.0673 4680  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:00:47.0689 4680  MBAMService - ok
15:00:47.0782 4680  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:00:47.0860 4680  Mcx2Svc - ok
15:00:47.0892 4680  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:00:47.0954 4680  megasas - ok
15:00:48.0032 4680  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:48.0110 4680  MegaSR - ok
15:00:48.0562 4680  Microsoft SharePoint Workspace Audit Service - ok
15:00:48.0625 4680  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:00:48.0703 4680  MMCSS - ok
15:00:48.0750 4680  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:00:48.0812 4680  Modem - ok
15:00:48.0874 4680  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:00:48.0952 4680  monitor - ok
15:00:48.0999 4680  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
15:00:49.0046 4680  mouclass - ok
15:00:49.0062 4680  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:00:49.0155 4680  mouhid - ok
15:00:49.0249 4680  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:00:49.0311 4680  mountmgr - ok
15:00:49.0514 4680  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:00:49.0608 4680  MozillaMaintenance - ok
15:00:49.0623 4680  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:00:49.0701 4680  mpio - ok
15:00:49.0764 4680  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:00:49.0826 4680  mpsdrv - ok
15:00:50.0091 4680  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:00:50.0169 4680  MpsSvc - ok
15:00:50.0247 4680  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:00:50.0388 4680  MRxDAV - ok
15:00:50.0434 4680  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:50.0559 4680  mrxsmb - ok
15:00:50.0746 4680  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:50.0934 4680  mrxsmb10 - ok
15:00:50.0996 4680  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:51.0121 4680  mrxsmb20 - ok
15:00:51.0183 4680  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:00:51.0246 4680  msahci - ok
15:00:51.0339 4680  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:00:51.0402 4680  msdsm - ok
15:00:51.0526 4680  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:00:51.0667 4680  MSDTC - ok
15:00:51.0729 4680  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:00:51.0776 4680  Msfs - ok
15:00:51.0854 4680  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:00:51.0932 4680  mshidkmdf - ok
15:00:51.0948 4680  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:00:52.0026 4680  msisadrv - ok
15:00:52.0104 4680  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:00:52.0213 4680  MSiSCSI - ok
15:00:52.0213 4680  msiserver - ok
15:00:52.0275 4680  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:00:52.0416 4680  MSKSSRV - ok
15:00:52.0462 4680  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:52.0572 4680  MSPCLOCK - ok
15:00:52.0774 4680  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:00:52.0868 4680  MSPQM - ok
15:00:52.0915 4680  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:00:52.0977 4680  MsRPC - ok
15:00:53.0040 4680  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:00:53.0055 4680  mssmbios - ok
15:00:53.0289 4680  MSSQL$SQLEXPRESS - ok
15:00:53.0367 4680  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:00:53.0508 4680  MSSQLServerADHelper - ok
15:00:53.0586 4680  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:00:53.0788 4680  MSTEE - ok
15:00:54.0163 4680  [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90       C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
15:00:54.0631 4680  msvsmon90 - ok
15:00:54.0646 4680  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:54.0771 4680  MTConfig - ok
15:00:54.0787 4680  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:00:54.0849 4680  MTsensor - ok
15:00:54.0912 4680  [ 07AD6825D5C658595CAB7F8F5849401C ] MtsHID          C:\Windows\system32\drivers\MtsHID.sys
15:00:54.0974 4680  MtsHID - ok
15:00:55.0052 4680  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:00:55.0130 4680  Mup - ok
15:00:55.0177 4680  [ C752AB67A50F921622FE65725D1F6856 ] mv91xx          C:\Windows\system32\DRIVERS\mv91xx.sys
15:00:55.0317 4680  mv91xx - ok
15:00:55.0426 4680  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:00:55.0520 4680  napagent - ok
15:00:55.0645 4680  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:00:55.0707 4680  NativeWifiP - ok
15:00:56.0128 4680  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:00:56.0175 4680  NDIS - ok
15:00:56.0206 4680  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:56.0284 4680  NdisCap - ok
15:00:56.0331 4680  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:56.0440 4680  NdisTapi - ok
15:00:56.0487 4680  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:56.0737 4680  Ndisuio - ok
15:00:56.0799 4680  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:56.0924 4680  NdisWan - ok
15:00:56.0986 4680  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:00:57.0064 4680  NDProxy - ok
15:00:57.0111 4680  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:00:57.0220 4680  NetBIOS - ok
15:00:57.0314 4680  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:00:57.0392 4680  NetBT - ok
15:00:57.0439 4680  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:00:57.0470 4680  Netlogon - ok
15:00:57.0595 4680  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:00:57.0657 4680  Netman - ok
15:00:57.0907 4680  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:58.0094 4680  NetMsmqActivator - ok
15:00:58.0156 4680  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:58.0203 4680  NetPipeActivator - ok
15:00:58.0250 4680  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:00:58.0328 4680  netprofm - ok
15:00:58.0406 4680  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:58.0437 4680  NetTcpActivator - ok
15:00:58.0453 4680  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:00:58.0484 4680  NetTcpPortSharing - ok
15:00:58.0515 4680  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:58.0562 4680  nfrd960 - ok
15:00:58.0718 4680  [ CEBCEBF19AF17489E60804F440F5CBFE ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
15:00:58.0749 4680  NitroReaderDriverReadSpool2 - ok
15:00:58.0874 4680  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:00:59.0046 4680  NlaSvc - ok
15:00:59.0077 4680  NmPar - ok
15:00:59.0077 4680  nmserial - ok
15:00:59.0124 4680  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:00:59.0202 4680  Npfs - ok
15:00:59.0233 4680  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:00:59.0295 4680  nsi - ok
15:00:59.0326 4680  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:00:59.0389 4680  nsiproxy - ok
15:00:59.0514 4680  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:00:59.0779 4680  Ntfs - ok
15:00:59.0888 4680  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:00:59.0935 4680  Null - ok
15:01:00.0028 4680  [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:01:00.0138 4680  nusb3hub - ok
15:01:00.0153 4680  [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:01:00.0184 4680  nusb3xhc - ok
15:01:00.0231 4680  [ 7FD5C060CB907489A5702F628226F54A ] nvamacpi        C:\Windows\system32\DRIVERS\NVAMACPI.sys
15:01:00.0294 4680  nvamacpi - ok
15:01:00.0574 4680  [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:01:00.0652 4680  NVHDA - ok
15:01:01.0635 4680  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:01:01.0791 4680  nvlddmkm - ok
15:01:01.0900 4680  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:01:01.0963 4680  nvraid - ok
15:01:02.0088 4680  [ 694F5E9D9D624D47F432F5B2E66A0528 ] nvrd64          C:\Windows\system32\DRIVERS\nvrd64.sys
15:01:02.0150 4680  nvrd64 - ok
15:01:02.0212 4680  [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
15:01:02.0290 4680  nvsmu - ok
15:01:02.0368 4680  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:01:02.0446 4680  nvstor - ok
15:01:02.0478 4680  [ 05DE5DC43AFE6CAB78F9C7CA044CBCBE ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
15:01:02.0587 4680  nvstor64 - ok
15:01:02.0961 4680  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:01:02.0977 4680  nvsvc - ok
15:01:03.0211 4680  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:01:03.0382 4680  nvUpdatusService - ok
15:01:03.0460 4680  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:01:03.0538 4680  nv_agp - ok
15:01:03.0554 4680  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:01:03.0632 4680  ohci1394 - ok
15:01:03.0944 4680  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:01:03.0960 4680  ose - ok
15:01:05.0254 4680  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:01:05.0348 4680  osppsvc - ok
15:01:05.0395 4680  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:01:05.0442 4680  p2pimsvc - ok
15:01:05.0473 4680  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:01:05.0488 4680  p2psvc - ok
15:01:05.0551 4680  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:01:05.0566 4680  Parport - ok
15:01:05.0613 4680  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:01:05.0629 4680  partmgr - ok
15:01:05.0691 4680  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:01:05.0754 4680  PcaSvc - ok
15:01:05.0832 4680  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:01:05.0910 4680  pci - ok
15:01:05.0956 4680  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:01:05.0988 4680  pciide - ok
15:01:06.0034 4680  [ D7C203015E2C2A2EAC8DACEF156D8DC3 ] PciIsaSerial    C:\Windows\system32\DRIVERS\PciIsaSerial.sys
15:01:06.0097 4680  PciIsaSerial - ok
15:01:06.0128 4680  [ 088B509B2F35A3CEE00AC0E0BC4C5BED ] PciPPorts       C:\Windows\system32\DRIVERS\PciPPorts.sys
15:01:06.0159 4680  PciPPorts - ok
15:01:06.0190 4680  [ 7F97CDD5E91FC73DA2B01344957AA058 ] PciSPorts       C:\Windows\system32\DRIVERS\PciSPorts.sys
15:01:06.0206 4680  PciSPorts - ok
15:01:06.0237 4680  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:01:06.0253 4680  pcmcia - ok
15:01:06.0268 4680  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:01:06.0300 4680  pcw - ok
15:01:06.0393 4680  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:01:06.0471 4680  PEAUTH - ok
15:01:06.0861 4680  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:01:06.0908 4680  PerfHost - ok
15:01:07.0033 4680  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:01:07.0095 4680  pla - ok
15:01:07.0251 4680  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:01:07.0282 4680  PlugPlay - ok
15:01:07.0360 4680  PnkBstrA - ok
15:01:07.0392 4680  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:01:07.0438 4680  PNRPAutoReg - ok
15:01:07.0454 4680  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:01:07.0470 4680  PNRPsvc - ok
15:01:07.0563 4680  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:01:07.0672 4680  PolicyAgent - ok
15:01:07.0704 4680  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:01:07.0766 4680  Power - ok
15:01:07.0782 4680  [ 14C04684A25C221EBE2105D169B4B6FF ] PPorts          C:\Windows\system32\DRIVERS\PPorts.sys
15:01:07.0797 4680  PPorts - ok
15:01:07.0860 4680  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:01:07.0875 4680  PptpMiniport - ok
15:01:07.0906 4680  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:01:07.0984 4680  Processor - ok
15:01:08.0062 4680  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:01:08.0140 4680  ProfSvc - ok
15:01:08.0156 4680  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:01:08.0156 4680  ProtectedStorage - ok
15:01:08.0218 4680  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:01:08.0265 4680  Psched - ok
15:01:08.0312 4680  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:01:08.0421 4680  ql2300 - ok
15:01:08.0468 4680  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:01:08.0499 4680  ql40xx - ok
15:01:08.0577 4680  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:01:08.0608 4680  QWAVE - ok
15:01:08.0796 4680  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:01:08.0874 4680  QWAVEdrv - ok
15:01:08.0889 4680  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:01:08.0936 4680  RasAcd - ok
15:01:08.0967 4680  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:01:08.0998 4680  RasAgileVpn - ok
15:01:09.0014 4680  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:01:09.0076 4680  RasAuto - ok
15:01:09.0108 4680  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:01:09.0186 4680  Rasl2tp - ok
15:01:09.0217 4680  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:01:09.0264 4680  RasMan - ok
15:01:09.0279 4680  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:01:09.0357 4680  RasPppoe - ok
15:01:09.0388 4680  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:01:09.0420 4680  RasSstp - ok
15:01:09.0466 4680  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:01:09.0498 4680  rdbss - ok
15:01:09.0513 4680  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:01:09.0544 4680  rdpbus - ok
15:01:09.0591 4680  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:01:09.0622 4680  RDPCDD - ok
15:01:09.0654 4680  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:01:09.0700 4680  RDPENCDD - ok
15:01:09.0716 4680  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:01:09.0747 4680  RDPREFMP - ok
15:01:09.0778 4680  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:01:09.0841 4680  RDPWD - ok
15:01:09.0903 4680  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:01:09.0919 4680  rdyboost - ok
15:01:09.0997 4680  [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU    C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
15:01:10.0012 4680  Realtek11nSU ( UnsignedFile.Multi.Generic ) - warning
15:01:10.0012 4680  Realtek11nSU - detected UnsignedFile.Multi.Generic (1)
15:01:10.0059 4680  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:01:10.0106 4680  RemoteAccess - ok
15:01:10.0122 4680  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:01:10.0184 4680  RemoteRegistry - ok
15:01:10.0215 4680  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:01:10.0278 4680  RpcEptMapper - ok
15:01:10.0340 4680  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:01:10.0402 4680  RpcLocator - ok
15:01:10.0418 4680  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:01:10.0449 4680  RpcSs - ok
15:01:10.0480 4680  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:01:10.0527 4680  rspndr - ok
15:01:10.0574 4680  [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:01:10.0590 4680  RTL8167 - ok
15:01:10.0636 4680  [ 4629C5C4772D223B0ECD1EA8BA7A2A33 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
15:01:10.0668 4680  RTL8192su - ok
15:01:10.0714 4680  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:01:10.0730 4680  SamSs - ok
15:01:10.0761 4680  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:01:10.0777 4680  sbp2port - ok
15:01:10.0792 4680  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:01:10.0855 4680  SCardSvr - ok
15:01:10.0886 4680  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:01:10.0933 4680  scfilter - ok
15:01:10.0964 4680  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:01:11.0011 4680  Schedule - ok
15:01:11.0042 4680  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:01:11.0073 4680  SCPolicySvc - ok
15:01:11.0104 4680  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:01:11.0167 4680  SDRSVC - ok
15:01:11.0229 4680  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:01:11.0276 4680  secdrv - ok
15:01:11.0292 4680  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:01:11.0354 4680  seclogon - ok
15:01:11.0385 4680  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:01:11.0448 4680  SENS - ok
15:01:11.0479 4680  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:01:11.0526 4680  SensrSvc - ok
15:01:11.0572 4680  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:01:11.0588 4680  Serenum - ok
15:01:11.0604 4680  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:01:11.0650 4680  Serial - ok
15:01:11.0713 4680  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:01:11.0728 4680  sermouse - ok
15:01:11.0775 4680  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:01:11.0822 4680  SessionEnv - ok
15:01:11.0853 4680  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:01:11.0900 4680  sffdisk - ok
15:01:11.0916 4680  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:01:11.0947 4680  sffp_mmc - ok
15:01:11.0947 4680  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:01:12.0009 4680  sffp_sd - ok
15:01:12.0025 4680  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:01:12.0056 4680  sfloppy - ok
15:01:12.0118 4680  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:01:12.0181 4680  SharedAccess - ok
15:01:12.0212 4680  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:01:12.0243 4680  ShellHWDetection - ok
15:01:12.0290 4680  [ DA492C8305434EC6F9BDD60C8B83B10E ] Si3124r5        C:\Windows\system32\DRIVERS\Si3124r5.sys
15:01:12.0306 4680  Si3124r5 - ok
15:01:12.0321 4680  [ 8D10887A1699CF61E74467694B929B09 ] SiFilter        C:\Windows\system32\DRIVERS\SiWinAcc.sys
15:01:12.0337 4680  SiFilter - ok
15:01:12.0368 4680  [ 94E1EDA9A0B305A67EE1BBD0A68CE21A ] SiRemFil        C:\Windows\system32\DRIVERS\SiRemFil.sys
15:01:12.0384 4680  SiRemFil - ok
15:01:12.0430 4680  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:01:12.0446 4680  SiSRaid2 - ok
15:01:12.0477 4680  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:01:12.0493 4680  SiSRaid4 - ok
15:01:12.0508 4680  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:01:12.0571 4680  Smb - ok
15:01:12.0618 4680  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:01:12.0633 4680  SNMPTRAP - ok
15:01:12.0649 4680  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:01:12.0649 4680  spldr - ok
15:01:12.0696 4680  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
15:01:12.0727 4680  Spooler - ok
15:01:12.0742 4680  [ 739C2571867F351167D1D958990E9D84 ] SPorts          C:\Windows\system32\DRIVERS\SPorts.sys
15:01:12.0758 4680  SPorts - ok
15:01:12.0836 4680  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:01:12.0883 4680  sppsvc - ok
15:01:12.0914 4680  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:01:12.0976 4680  sppuinotify - ok
15:01:13.0023 4680  [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:01:13.0039 4680  SQLBrowser - ok
15:01:13.0117 4680  [ 582F8B13E1042C49A4A5A7BB52F518E4 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:01:13.0132 4680  SQLWriter - ok
15:01:13.0164 4680  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:01:13.0242 4680  srv - ok
15:01:13.0351 4680  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:01:13.0366 4680  srv2 - ok
15:01:13.0398 4680  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:01:13.0429 4680  srvnet - ok
15:01:13.0491 4680  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:01:13.0522 4680  SSDPSRV - ok
15:01:13.0554 4680  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:01:13.0585 4680  SstpSvc - ok
15:01:13.0632 4680  [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
15:01:13.0647 4680  ssudmdm - ok
15:01:13.0710 4680  Steam Client Service - ok
15:01:13.0788 4680  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:01:13.0803 4680  Stereo Service - ok
15:01:13.0819 4680  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:01:13.0834 4680  stexstor - ok
15:01:13.0897 4680  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:01:13.0912 4680  stisvc - ok
15:01:13.0959 4680  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:01:13.0975 4680  swenum - ok
15:01:14.0022 4680  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:01:14.0100 4680  swprv - ok
15:01:14.0146 4680  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:01:14.0224 4680  SysMain - ok
15:01:14.0240 4680  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:01:14.0256 4680  TabletInputService - ok
15:01:14.0287 4680  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:01:14.0334 4680  TapiSrv - ok
15:01:14.0365 4680  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:01:14.0380 4680  TBS - ok
15:01:14.0458 4680  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:01:14.0505 4680  Tcpip - ok
15:01:14.0536 4680  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:01:14.0568 4680  TCPIP6 - ok
15:01:14.0599 4680  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:01:14.0630 4680  tcpipreg - ok
15:01:14.0661 4680  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:01:14.0708 4680  TDPIPE - ok
15:01:14.0724 4680  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:01:14.0755 4680  TDTCP - ok
15:01:14.0786 4680  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:01:14.0817 4680  tdx - ok
15:01:14.0864 4680  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:01:14.0880 4680  TermDD - ok
15:01:14.0926 4680  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:01:14.0989 4680  TermService - ok
15:01:15.0020 4680  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:01:15.0051 4680  Themes - ok
15:01:15.0082 4680  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:01:15.0114 4680  THREADORDER - ok
15:01:15.0145 4680  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:01:15.0192 4680  TrkWks - ok
15:01:15.0270 4680  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:01:15.0332 4680  TrustedInstaller - ok
15:01:15.0379 4680  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:01:15.0426 4680  tssecsrv - ok
15:01:15.0488 4680  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:01:15.0519 4680  TsUsbFlt - ok
15:01:15.0597 4680  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:01:15.0644 4680  tunnel - ok
15:01:15.0660 4680  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:01:15.0675 4680  uagp35 - ok
15:01:15.0706 4680  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:01:15.0738 4680  udfs - ok
15:01:15.0769 4680  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:01:15.0784 4680  UI0Detect - ok
15:01:15.0800 4680  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:01:15.0816 4680  uliagpkx - ok
15:01:15.0862 4680  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:01:15.0878 4680  umbus - ok
15:01:15.0925 4680  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:01:15.0956 4680  UmPass - ok
15:01:15.0987 4680  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:01:16.0018 4680  upnphost - ok
15:01:16.0096 4680  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:01:16.0143 4680  USBAAPL64 - ok
15:01:16.0174 4680  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:01:16.0237 4680  usbccgp - ok
15:01:16.0284 4680  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:01:16.0299 4680  usbcir - ok
15:01:16.0330 4680  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:01:16.0393 4680  usbehci - ok
15:01:16.0408 4680  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:01:16.0424 4680  usbhub - ok
15:01:16.0471 4680  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:01:16.0518 4680  usbohci - ok
15:01:16.0564 4680  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:01:16.0596 4680  usbprint - ok
15:01:16.0627 4680  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:01:16.0642 4680  usbscan - ok
15:01:16.0689 4680  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:01:16.0720 4680  USBSTOR - ok
15:01:16.0767 4680  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:01:16.0798 4680  usbuhci - ok
15:01:16.0845 4680  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:01:16.0861 4680  UxSms - ok
15:01:16.0908 4680  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:01:16.0908 4680  VaultSvc - ok
15:01:16.0939 4680  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:01:16.0939 4680  vdrvroot - ok
15:01:16.0986 4680  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:01:17.0064 4680  vds - ok
15:01:17.0095 4680  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:01:17.0110 4680  vga - ok
15:01:17.0142 4680  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:01:17.0157 4680  VgaSave - ok
15:01:17.0204 4680  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:01:17.0220 4680  vhdmp - ok
15:01:17.0282 4680  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:01:17.0282 4680  viaide - ok
15:01:17.0313 4680  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:01:17.0329 4680  volmgr - ok
15:01:17.0438 4680  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:01:17.0469 4680  volmgrx - ok
15:01:17.0485 4680  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:01:17.0500 4680  volsnap - ok
15:01:17.0547 4680  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
15:01:17.0563 4680  vpcbus - ok
15:01:17.0656 4680  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:01:17.0719 4680  vpcnfltr - ok
15:01:17.0734 4680  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
15:01:17.0750 4680  vpcusb - ok
15:01:17.0812 4680  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
15:01:17.0828 4680  vpcvmm - ok
15:01:17.0859 4680  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:01:17.0875 4680  vsmraid - ok
15:01:17.0953 4680  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:01:18.0000 4680  VSS - ok
15:01:18.0031 4680  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:01:18.0062 4680  vwifibus - ok
15:01:18.0093 4680  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:01:18.0124 4680  vwififlt - ok
15:01:18.0156 4680  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:01:18.0202 4680  W32Time - ok
15:01:18.0218 4680  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:01:18.0234 4680  WacomPen - ok
15:01:18.0265 4680  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:01:18.0296 4680  WANARP - ok
15:01:18.0296 4680  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:01:18.0327 4680  Wanarpv6 - ok
15:01:18.0374 4680  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:01:18.0436 4680  wbengine - ok
15:01:18.0452 4680  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:01:18.0468 4680  WbioSrvc - ok
15:01:18.0499 4680  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:01:18.0546 4680  wcncsvc - ok
15:01:18.0561 4680  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:01:18.0592 4680  WcsPlugInService - ok
15:01:18.0592 4680  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:01:18.0608 4680  Wd - ok
15:01:18.0639 4680  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:01:18.0670 4680  Wdf01000 - ok
15:01:18.0686 4680  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:01:18.0780 4680  WdiServiceHost - ok
15:01:18.0780 4680  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:01:18.0795 4680  WdiSystemHost - ok
15:01:18.0811 4680  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:01:18.0842 4680  WebClient - ok
15:01:18.0842 4680  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:01:18.0889 4680  Wecsvc - ok
15:01:18.0920 4680  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:01:18.0967 4680  wercplsupport - ok
15:01:18.0982 4680  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:01:19.0045 4680  WerSvc - ok
15:01:19.0076 4680  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:01:19.0092 4680  WfpLwf - ok
15:01:19.0123 4680  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:01:19.0123 4680  WIMMount - ok
15:01:19.0154 4680  WinDefend - ok
15:01:19.0154 4680  WinHttpAutoProxySvc - ok
15:01:19.0185 4680  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:01:19.0248 4680  Winmgmt - ok
15:01:19.0294 4680  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:01:19.0357 4680  WinRM - ok
15:01:19.0404 4680  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:01:19.0435 4680  WinUsb - ok
15:01:19.0482 4680  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:01:19.0497 4680  Wlansvc - ok
15:01:19.0606 4680  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:01:19.0638 4680  wlidsvc - ok
15:01:19.0684 4680  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:01:19.0700 4680  WmiAcpi - ok
15:01:19.0716 4680  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:01:19.0762 4680  wmiApSrv - ok
15:01:19.0809 4680  WMPNetworkSvc - ok
15:01:19.0825 4680  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:01:19.0840 4680  WPCSvc - ok
15:01:19.0887 4680  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:01:19.0887 4680  WPDBusEnum - ok
15:01:19.0918 4680  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:01:19.0950 4680  ws2ifsl - ok
15:01:19.0996 4680  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:01:20.0028 4680  wscsvc - ok
15:01:20.0028 4680  WSearch - ok
15:01:20.0090 4680  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:01:20.0121 4680  wuauserv - ok
15:01:20.0137 4680  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:01:20.0184 4680  WudfPf - ok
15:01:20.0215 4680  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:20.0262 4680  WUDFRd - ok
15:01:20.0277 4680  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:01:20.0308 4680  wudfsvc - ok
15:01:20.0324 4680  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:01:20.0355 4680  WwanSvc - ok
15:01:20.0371 4680  ================ Scan global ===============================
15:01:20.0402 4680  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:01:20.0449 4680  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:01:20.0449 4680  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:01:20.0480 4680  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:01:20.0496 4680  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:01:20.0511 4680  [Global] - ok
15:01:20.0511 4680  ================ Scan MBR ==================================
15:01:20.0511 4680  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:01:21.0307 4680  \Device\Harddisk0\DR0 - ok
15:01:21.0307 4680  ================ Scan VBR ==================================
15:01:21.0307 4680  [ 9164699B07EA2665E5B79683035A3A20 ] \Device\Harddisk0\DR0\Partition1
15:01:21.0307 4680  \Device\Harddisk0\DR0\Partition1 - ok
15:01:21.0322 4680  [ A93860736A9C9218535825594CA99AF3 ] \Device\Harddisk0\DR0\Partition2
15:01:21.0322 4680  \Device\Harddisk0\DR0\Partition2 - ok
15:01:21.0322 4680  ============================================================
15:01:21.0322 4680  Scan finished
15:01:21.0322 4680  ============================================================
15:01:21.0322 4672  Detected object count: 3
15:01:21.0322 4672  Actual detected object count: 3
15:01:27.0094 4672  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:27.0094 4672  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:27.0094 4672  LexPrintListener ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:27.0094 4672  LexPrintListener ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:27.0094 4672  Realtek11nSU ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:27.0094 4672  Realtek11nSU ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:32.0789 3428  Deinitialize success
         

Alt 20.11.2012, 17:51   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Mach bitte einen CustomScan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.11.2012, 20:42   #14
daniskin
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Hallo Cosinus,

hier der OTL-Report:


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.11.2012 20:29:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel Graf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,29% Memory free
7,98 Gb Paging File | 6,17 Gb Available in Paging File | 77,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 520,14 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 120,99 Gb Free Space | 17,32% Space Free | Partition Type: NTFS
Drive E: | 5,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DANIELPC | User Name: Daniel Graf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.21 20:25:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe
PRC - [2012.11.06 18:29:54 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.29 17:56:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011.10.28 18:58:36 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.01.23 18:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
PRC - [2011.01.23 18:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.07.09 02:18:24 | 000,126,328 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.29 17:56:20 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2011.01.23 18:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
MOD - [2011.01.23 18:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Epwizard.DLL
MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\customui.dll
MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Epfunct.DLL
MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Eputil.DLL
MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\Imagutil.DLL
MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedDRS.dll
MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll
MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\EPOEMDll.dll
MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epstring.dll
MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\EPWizRes.dll
MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll
MOD - [2009.05.27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcats.dll
MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsmr.dll
MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\iptk.dll
MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll
MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll
MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.04.14 15:01:15 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxedcoms.exe -- (lxed_device)
SRV:64bit: - [2010.04.14 15:01:07 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV:64bit: - [2007.11.08 00:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012.11.13 17:26:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 12:29:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.24 12:09:57 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.16 20:11:42 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.10.28 18:58:36 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010.04.14 15:01:07 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV - [2010.04.14 15:00:56 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxedcoms.exe -- (lxed_device)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.11 14:19:01 | 000,204,800 | ---- | M] ( ) [Auto | Running] -- C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll -- (LexPrintListener)
SRV - [2009.07.09 02:18:24 | 000,126,328 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.20 18:24:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.20 18:24:39 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.11 06:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.11 06:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.07 09:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.09.03 13:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.07.01 10:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.04.27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.04.13 14:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2010.04.13 14:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2010.04.13 14:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.06 15:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.01.28 11:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.15 11:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.08 14:44:58 | 000,232,464 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008.05.22 17:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
DRV:64bit: - [2008.05.22 17:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2008.05.22 17:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.02.20 16:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts)
DRV:64bit: - [2008.02.20 16:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts)
DRV:64bit: - [2008.02.20 16:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial)
DRV:64bit: - [2007.10.12 02:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2007.08.17 06:48:40 | 000,018,432 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 FD 1D 8C 86 8D CB 01  [binary data]
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{1086A097-7D1E-41F1-850C-A1A6C5BC8C4B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_deDE407
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel Graf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:56:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions
[2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.21 10:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions
[2012.09.19 10:04:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions\ich@maltegoetz.de
[2012.11.21 10:38:27 | 000,035,785 | ---- | M] () (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\firefox\profiles\bguaee61.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.02.20 01:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 17:56:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.22 10:26:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 16:50:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.22 10:26:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 01:21:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.22 10:26:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 10:26:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 10:26:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://start.facemoods.com/?a=ddrnw
 
O1 HOSTS File: ([2012.11.20 11:56:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133CCE8A-AE40-43EB-9C99-EB0E31A09208}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.25 07:27:21 | 000,000,133 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ClientManagerV.lnk - C:\PROGRA~2\BUFFALO\CLIENT~1\bin\cmvMain.exe - (BUFFALO INC.)
MsConfig:64bit - StartUpFolder: C:^Users^Daniel Graf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozilla Thunderbird.lnk - C:\PROGRA~2\MOZILL~1\THUNDE~1.EXE - (Mozilla Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Daniel Graf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Daniel Graf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
 
SafeBootMin:64bit: 07787057.sys - Driver
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 07787057.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 07787057.sys - Driver
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 07787057.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.21 20:25:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe
[2012.11.21 03:23:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.21 03:10:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.21 03:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.21 03:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.20 14:55:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.20 12:19:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\AppData\Roaming\Avira
[2012.11.20 12:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.20 12:19:23 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.20 12:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.20 12:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.11.20 12:09:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Virenprogramme
[2012.11.20 11:56:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.20 11:43:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.20 11:43:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.20 11:43:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.20 11:27:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.20 11:27:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.18 13:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.18 13:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.10.30 12:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.30 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.10.26 21:32:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Tracing
[2012.10.26 21:27:01 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.10.26 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.10.26 21:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.10.26 21:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012.10.26 21:18:27 | 000,000,000 | R--D | C] -- C:\Users\Daniel Graf\SkyDrive
[2012.10.26 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012.10.26 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\AppData\Roaming\Malwarebytes
[2012.10.26 17:54:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.26 11:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012.11.21 20:25:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Graf\Desktop\OTL.exe
[2012.11.21 20:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.21 20:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 17:12:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.21 15:12:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 15:12:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 15:11:26 | 000,756,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 15:11:26 | 000,700,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 15:11:26 | 000,173,058 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 15:11:26 | 000,139,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.21 15:11:25 | 001,763,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 15:05:36 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.11.21 15:04:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.21 15:01:15 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.21 03:55:22 | 000,446,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.21 03:31:38 | 001,645,318 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.20 18:24:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.20 18:24:39 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.11.20 17:20:23 | 486,964,904 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.20 11:56:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.19 22:57:47 | 000,000,980 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\7-Zip File Manager.lnk
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.02 18:27:41 | 000,038,856 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf
[2012.10.22 21:30:54 | 000,038,936 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 24.pdf
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012.11.21 03:27:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.21 03:16:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.20 12:32:32 | 486,964,904 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.20 11:43:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.20 11:43:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.20 11:43:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.20 11:43:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.20 11:43:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.19 22:57:47 | 000,000,980 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\7-Zip File Manager.lnk
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012.11.02 18:27:41 | 000,038,856 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf
[2012.10.26 21:26:36 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.10.26 21:26:32 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.10.26 21:26:24 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.10.26 21:26:19 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.10.26 21:18:27 | 000,002,198 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012.10.22 21:30:53 | 000,038,936 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 24.pdf
[2012.10.08 20:43:07 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.14 10:14:32 | 000,006,656 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.07 14:33:00 | 001,645,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.28 18:58:37 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.28 18:58:36 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.11 21:11:43 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2011.01.11 21:11:42 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2011.01.11 21:11:42 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2011.01.11 21:11:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2011.01.11 21:11:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2011.01.11 21:11:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcoms.exe
[2011.01.11 21:11:42 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2011.01.11 21:11:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[2011.01.11 21:11:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2011.01.11 21:11:42 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2011.01.11 21:11:42 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2011.01.11 21:11:42 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedih.exe
[2011.01.11 21:11:42 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2011.01.11 21:11:42 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2011.01.11 21:11:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2011.01.11 21:11:42 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2011.01.11 21:11:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2011.01.11 21:11:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2011.01.11 21:11:42 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2011.01.11 21:11:41 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2011.01.11 21:11:41 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcfg.exe
[2010.12.14 16:18:08 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010.12.14 16:18:07 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2010.11.29 23:17:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.29 23:17:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.11.26 17:21:38 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
 
========== ZeroAccess Check ==========
 
[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L
[2012.10.23 15:40:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U
[2012.08.04 23:59:50 | 000,002,048 | -HS- | M] () -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.28 00:14:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Downloaded Installations
[2012.11.21 19:52:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox
[2011.11.22 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\dvdisaster
[2012.07.19 13:03:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoft
[2012.06.14 10:33:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.08 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\e-academy Inc
[2012.09.24 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\eType
[2012.05.28 00:15:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\FileOpen
[2011.11.09 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\IObit
[2012.11.16 12:14:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Josye
[2011.05.12 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Leadertech
[2010.12.14 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\mresreg
[2012.06.19 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Nitro PDF
[2011.01.11 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Online Games Downloader
[2012.06.14 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenCandy
[2010.12.15 23:51:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenOffice.org
[2011.10.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Origin
[2010.11.27 22:22:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\PTC
[2011.06.20 01:21:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Thunderbird
[2012.06.14 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\TuneUp Software
[2010.11.28 05:33:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Tysuog
[2011.02.24 12:49:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.20 11:56:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.06.16 15:07:01 | 000,000,000 | ---D | M] -- C:\Boot
[2012.11.21 03:51:25 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.11.26 15:26:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.11.26 15:28:40 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.03 20:57:52 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.11.26 15:29:28 | 000,000,000 | ---D | M] -- C:\msofficesetup2k10
[2011.06.13 01:42:21 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.26 21:25:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.21 03:10:38 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.20 12:19:22 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.11.26 15:26:54 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.20 12:01:01 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.11.26 15:26:54 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.11.21 20:30:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.20 14:55:02 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011.06.13 01:50:30 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.21 03:56:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.29 18:27:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Adobe
[2012.11.02 23:12:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Apple Computer
[2012.11.20 12:19:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Avira
[2012.03.03 20:50:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Download Manager
[2012.05.28 00:14:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Downloaded Installations
[2012.11.21 19:52:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox
[2012.01.08 00:48:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\dvdcss
[2011.11.22 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\dvdisaster
[2012.07.19 13:03:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoft
[2012.06.14 10:33:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.08 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\e-academy Inc
[2012.09.24 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\eType
[2012.05.28 00:15:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\FileOpen
[2010.11.29 18:30:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Google
[2010.11.26 15:29:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Identities
[2010.11.26 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Intel Corporation
[2011.11.09 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\IObit
[2012.11.16 12:14:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Josye
[2011.05.12 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Leadertech
[2011.05.12 20:56:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Logishrd
[2011.05.12 20:58:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Logitech
[2010.11.26 17:25:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Macromedia
[2012.10.26 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Media Center Programs
[2012.11.14 17:59:27 | 000,000,000 | --SD | M] -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft
[2012.02.16 23:26:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Mozilla
[2010.12.14 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\mresreg
[2012.06.19 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Nitro PDF
[2012.03.30 18:12:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\NVIDIA
[2011.01.11 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Online Games Downloader
[2012.06.14 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenCandy
[2010.12.15 23:51:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\OpenOffice.org
[2011.10.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Origin
[2010.11.27 22:22:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\PTC
[2012.11.21 03:10:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Skype
[2011.06.20 01:21:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Thunderbird
[2012.06.14 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\TuneUp Software
[2010.11.28 05:33:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Tysuog
[2011.02.24 12:49:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\Uniblue
[2012.01.08 00:57:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\vlc
[2011.06.21 14:26:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Graf\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.07.25 14:14:26 | 000,300,440 | ---- | M] (DMI) -- C:\Users\Daniel Graf\AppData\Roaming\eType\eTypeUninstall.exe
[2012.02.16 17:18:12 | 000,017,776 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\eType\Launchx64.exe
[2010.09.19 13:13:22 | 000,083,968 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\eType\lzma.exe
[2011.05.12 20:58:53 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.10.08 19:16:19 | 000,009,662 | R--- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_112D608FD02CD87FDC7735.exe
[2012.10.08 19:16:19 | 000,009,662 | R--- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_30C8F0A9D59F1A9A11FFC4.exe
[2012.10.08 19:16:19 | 000,009,662 | R--- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe
[2012.05.17 00:13:10 | 027,567,008 | ---- | M] (TuneUp Software) -- C:\Users\Daniel Graf\AppData\Roaming\OpenCandy\F0251C317E6247008C53DACB721B4E28\TuneUpUtilities2012_de-DE_1002174.exe
[2010.11.28 05:33:42 | 000,426,456 | ---- | M] () -- C:\Users\Daniel Graf\AppData\Roaming\Tysuog\fafozy.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---

Alt 21.11.2012, 23:15   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen;   ADWARE/InstallCore.Gen;  TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!



Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)


Code:
ATTFilter
:Files
C:\Users\Daniel Graf\AppData\Roaming\Tysuog
C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}
C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!
adobe, adware, adware/installcore.gen, autorun, avg, avira, bho, black, bonjour, desktop, error, firefox, flash player, google, home, icreinstall, launch, logfile, mozilla, mp3, nvidia update, online games, programm, realtek, registry, senden, server, software, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, visual studio, warnung



Ähnliche Themen: Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


  1. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  2. ADWARE/InstallCore.gen und ADWARE/InstallCore.E von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (7)
  3. Avira meldet: 'TR/Crypt.Xpack.66163' [trojan] gefunden.
    Log-Analyse und Auswertung - 12.06.2014 (15)
  4. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  5. ADWARE/InstallCore.Gen, ADWARE/Yontoo.Gen und ADWARE/InstallCore.E von AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  6. unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  7. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  8. Trojan.SpyEyes, Trojan.ZbotR.Gen, 2x Trojan.Agent gefunden
    Mülltonne - 14.09.2012 (4)
  9. Trojaner TR/Crypt.xpack.Gen wird gemeldt, in scans nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  10. Unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden und Meldung der Hausbank
    Plagegeister aller Art und deren Bekämpfung - 29.08.2011 (2)
  11. 'TR/Crypt.XPACK.Gen' [trojan] gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (1)
  12. Trojan.ZbotR;Malware Trace; Adware Ezlife;Backdoor.Bot etc...
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (15)
  13. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  14. 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti
    Log-Analyse und Auswertung - 03.05.2010 (21)
  15. 'TR/Crypt.XPACK.Gen' [trojan] gefunden...
    Log-Analyse und Auswertung - 22.11.2009 (4)
  16. TR/Crypt.XPACK.Gen - Trojan 4 mal auf dem pc gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.10.2009 (2)
  17. AION.bin 'TR/Crypt.XPACK.Gen' [trojan] gefunden
    Log-Analyse und Auswertung - 27.09.2009 (3)

Zum Thema Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Hallo zusammen, bitte gebt mir Hilfestellung um oben im Betreff genannte Funde zu beseitigen. Ich habe hier schonmal die Reporte der beiden Scans+OTL beigefügt. mfg Daniel Report Malwarebytes: Malwarebytes Anti-Malware - Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!...
Archiv
Du betrachtest: Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.