Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.01.2013, 18:35   #1
capocap
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



Hallo Zusammen,

ich habe anscheinend einen Trojaner. Mein Desktop ist komplett Schwarz, mein Rechner ziemlich langsam und alles nicht mehr beim alten. ALle Dateien sind weg, oder zumindest ausgeblendet.

Ich bitte um eure Hilfe, vielen Dank!

außerdem bekomm ich desöfteren einen Blauen Bildschrim und der Pc stürzt ab

Alt 17.01.2013, 20:23   #2
markusg
/// Malware-holic
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



hi
starte neu, drücke f8 wähle abgesicherter Modus mit Netzwerk, melde dich im betroffenen Konto an.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 17.01.2013, 20:52   #3
capocap
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.05.2011 16:45:41 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Fabian\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 189,86 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive D: | 75,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\42524408.exe ()
PRC - C:\ProgramData\FEuLFLOIGw.exe (QNP)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\GUARDGUI.EXE (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fabian\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc.              )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (athrusb6) -- C:\Windows\SysNative\drivers\G220Vista64.sys (Atheros Communications, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 F0 60 5E 15 0F CC 01  [binary data]
IE - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.5.8
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.30 01:39:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 01:39:32 | 000,000,000 | ---D | M]
 
[2009.10.07 12:29:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2011.05.06 15:16:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\vjt1rps1.default\extensions
[2009.12.08 23:25:45 | 000,000,000 | -H-D | M] (Html Validator) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\vjt1rps1.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011.02.21 15:43:29 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\vjt1rps1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.02.22 12:03:33 | 000,001,827 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\vjt1rps1.default\searchplugins\bing.xml
[2008.07.10 14:07:28 | 000,000,944 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\vjt1rps1.default\searchplugins\icqplugin.xml
[2009.11.13 23:16:47 | 000,002,149 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\vjt1rps1.default\searchplugins\MyStart Search.xml
[2010.10.12 16:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.12 16:29:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.30 01:39:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.30 01:39:23 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.30 01:39:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.30 01:39:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.30 01:39:23 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-162412649-1261830464-3767678264-1001..\Run: [FEuLFLOIGw] C:\ProgramData\FEuLFLOIGw.exe (QNP)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-162412649-1261830464-3767678264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.03.15 09:50:26 | 000,000,026 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1d6b08a4-0110-11df-98ae-0019663f1a60}\Shell - "" = AutoRun
O33 - MountPoints2\{1d6b08a4-0110-11df-98ae-0019663f1a60}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{ea313776-b2ba-11de-ab47-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ea313776-b2ba-11de-ab47-806e6f6e6963}\Shell\AutoRun\command - "" = D:\open.exe -- [1999.04.07 03:04:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWlan.lnk - C:\PROGRA~2\ZYXELT~1\ZYAIRG~1\ZDWlan.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Fabian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: AccG160 - hkey= - key= - C:\PROGRA~2\ZyConfig\AccG160.exe (accsys)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ManyCam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.10 15:51:14 | 000,000,000 | -H-D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.05.10 15:47:25 | 000,791,393 | -H-- | C] (Lars Hederer                                                ) -- C:\Users\Fabian\Desktop\Erunt-setup.exe
[2011.05.10 15:47:25 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2011.05.10 15:47:25 | 000,446,464 | -H-- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\TFC.exe
[2011.05.10 15:06:35 | 000,510,976 | -H-- | C] (QNP) -- C:\ProgramData\FEuLFLOIGw.exe
[2011.04.27 12:31:59 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.27 12:31:59 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.27 12:31:56 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 12:31:56 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.27 12:31:26 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.27 12:31:26 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.27 12:31:26 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.27 12:31:25 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.27 12:31:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.27 12:31:25 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.27 12:31:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.27 12:30:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.27 12:30:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011.04.15 19:13:14 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.04.15 19:13:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.04.15 19:13:06 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.15 19:13:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.15 19:13:06 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.15 19:12:49 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.15 19:12:49 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.15 19:12:48 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.15 19:12:48 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.15 19:12:40 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.15 19:12:40 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.15 19:12:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.15 19:12:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.15 19:12:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.15 19:12:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.15 19:12:25 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.15 19:12:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.04.15 19:12:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.15 19:12:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.15 19:12:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.15 19:12:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.15 19:12:24 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.15 19:12:24 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.15 19:12:24 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.04.15 19:12:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.15 19:12:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.15 19:12:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.15 19:12:02 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.15 19:12:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.15 19:12:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.15 19:11:54 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.15 19:11:54 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.15 19:11:54 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.15 19:11:53 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.15 19:11:53 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.15 19:11:53 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.15 19:11:53 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.04.15 19:11:50 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.04.11 12:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011.04.11 12:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011.04.11 12:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011.04.11 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011.04.11 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.04.11 12:17:14 | 000,000,000 | -H-D | C] -- C:\Users\Fabian\AppData\Local\{11BFD421-2ADB-4150-B929-9F0F41769E3C}
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.10 16:49:26 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.10 16:49:26 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.10 16:41:16 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42524408
[2011.05.10 16:41:14 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42524408r
[2011.05.10 16:40:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\42524408
[2011.05.10 16:40:51 | 000,438,784 | ---- | M] () -- C:\ProgramData\42524408.exe
[2011.05.10 16:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.10 16:40:32 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.10 15:52:13 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43048696r
[2011.05.10 15:52:13 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43048696
[2011.05.10 15:51:14 | 000,000,631 | -H-- | M] () -- C:\Users\Fabian\Desktop\Windows Recovery.lnk
[2011.05.10 15:51:08 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43048696
[2011.05.10 15:47:35 | 000,791,393 | -H-- | M] (Lars Hederer                                                ) -- C:\Users\Fabian\Desktop\Erunt-setup.exe
[2011.05.10 15:47:28 | 000,446,464 | -H-- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\TFC.exe
[2011.05.10 15:47:27 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2011.05.10 15:06:34 | 000,510,976 | -H-- | M] (QNP) -- C:\ProgramData\FEuLFLOIGw.exe
[2011.05.07 17:20:09 | 001,857,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.07 17:20:09 | 000,965,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.07 17:20:09 | 000,501,498 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.07 17:20:09 | 000,439,874 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.07 17:20:09 | 000,005,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.05 14:51:20 | 223,659,964 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.16 11:40:50 | 002,366,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.05.10 16:41:14 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42524408r
[2011.05.10 16:41:10 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~42524408
[2011.05.10 16:40:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\42524408
[2011.05.10 16:40:51 | 000,438,784 | ---- | C] () -- C:\ProgramData\42524408.exe
[2011.05.10 15:52:13 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43048696r
[2011.05.10 15:52:13 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43048696
[2011.05.10 15:51:14 | 000,000,631 | -H-- | C] () -- C:\Users\Fabian\Desktop\Windows Recovery.lnk
[2011.05.10 15:51:08 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43048696
[2010.10.23 17:27:34 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\uninst_Zyxel.exe
[2010.10.23 17:27:34 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2010.10.23 17:27:31 | 002,981,977 | ---- | C] () -- C:\Windows\SysWow64\odSupp_M.dll
[2010.10.23 17:27:31 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ZDWlan.dll
[2010.10.23 17:27:31 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\PassAPP.dll
[2010.10.23 17:27:31 | 000,036,867 | ---- | C] () -- C:\Windows\SysWow64\ZySecurity.dll
[2010.10.23 17:27:31 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2010.08.31 18:16:11 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2010.02.25 23:13:13 | 000,000,017 | -H-- | C] () -- C:\Users\Fabian\AppData\Local\resmon.resmoncfg
[2009.11.11 07:43:35 | 000,002,528 | -H-- | C] () -- C:\Users\Fabian\AppData\Roaming\$_hpcst$.hpc
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2009.10.07 12:51:24 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\BullGuard
[2010.02.05 16:11:50 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0
[2011.05.03 13:22:26 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2009.12.08 16:12:31 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\JavaEditor
[2010.05.27 18:49:54 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ManyCam
[2010.03.01 22:16:55 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\MessengerDiscovery 2
[2010.02.21 13:53:09 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2009.11.11 07:44:11 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Samsung
[2010.03.04 23:30:31 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds
[2009.10.12 12:47:38 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\TreeCardGames
[2009.10.31 14:12:50 | 000,000,000 | -H-D | M] -- C:\Users\Gast\AppData\Roaming\MessengerDiscovery 2
[2011.02.17 16:00:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.03.21 12:11:46 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Adobe
[2010.07.17 19:43:17 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Apple Computer
[2009.10.07 12:51:24 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\BullGuard
[2010.02.05 16:11:50 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0
[2011.05.03 13:22:26 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2009.10.06 23:05:44 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Identities
[2009.12.08 16:12:31 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\JavaEditor
[2009.10.06 23:07:21 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Macromedia
[2011.02.20 23:11:17 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2010.05.27 18:49:54 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ManyCam
[2009.07.14 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Media Center Programs
[2010.03.01 22:16:55 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\MessengerDiscovery 2
[2010.12.08 16:02:56 | 000,000,000 | --SD | M] -- C:\Users\Fabian\AppData\Roaming\Microsoft
[2009.10.07 12:29:44 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Mozilla
[2010.02.21 13:53:09 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2009.11.11 07:44:11 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Samsung
[2010.10.15 01:34:57 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Skype
[2010.10.15 00:08:15 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\skypePM
[2010.03.04 23:30:31 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds
[2009.10.12 12:47:38 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\TreeCardGames
[2009.10.07 21:49:30 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.02.04 23:58:14 | 000,010,134 | RH-- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2010.02.04 23:58:14 | 000,000,766 | RH-- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2010.05.28 22:44:12 | 053,670,736 | ---- | M] (Apache Friends) -- C:\xampp-win32-1.7.3.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | -H-- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


Bei mir hat sich keine Datei "Extra.txt" geöffnet
__________________

Alt 17.01.2013, 21:47   #4
markusg
/// Malware-holic
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-162412649-1261830464-3767678264-1001..\Run: [FEuLFLOIGw] C:\ProgramData\FEuLFLOIGw.exe (QNP)
[2011.05.10 15:51:14 | 000,000,000 | -H-D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.05.10 16:41:16 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42524408
[2011.05.10 16:41:14 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42524408r
[2011.05.10 16:40:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\42524408
[2011.05.10 16:40:51 | 000,438,784 | ---- | M] () -- C:\ProgramData\42524408.exe
[2011.05.10 15:51:14 | 000,000,631 | -H-- | M] () -- C:\Users\Fabian\Desktop\Windows Recovery.lnk
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
lade unhide:
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.01.2013, 16:54   #5
capocap
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



Hallo,

bei mir befindet sich keine neue Text Datei auf dem Desktop.

Es kommt dann die Fehlermeldung (beim zippen): "Datei nicht gefunden oder keine Leseberechtigung"


Alt 18.01.2013, 17:36   #6
markusg
/// Malware-holic
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



hi
rechtsklick avira schirm, deaktivieren.
archiv erstellen, hochladen, avira reaktivieren.
__________________
--> Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg

Alt 18.01.2013, 17:41   #7
capocap
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



ist hoch geladen

Alt 18.01.2013, 18:27   #8
markusg
/// Malware-holic
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



hi,
danke
hast du unhide.exe benutzt?
falls ja:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.01.2013, 18:36   #9
capocap
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



18:31:13.0094 3872 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:31:13.0645 3872 ============================================================
18:31:13.0645 3872 Current date / time: 2013/01/18 18:31:13.0645
18:31:13.0645 3872 SystemInfo:
18:31:13.0645 3872
18:31:13.0645 3872 OS Version: 6.1.7600 ServicePack: 0.0
18:31:13.0645 3872 Product type: Workstation
18:31:13.0645 3872 ComputerName: FABIAN-PC
18:31:13.0645 3872 UserName: Fabian
18:31:13.0645 3872 Windows directory: C:\Windows
18:31:13.0645 3872 System windows directory: C:\Windows
18:31:13.0645 3872 Running under WOW64
18:31:13.0645 3872 Processor architecture: Intel x64
18:31:13.0645 3872 Number of processors: 4
18:31:13.0645 3872 Page size: 0x1000
18:31:13.0645 3872 Boot type: Normal boot
18:31:13.0645 3872 ============================================================
18:31:14.0848 3872 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3F16B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
18:31:14.0852 3872 ============================================================
18:31:14.0853 3872 \Device\Harddisk0\DR0:
18:31:14.0853 3872 MBR partitions:
18:31:14.0853 3872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:31:14.0853 3872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
18:31:14.0853 3872 ============================================================
18:31:14.0925 3872 C: <-> \Device\Harddisk0\DR0\Partition2
18:31:14.0951 3872 ============================================================
18:31:14.0951 3872 Initialize success
18:31:14.0951 3872 ============================================================
18:34:04.0166 3008 ============================================================
18:34:04.0166 3008 Scan started
18:34:04.0166 3008 Mode: Manual; SigCheck; TDLFS;
18:34:04.0166 3008 ============================================================
18:34:04.0604 3008 ================ Scan system memory ========================
18:34:04.0604 3008 System memory - ok
18:34:04.0604 3008 ================ Scan services =============================
18:34:04.0727 3008 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:34:04.0954 3008 1394ohci - ok
18:34:04.0986 3008 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:34:05.0001 3008 ACPI - ok
18:34:05.0015 3008 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:34:05.0094 3008 AcpiPmi - ok
18:34:05.0135 3008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:34:05.0173 3008 adp94xx - ok
18:34:05.0207 3008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:34:05.0224 3008 adpahci - ok
18:34:05.0241 3008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:34:05.0253 3008 adpu320 - ok
18:34:05.0281 3008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:34:05.0426 3008 AeLookupSvc - ok
18:34:05.0452 3008 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
18:34:05.0548 3008 AFD - ok
18:34:05.0577 3008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:34:05.0635 3008 ALG - ok
18:34:05.0658 3008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:34:05.0666 3008 aliide - ok
18:34:05.0670 3008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:34:05.0679 3008 amdide - ok
18:34:05.0699 3008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:34:05.0731 3008 AmdK8 - ok
18:34:05.0752 3008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:34:05.0791 3008 AmdPPM - ok
18:34:05.0823 3008 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:34:05.0833 3008 amdsata - ok
18:34:05.0853 3008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:34:05.0866 3008 amdsbs - ok
18:34:05.0901 3008 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:34:05.0910 3008 amdxata - ok
18:34:06.0014 3008 [ 9015BC03F62940527EC92D45EE89E46F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:34:06.0038 3008 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
18:34:06.0038 3008 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
18:34:06.0072 3008 [ B8720A787C1223492E6F319465E996CE ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:34:06.0100 3008 AntiVirService ( UnsignedFile.Multi.Generic ) - warning
18:34:06.0100 3008 AntiVirService - detected UnsignedFile.Multi.Generic (1)
18:34:06.0153 3008 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
18:34:06.0252 3008 AppID - ok
18:34:06.0277 3008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:34:06.0326 3008 AppIDSvc - ok
18:34:06.0377 3008 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
18:34:06.0472 3008 Appinfo - ok
18:34:06.0812 3008 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
18:34:06.0830 3008 Apple Mobile Device - ok
18:34:06.0964 3008 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:34:07.0063 3008 AppMgmt - ok
18:34:07.0085 3008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:34:07.0096 3008 arc - ok
18:34:07.0126 3008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:34:07.0137 3008 arcsas - ok
18:34:07.0157 3008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:34:07.0208 3008 AsyncMac - ok
18:34:07.0234 3008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:34:07.0243 3008 atapi - ok
18:34:07.0299 3008 [ BF8CE7FFCC0C2FFFFC9F59B9A8C4DC5C ] athrusb6 C:\Windows\system32\DRIVERS\G220Vista64.sys
18:34:07.0374 3008 athrusb6 - ok
18:34:07.0412 3008 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:34:07.0471 3008 AudioEndpointBuilder - ok
18:34:07.0495 3008 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:34:07.0533 3008 AudioSrv - ok
18:34:07.0562 3008 [ C30B5FC0ADCDFBA7668E99BAF0CBF58E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:34:08.0074 3008 avgntflt - ok
18:34:08.0102 3008 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:34:08.0183 3008 AxInstSV - ok
18:34:08.0211 3008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:34:08.0265 3008 b06bdrv - ok
18:34:08.0291 3008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:34:08.0327 3008 b57nd60a - ok
18:34:08.0362 3008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:34:08.0415 3008 BDESVC - ok
18:34:08.0421 3008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:34:08.0479 3008 Beep - ok
18:34:08.0530 3008 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
18:34:08.0599 3008 BFE - ok
18:34:08.0643 3008 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
18:34:08.0740 3008 BITS - ok
18:34:08.0773 3008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:34:08.0804 3008 blbdrive - ok
18:34:08.0856 3008 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:34:08.0880 3008 Bonjour Service - ok
18:34:08.0931 3008 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:34:08.0979 3008 bowser - ok
18:34:09.0006 3008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:34:09.0069 3008 BrFiltLo - ok
18:34:09.0098 3008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:34:09.0112 3008 BrFiltUp - ok
18:34:09.0173 3008 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
18:34:09.0276 3008 Browser - ok
18:34:09.0340 3008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:34:09.0376 3008 Brserid - ok
18:34:09.0385 3008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:34:09.0416 3008 BrSerWdm - ok
18:34:09.0441 3008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:34:09.0485 3008 BrUsbMdm - ok
18:34:09.0490 3008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:34:09.0509 3008 BrUsbSer - ok
18:34:09.0537 3008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:34:09.0573 3008 BTHMODEM - ok
18:34:09.0613 3008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:34:09.0666 3008 bthserv - ok
18:34:09.0703 3008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:34:09.0750 3008 cdfs - ok
18:34:09.0798 3008 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:34:09.0831 3008 cdrom - ok
18:34:09.0867 3008 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
18:34:09.0923 3008 CertPropSvc - ok
18:34:09.0958 3008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:34:09.0989 3008 circlass - ok
18:34:10.0029 3008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:34:10.0045 3008 CLFS - ok
18:34:10.0088 3008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:34:10.0100 3008 clr_optimization_v2.0.50727_32 - ok
18:34:10.0138 3008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:34:10.0147 3008 clr_optimization_v2.0.50727_64 - ok
18:34:10.0290 3008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:34:10.0298 3008 clr_optimization_v4.0.30319_32 - ok
18:34:10.0427 3008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:34:10.0437 3008 clr_optimization_v4.0.30319_64 - ok
18:34:10.0462 3008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:34:10.0491 3008 CmBatt - ok
18:34:10.0517 3008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:34:10.0526 3008 cmdide - ok
18:34:10.0554 3008 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
18:34:10.0604 3008 CNG - ok
18:34:10.0610 3008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:34:10.0619 3008 Compbatt - ok
18:34:10.0641 3008 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:34:10.0673 3008 CompositeBus - ok
18:34:10.0699 3008 COMSysApp - ok
18:34:10.0723 3008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:34:10.0732 3008 crcdisk - ok
18:34:10.0760 3008 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:34:10.0817 3008 CryptSvc - ok
18:34:10.0857 3008 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
18:34:10.0914 3008 CSC - ok
18:34:10.0941 3008 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
18:34:11.0004 3008 CscService - ok
18:34:11.0033 3008 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:34:11.0106 3008 DcomLaunch - ok
18:34:11.0148 3008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:34:11.0203 3008 defragsvc - ok
18:34:11.0235 3008 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:34:11.0288 3008 DfsC - ok
18:34:11.0331 3008 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
18:34:11.0413 3008 Dhcp - ok
18:34:11.0440 3008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:34:11.0486 3008 discache - ok
18:34:11.0541 3008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:34:11.0551 3008 Disk - ok
18:34:11.0577 3008 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:34:11.0622 3008 Dnscache - ok
18:34:11.0666 3008 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
18:34:11.0719 3008 dot3svc - ok
18:34:11.0747 3008 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
18:34:11.0794 3008 DPS - ok
18:34:11.0832 3008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:34:11.0845 3008 drmkaud - ok
18:34:11.0902 3008 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:34:11.0944 3008 DXGKrnl - ok
18:34:11.0971 3008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:34:12.0021 3008 EapHost - ok
18:34:12.0139 3008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:34:12.0322 3008 ebdrv - ok
18:34:12.0343 3008 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
18:34:12.0376 3008 EFS - ok
18:34:12.0433 3008 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:34:12.0508 3008 ehRecvr - ok
18:34:12.0530 3008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:34:12.0575 3008 ehSched - ok
18:34:12.0615 3008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:34:12.0642 3008 elxstor - ok
18:34:12.0657 3008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:34:12.0684 3008 ErrDev - ok
18:34:12.0744 3008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:34:12.0808 3008 EventSystem - ok
18:34:12.0908 3008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:34:12.0964 3008 exfat - ok
18:34:12.0994 3008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:34:13.0047 3008 fastfat - ok
18:34:13.0118 3008 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
18:34:13.0214 3008 Fax - ok
18:34:13.0253 3008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:34:13.0286 3008 fdc - ok
18:34:13.0312 3008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:34:13.0369 3008 fdPHost - ok
18:34:13.0395 3008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:34:13.0428 3008 FDResPub - ok
18:34:13.0458 3008 [ ECCE54654A19F6CC5E526696680C1827 ] FETNDIS C:\Windows\system32\DRIVERS\fet6x64.sys
18:34:13.0481 3008 FETNDIS - ok
18:34:13.0500 3008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:34:13.0511 3008 FileInfo - ok
18:34:13.0527 3008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:34:13.0581 3008 Filetrace - ok
18:34:13.0615 3008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:34:13.0629 3008 flpydisk - ok
18:34:13.0652 3008 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:34:13.0666 3008 FltMgr - ok
18:34:13.0728 3008 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
18:34:13.0795 3008 FontCache - ok
18:34:13.0833 3008 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:34:13.0840 3008 FontCache3.0.0.0 - ok
18:34:13.0866 3008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:34:13.0875 3008 FsDepends - ok
18:34:13.0888 3008 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:34:13.0897 3008 Fs_Rec - ok
18:34:13.0939 3008 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:34:13.0956 3008 fvevol - ok
18:34:13.0965 3008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:34:13.0975 3008 gagp30kx - ok
18:34:14.0018 3008 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:34:14.0035 3008 GEARAspiWDM - ok
18:34:14.0075 3008 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
18:34:14.0125 3008 gpsvc - ok
18:34:14.0176 3008 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:34:14.0186 3008 gusvc - ok
18:34:14.0214 3008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:34:14.0283 3008 hcw85cir - ok
18:34:14.0321 3008 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:34:14.0358 3008 HdAudAddService - ok
18:34:14.0414 3008 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:34:14.0449 3008 HDAudBus - ok
18:34:14.0468 3008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:34:14.0500 3008 HidBatt - ok
18:34:14.0529 3008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:34:14.0565 3008 HidBth - ok
18:34:14.0592 3008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:34:14.0628 3008 HidIr - ok
18:34:14.0657 3008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:34:14.0703 3008 hidserv - ok
18:34:14.0743 3008 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:34:14.0774 3008 HidUsb - ok
18:34:14.0805 3008 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:34:14.0855 3008 hkmsvc - ok
18:34:14.0887 3008 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:34:14.0918 3008 HomeGroupListener - ok
18:34:14.0942 3008 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:34:14.0965 3008 HomeGroupProvider - ok
18:34:14.0988 3008 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:34:14.0999 3008 HpSAMD - ok
18:34:15.0035 3008 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:34:15.0125 3008 HTTP - ok
18:34:15.0156 3008 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:34:15.0166 3008 hwpolicy - ok
18:34:15.0183 3008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:34:15.0196 3008 i8042prt - ok
18:34:15.0234 3008 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:34:15.0253 3008 iaStorV - ok
18:34:15.0295 3008 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:34:15.0320 3008 idsvc - ok
18:34:15.0349 3008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:34:15.0359 3008 iirsp - ok
18:34:15.0393 3008 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
18:34:15.0467 3008 IKEEXT - ok
18:34:15.0492 3008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:34:15.0500 3008 intelide - ok
18:34:15.0528 3008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:34:15.0555 3008 intelppm - ok
18:34:15.0583 3008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:34:15.0617 3008 IPBusEnum - ok
18:34:15.0638 3008 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:34:15.0673 3008 IpFilterDriver - ok
18:34:15.0734 3008 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:34:15.0811 3008 iphlpsvc - ok
18:34:15.0838 3008 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:34:15.0874 3008 IPMIDRV - ok
18:34:15.0896 3008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:34:15.0949 3008 IPNAT - ok
18:34:16.0026 3008 [ 9EFDBFA57A5876618D8CA31F5806CDED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:34:16.0053 3008 iPod Service - ok
18:34:16.0083 3008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:34:16.0098 3008 IRENUM - ok
18:34:16.0117 3008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:34:16.0125 3008 isapnp - ok
18:34:16.0148 3008 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:34:16.0161 3008 iScsiPrt - ok
18:34:16.0181 3008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:34:16.0191 3008 kbdclass - ok
18:34:16.0212 3008 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:34:16.0245 3008 kbdhid - ok
18:34:16.0266 3008 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
18:34:16.0279 3008 KeyIso - ok
18:34:16.0295 3008 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:34:16.0306 3008 KSecDD - ok
18:34:16.0336 3008 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:34:16.0348 3008 KSecPkg - ok
18:34:16.0369 3008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:34:16.0423 3008 ksthunk - ok
18:34:16.0460 3008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:34:16.0530 3008 KtmRm - ok
18:34:16.0570 3008 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:34:16.0603 3008 LanmanServer - ok
18:34:16.0625 3008 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:34:16.0678 3008 LanmanWorkstation - ok
18:34:16.0723 3008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:34:16.0755 3008 lltdio - ok
18:34:16.0777 3008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:34:16.0814 3008 lltdsvc - ok
18:34:16.0833 3008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:34:16.0866 3008 lmhosts - ok
18:34:16.0893 3008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:34:16.0905 3008 LSI_FC - ok
18:34:16.0929 3008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:34:16.0940 3008 LSI_SAS - ok
18:34:16.0954 3008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:34:16.0963 3008 LSI_SAS2 - ok
18:34:16.0970 3008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:34:16.0981 3008 LSI_SCSI - ok
18:34:16.0998 3008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:34:17.0042 3008 luafv - ok
18:34:17.0083 3008 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
18:34:17.0123 3008 ManyCam - ok
18:34:17.0153 3008 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:34:17.0183 3008 Mcx2Svc - ok
18:34:17.0209 3008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:34:17.0218 3008 megasas - ok
18:34:17.0236 3008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:34:17.0253 3008 MegaSR - ok
18:34:17.0305 3008 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:34:17.0314 3008 Microsoft Office Groove Audit Service - ok
18:34:17.0334 3008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:34:17.0384 3008 MMCSS - ok
18:34:17.0419 3008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:34:17.0473 3008 Modem - ok
18:34:17.0504 3008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:34:17.0535 3008 monitor - ok
18:34:17.0565 3008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:34:17.0575 3008 mouclass - ok
18:34:17.0588 3008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:34:17.0600 3008 mouhid - ok
18:34:17.0629 3008 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:34:17.0640 3008 mountmgr - ok
18:34:17.0698 3008 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:34:17.0707 3008 MozillaMaintenance - ok
18:34:17.0727 3008 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:34:17.0739 3008 mpio - ok
18:34:17.0755 3008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:34:17.0789 3008 mpsdrv - ok
18:34:17.0828 3008 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:34:17.0900 3008 MpsSvc - ok
18:34:17.0927 3008 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:34:17.0959 3008 MRxDAV - ok
18:34:17.0991 3008 [ B7F3D2C40BDF8FFB73EBFB19C77734E2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:34:18.0041 3008 mrxsmb - ok
18:34:18.0066 3008 [ 86C6F88B5168CE21CF8D69D0B3FF5D19 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:34:18.0082 3008 mrxsmb10 - ok
18:34:18.0114 3008 [ B081069251C8E9F42CB8769D07148F9C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:34:18.0144 3008 mrxsmb20 - ok
18:34:18.0176 3008 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:34:18.0185 3008 msahci - ok
18:34:18.0201 3008 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:34:18.0211 3008 msdsm - ok
18:34:18.0231 3008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:34:18.0272 3008 MSDTC - ok
18:34:18.0304 3008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:34:18.0336 3008 Msfs - ok
18:34:18.0351 3008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:34:18.0383 3008 mshidkmdf - ok
18:34:18.0410 3008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:34:18.0418 3008 msisadrv - ok
18:34:18.0455 3008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:34:18.0507 3008 MSiSCSI - ok
18:34:18.0512 3008 msiserver - ok
18:34:18.0552 3008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:34:18.0583 3008 MSKSSRV - ok
18:34:18.0597 3008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:34:18.0657 3008 MSPCLOCK - ok
18:34:18.0691 3008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:34:18.0741 3008 MSPQM - ok
18:34:18.0778 3008 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:34:18.0796 3008 MsRPC - ok
18:34:18.0822 3008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:34:18.0831 3008 mssmbios - ok
18:34:18.0857 3008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:34:18.0888 3008 MSTEE - ok
18:34:18.0898 3008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:34:18.0927 3008 MTConfig - ok
18:34:18.0958 3008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:34:18.0968 3008 Mup - ok
18:34:18.0998 3008 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
18:34:19.0057 3008 napagent - ok
18:34:19.0109 3008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:34:19.0144 3008 NativeWifiP - ok
18:34:19.0198 3008 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:34:19.0244 3008 NDIS - ok
18:34:19.0267 3008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:34:19.0314 3008 NdisCap - ok
18:34:19.0338 3008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:34:19.0385 3008 NdisTapi - ok
18:34:19.0450 3008 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:34:19.0522 3008 Ndisuio - ok
18:34:19.0546 3008 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:34:19.0665 3008 NdisWan - ok
18:34:19.0687 3008 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:34:19.0742 3008 NDProxy - ok
18:34:19.0775 3008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:34:19.0806 3008 NetBIOS - ok
18:34:19.0831 3008 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:34:19.0877 3008 NetBT - ok
18:34:19.0898 3008 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
18:34:19.0911 3008 Netlogon - ok
18:34:19.0942 3008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:34:20.0000 3008 Netman - ok
18:34:20.0201 3008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:34:20.0264 3008 netprofm - ok
18:34:20.0306 3008 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:34:20.0315 3008 NetTcpPortSharing - ok
18:34:20.0346 3008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:34:20.0356 3008 nfrd960 - ok
18:34:20.0381 3008 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:34:20.0441 3008 NlaSvc - ok
18:34:20.0464 3008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:34:20.0497 3008 Npfs - ok
18:34:20.0524 3008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:34:20.0577 3008 nsi - ok
18:34:20.0608 3008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:34:20.0657 3008 nsiproxy - ok
18:34:20.0769 3008 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:34:20.0827 3008 Ntfs - ok
18:34:20.0849 3008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:34:20.0897 3008 Null - ok
18:34:21.0168 3008 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:34:21.0515 3008 nvlddmkm - ok
18:34:21.0654 3008 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:34:21.0665 3008 nvraid - ok
18:34:21.0708 3008 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:34:21.0720 3008 nvstor - ok
18:34:21.0738 3008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:34:21.0749 3008 nv_agp - ok
18:34:21.0813 3008 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:34:21.0829 3008 odserv - ok
18:34:21.0854 3008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:34:21.0887 3008 ohci1394 - ok
18:34:21.0930 3008 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:34:21.0939 3008 ose - ok
18:34:21.0966 3008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:34:22.0018 3008 p2pimsvc - ok
18:34:22.0087 3008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:34:22.0106 3008 p2psvc - ok
18:34:22.0139 3008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:34:22.0152 3008 Parport - ok
18:34:22.0178 3008 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:34:22.0189 3008 partmgr - ok
18:34:22.0223 3008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:34:22.0261 3008 PcaSvc - ok
18:34:22.0295 3008 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
18:34:22.0309 3008 pci - ok
18:34:22.0339 3008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:34:22.0347 3008 pciide - ok
18:34:22.0365 3008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:34:22.0378 3008 pcmcia - ok
18:34:22.0387 3008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:34:22.0397 3008 pcw - ok
18:34:22.0416 3008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:34:22.0478 3008 PEAUTH - ok
18:34:22.0545 3008 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:34:22.0636 3008 PeerDistSvc - ok
18:34:22.0686 3008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:34:22.0719 3008 PerfHost - ok
18:34:22.0796 3008 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
18:34:22.0898 3008 pla - ok
18:34:22.0947 3008 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:34:22.0997 3008 PlugPlay - ok
18:34:23.0029 3008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:34:23.0061 3008 PNRPAutoReg - ok
18:34:23.0091 3008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:34:23.0105 3008 PNRPsvc - ok
18:34:23.0137 3008 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:34:23.0192 3008 PolicyAgent - ok
18:34:23.0223 3008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:34:23.0274 3008 Power - ok
18:34:23.0309 3008 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:34:23.0342 3008 PptpMiniport - ok
18:34:23.0352 3008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:34:23.0364 3008 Processor - ok
18:34:23.0392 3008 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
18:34:23.0445 3008 ProfSvc - ok
18:34:23.0471 3008 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
18:34:23.0484 3008 ProtectedStorage - ok
18:34:23.0507 3008 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:34:23.0559 3008 Psched - ok
18:34:23.0609 3008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:34:23.0663 3008 ql2300 - ok
18:34:23.0685 3008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:34:23.0696 3008 ql40xx - ok
18:34:23.0722 3008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:34:23.0743 3008 QWAVE - ok
18:34:23.0762 3008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:34:23.0778 3008 QWAVEdrv - ok
18:34:23.0791 3008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:34:23.0840 3008 RasAcd - ok
18:34:23.0871 3008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:34:23.0902 3008 RasAgileVpn - ok
18:34:23.0924 3008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:34:23.0973 3008 RasAuto - ok
18:34:24.0011 3008 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:34:24.0062 3008 Rasl2tp - ok
18:34:24.0104 3008 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
18:34:24.0154 3008 RasMan - ok
18:34:24.0173 3008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:34:24.0226 3008 RasPppoe - ok
18:34:24.0250 3008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:34:24.0304 3008 RasSstp - ok
18:34:24.0341 3008 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:34:24.0396 3008 rdbss - ok
18:34:24.0420 3008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:34:24.0435 3008 rdpbus - ok
18:34:24.0459 3008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:34:24.0491 3008 RDPCDD - ok
18:34:24.0520 3008 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:34:24.0572 3008 RDPDR - ok
18:34:24.0598 3008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:34:24.0646 3008 RDPENCDD - ok
18:34:24.0668 3008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:34:24.0701 3008 RDPREFMP - ok
18:34:24.0712 3008 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:34:24.0762 3008 RDPWD - ok
18:34:24.0792 3008 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:34:24.0805 3008 rdyboost - ok
18:34:24.0827 3008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:34:24.0878 3008 RemoteAccess - ok
18:34:24.0916 3008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:34:24.0968 3008 RemoteRegistry - ok
18:34:24.0991 3008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:34:25.0041 3008 RpcEptMapper - ok
18:34:25.0075 3008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:34:25.0101 3008 RpcLocator - ok
18:34:25.0134 3008 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
18:34:25.0171 3008 RpcSs - ok
18:34:25.0199 3008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:34:25.0253 3008 rspndr - ok
18:34:25.0280 3008 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
18:34:25.0330 3008 s3cap - ok
18:34:25.0337 3008 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
18:34:25.0349 3008 SamSs - ok
18:34:25.0363 3008 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:34:25.0374 3008 sbp2port - ok
18:34:25.0398 3008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:34:25.0457 3008 SCardSvr - ok
18:34:25.0489 3008 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:34:25.0539 3008 scfilter - ok
18:34:25.0586 3008 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
18:34:25.0636 3008 Schedule - ok
18:34:25.0660 3008 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:34:25.0693 3008 SCPolicySvc - ok
18:34:25.0718 3008 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:34:25.0771 3008 SDRSVC - ok
18:34:25.0797 3008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:34:25.0840 3008 secdrv - ok
18:34:25.0860 3008 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
18:34:25.0910 3008 seclogon - ok
18:34:25.0933 3008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:34:25.0983 3008 SENS - ok
18:34:26.0002 3008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:34:26.0048 3008 SensrSvc - ok
18:34:26.0067 3008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:34:26.0079 3008 Serenum - ok
18:34:26.0100 3008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:34:26.0131 3008 Serial - ok
18:34:26.0164 3008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:34:26.0175 3008 sermouse - ok
18:34:26.0204 3008 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
18:34:26.0238 3008 SessionEnv - ok
18:34:26.0257 3008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:34:26.0292 3008 sffdisk - ok
18:34:26.0297 3008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:34:26.0316 3008 sffp_mmc - ok
18:34:26.0321 3008 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:34:26.0333 3008 sffp_sd - ok
18:34:26.0345 3008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:34:26.0356 3008 sfloppy - ok
18:34:26.0373 3008 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:34:26.0377 3008 Suspicious file (Forged): C:\Windows\System32\ipnathlp.dll. Real md5: B95F6501A2F8B2E78C697FEC401970CE, Fake md5: F6C9D8806FCDE85CF1BE25B71412AC33
18:34:26.0378 3008 SharedAccess ( ForgedFile.Multi.Generic ) - warning
18:34:26.0378 3008 SharedAccess - detected ForgedFile.Multi.Generic (1)
18:34:26.0406 3008 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:34:26.0429 3008 ShellHWDetection - ok
18:34:26.0473 3008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:34:26.0482 3008 SiSRaid2 - ok
18:34:26.0492 3008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:34:26.0503 3008 SiSRaid4 - ok
18:34:26.0524 3008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:34:26.0579 3008 Smb - ok
18:34:26.0621 3008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:34:26.0633 3008 SNMPTRAP - ok
18:34:26.0656 3008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:34:26.0665 3008 spldr - ok
18:34:26.0698 3008 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
18:34:26.0783 3008 Spooler - ok
18:34:26.0895 3008 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
18:34:27.0031 3008 sppsvc - ok
18:34:27.0060 3008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:34:27.0115 3008 sppuinotify - ok
18:34:27.0154 3008 [ 148D50904D2A0DF29A19778715EB35BB ] srv C:\Windows\system32\DRIVERS\srv.sys
18:34:27.0208 3008 srv - ok
18:34:27.0228 3008 [ CE2189FE31D36678AC9EB7DDEE08EC96 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:34:27.0264 3008 srv2 - ok
18:34:27.0288 3008 [ CB69EDEB069A49577592835659CD0E46 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:34:27.0301 3008 srvnet - ok
18:34:27.0335 3008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:34:27.0392 3008 SSDPSRV - ok
18:34:27.0414 3008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:34:27.0449 3008 SstpSvc - ok
18:34:27.0472 3008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:34:27.0481 3008 stexstor - ok
18:34:27.0513 3008 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
18:34:27.0568 3008 stisvc - ok
18:34:27.0595 3008 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
18:34:27.0605 3008 storflt - ok
18:34:27.0625 3008 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:34:27.0677 3008 StorSvc - ok
18:34:27.0690 3008 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
18:34:27.0700 3008 storvsc - ok
18:34:27.0723 3008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:34:27.0732 3008 swenum - ok
18:34:27.0760 3008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:34:27.0810 3008 swprv - ok
18:34:27.0864 3008 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
18:34:27.0947 3008 SysMain - ok
18:34:27.0975 3008 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:34:28.0007 3008 TabletInputService - ok
18:34:28.0035 3008 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
18:34:28.0097 3008 TapiSrv - ok
18:34:28.0121 3008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:34:28.0154 3008 TBS - ok
18:34:28.0222 3008 [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:34:28.0291 3008 Tcpip - ok
18:34:28.0347 3008 [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:34:28.0384 3008 TCPIP6 - ok
18:34:28.0417 3008 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:34:28.0468 3008 tcpipreg - ok
18:34:28.0493 3008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:34:28.0524 3008 TDPIPE - ok
18:34:28.0541 3008 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:34:28.0595 3008 TDTCP - ok
18:34:28.0621 3008 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:34:28.0654 3008 tdx - ok
18:34:28.0671 3008 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:34:28.0681 3008 TermDD - ok
18:34:28.0719 3008 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
18:34:28.0788 3008 TermService - ok
18:34:28.0813 3008 TFsExDisk - ok
18:34:28.0828 3008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:34:28.0865 3008 Themes - ok
18:34:28.0887 3008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:34:28.0921 3008 THREADORDER - ok
18:34:28.0934 3008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:34:28.0984 3008 TrkWks - ok
18:34:29.0046 3008 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:34:29.0096 3008 TrustedInstaller - ok
18:34:29.0127 3008 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:29.0161 3008 tssecsrv - ok
18:34:29.0197 3008 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:34:29.0248 3008 tunnel - ok
18:34:29.0285 3008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:34:29.0294 3008 uagp35 - ok
18:34:29.0313 3008 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:34:29.0364 3008 udfs - ok
18:34:29.0395 3008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:34:29.0422 3008 UI0Detect - ok
18:34:29.0458 3008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:34:29.0468 3008 uliagpkx - ok
18:34:29.0490 3008 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:34:29.0521 3008 umbus - ok
18:34:29.0542 3008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:34:29.0553 3008 UmPass - ok
18:34:29.0576 3008 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
18:34:29.0613 3008 UmRdpService - ok
18:34:29.0644 3008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:34:29.0693 3008 upnphost - ok
18:34:29.0717 3008 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:29.0730 3008 usbccgp - ok
18:34:29.0752 3008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:34:29.0785 3008 usbcir - ok
18:34:29.0812 3008 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:34:29.0832 3008 usbehci - ok
18:34:29.0862 3008 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:34:29.0887 3008 usbhub - ok
18:34:29.0906 3008 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:34:29.0938 3008 usbohci - ok
18:34:29.0970 3008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:34:29.0999 3008 usbprint - ok
18:34:30.0032 3008 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
18:34:30.0049 3008 USBSTOR - ok
18:34:30.0067 3008 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:34:30.0099 3008 usbuhci - ok
18:34:30.0134 3008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:34:30.0167 3008 UxSms - ok
18:34:30.0177 3008 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
18:34:30.0189 3008 VaultSvc - ok
18:34:30.0218 3008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:34:30.0228 3008 vdrvroot - ok
18:34:30.0262 3008 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
18:34:30.0301 3008 vds - ok
18:34:30.0322 3008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:30.0334 3008 vga - ok
18:34:30.0345 3008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:34:30.0394 3008 VgaSave - ok
18:34:30.0423 3008 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:34:30.0437 3008 vhdmp - ok
18:34:30.0453 3008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:34:30.0462 3008 viaide - ok
18:34:30.0494 3008 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
18:34:30.0507 3008 vmbus - ok
18:34:30.0522 3008 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
18:34:30.0550 3008 VMBusHID - ok
18:34:30.0586 3008 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:34:30.0596 3008 volmgr - ok
18:34:30.0612 3008 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:34:30.0628 3008 volmgrx - ok
18:34:30.0645 3008 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:34:30.0661 3008 volsnap - ok
18:34:30.0691 3008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:34:30.0703 3008 vsmraid - ok
18:34:30.0754 3008 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
18:34:30.0833 3008 VSS - ok
18:34:30.0857 3008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:34:30.0870 3008 vwifibus - ok
18:34:30.0894 3008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:34:30.0933 3008 W32Time - ok
18:34:30.0958 3008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:34:30.0989 3008 WacomPen - ok
18:34:31.0021 3008 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:34:31.0074 3008 WANARP - ok
18:34:31.0096 3008 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:34:31.0128 3008 Wanarpv6 - ok
18:34:31.0187 3008 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
18:34:31.0271 3008 wbengine - ok
18:34:31.0287 3008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:34:31.0306 3008 WbioSrvc - ok
18:34:31.0342 3008 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:34:31.0412 3008 wcncsvc - ok
18:34:31.0430 3008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:34:31.0468 3008 WcsPlugInService - ok
18:34:31.0487 3008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:34:31.0496 3008 Wd - ok
18:34:31.0527 3008 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:34:31.0559 3008 Wdf01000 - ok
18:34:31.0578 3008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:34:31.0618 3008 WdiServiceHost - ok
18:34:31.0636 3008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:34:31.0653 3008 WdiSystemHost - ok
18:34:31.0685 3008 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
18:34:31.0718 3008 WebClient - ok
18:34:31.0741 3008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:34:31.0789 3008 Wecsvc - ok
18:34:31.0806 3008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:34:31.0858 3008 wercplsupport - ok
18:34:31.0890 3008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:34:31.0940 3008 WerSvc - ok
18:34:31.0975 3008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:32.0007 3008 WfpLwf - ok
18:34:32.0022 3008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:34:32.0032 3008 WIMMount - ok
18:34:32.0049 3008 WinDefend - ok
18:34:32.0055 3008 WinHttpAutoProxySvc - ok
18:34:32.0103 3008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:34:32.0137 3008 Winmgmt - ok
18:34:32.0223 3008 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
18:34:32.0346 3008 WinRM - ok
18:34:32.0406 3008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:34:32.0468 3008 Wlansvc - ok
18:34:32.0494 3008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:34:32.0503 3008 WmiAcpi - ok
18:34:32.0531 3008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:34:32.0546 3008 wmiApSrv - ok
18:34:32.0572 3008 WMPNetworkSvc - ok
18:34:32.0588 3008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:34:32.0609 3008 WPCSvc - ok
18:34:32.0626 3008 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:34:32.0660 3008 WPDBusEnum - ok
18:34:32.0692 3008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:34:32.0745 3008 ws2ifsl - ok
18:34:32.0789 3008 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
18:34:32.0837 3008 wscsvc - ok
18:34:32.0841 3008 WSearch - ok
18:34:32.0921 3008 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
18:34:33.0027 3008 wuauserv - ok
18:34:33.0043 3008 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:34:33.0097 3008 WudfPf - ok
18:34:33.0145 3008 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:33.0193 3008 WUDFRd - ok
18:34:33.0225 3008 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:34:33.0258 3008 wudfsvc - ok
18:34:33.0280 3008 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:34:33.0315 3008 WwanSvc - ok
18:34:33.0350 3008 ================ Scan global ===============================
18:34:33.0370 3008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:34:33.0400 3008 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
18:34:33.0416 3008 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
18:34:33.0448 3008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:34:33.0465 3008 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:34:33.0472 3008 [Global] - ok
18:34:33.0472 3008 ================ Scan MBR ==================================
18:34:33.0486 3008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:34:33.0685 3008 \Device\Harddisk0\DR0 - ok
18:34:33.0685 3008 ================ Scan VBR ==================================
18:34:33.0688 3008 [ 234F72724D2BCDFC2205BBE097020B1D ] \Device\Harddisk0\DR0\Partition1
18:34:33.0690 3008 \Device\Harddisk0\DR0\Partition1 - ok
18:34:33.0720 3008 [ 3DB0B1399DEDC04F1F9974FCCFF0A4F5 ] \Device\Harddisk0\DR0\Partition2
18:34:33.0721 3008 \Device\Harddisk0\DR0\Partition2 - ok
18:34:33.0722 3008 ============================================================
18:34:33.0722 3008 Scan finished
18:34:33.0722 3008 ============================================================
18:34:33.0760 3936 Detected object count: 3
18:34:33.0760 3936 Actual detected object count: 3
18:34:51.0906 3936 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:51.0906 3936 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:51.0908 3936 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:51.0908 3936 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:51.0910 3936 SharedAccess ( ForgedFile.Multi.Generic ) - skipped by user
18:34:51.0910 3936 SharedAccess ( ForgedFile.Multi.Generic ) - User select action: Skip

Alt 18.01.2013, 20:39   #10
markusg
/// Malware-holic
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



wie siehts aus, bekomm ich noch ne Antwort auf meine Frage?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.01.2013, 11:00   #11
capocap
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



Ja, habe ich benutzt

Alt 19.01.2013, 17:29   #12
markusg
/// Malware-holic
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2013, 18:43   #13
capocap
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



Die Fehlermeldung, die du genannt hattest, kam nicht.

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-17.04 - Fabian 20.01.2013  18:30:15.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2047.1111 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Adobe\Photoshop.exe
c:\programdata\13295352
c:\programdata\43048696
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
c:\users\Fabian\Desktop\Windows 7 Recovery.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-20 bis 2013-01-20  ))))))))))))))))))))))))))))))
.
.
2013-01-20 17:36 . 2013-01-20 17:36	--------	d-----w-	c:\users\Test\AppData\Local\temp
2013-01-20 17:36 . 2013-01-20 17:36	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-01-20 17:36 . 2013-01-20 17:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-17 17:31 . 2013-01-17 17:31	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-17 17:31 . 2013-01-17 17:31	--------	d-----w-	c:\users\Fabian\AppData\Local\Programs
2013-01-17 17:15 . 2013-01-17 17:16	--------	d-----w-	c:\program files (x86)\Trojancheck 6
2013-01-17 16:56 . 2013-01-17 16:55	859552	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-17 16:56 . 2013-01-17 16:55	780192	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-17 16:56 . 2013-01-17 16:56	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-15 20:13 . 2013-01-15 20:30	--------	d-----w-	c:\users\Fabian\AppData\Local\FullTiltPoker.NET
2013-01-15 20:12 . 2013-01-15 20:30	--------	d-----w-	c:\program files (x86)\Full Tilt Poker.Net
2013-01-14 14:59 . 2013-01-16 10:27	16824	----a-w-	c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2013-01-14 11:47 . 2013-01-14 11:47	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2011-02-20 21:11	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 athrusb6;ZyXEL Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\G220Vista64.sys [2007-05-16 1039360]
.
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\vjt1rps1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-20  18:42:03
ComboFix-quarantined-files.txt  2013-01-20 17:42
.
Vor Suchlauf: 16 Verzeichnis(se), 199.326.912.512 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 199.217.836.032 Bytes frei
.
- - End Of File - - 66A9D03B13851DBFCBCDE36F254A3144
         
--- --- ---

Alt 20.01.2013, 19:49   #14
markusg
/// Malware-holic
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



öffne bitte Malwarebytes Logdateien, poste bisher erstellte Berichte mit Funden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 17:42   #15
capocap
 
Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Standard

Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.02.2011 22:14:13
mbam-log-2011-02-20 (22-14-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 35910
Laufzeit: 2 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Fabian\AppData\Local\Temp\nsc21AB.tmp\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.

oh, ich glaube der erste ist ein älterer!

und der zweite/akutelle:


Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.17.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Fabian :: FABIAN-PC [Administrator]

17.01.2013 18:50:37
mbam-log-2013-01-17 (18-50-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251873
Laufzeit: 4 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery (Trojan.FakeAV) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\Users\Fabian\AppData\Local\Temp\Adobe_Flash_Player.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fabian\Downloads\SoftonicDownloader_fuer_windows-live-messenger.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\13295352.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk (Trojan.FakeAV) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk (Trojan.FakeAV) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Antwort

Themen zu Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg
dateien, desktop, desktop schwarz, hallo zusammen, komplett, langsam, nicht mehr, rechner, schei, schwarz, troja, trojaner, ziemlich, zusammen



Ähnliche Themen: Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg


  1. Desktop bleibt nach Systemstart schwarz, alle Dateien ausgeblendet oder weg. Firefox Öffnung möglich. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (5)
  2. plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (36)
  3. Backdoor.agent.?Desktop schwarz, Dateien versteckt.
    Log-Analyse und Auswertung - 28.03.2013 (17)
  4. Trojaner: Festplatte beschädigt, Desktop schwarz und keine Dateien sichtbar!
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (1)
  5. SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (25)
  6. TR/Crypt.XPACK.Gen , Dateien versteckt, Desktop schwarz
    Log-Analyse und Auswertung - 15.04.2012 (25)
  7. S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt
    Log-Analyse und Auswertung - 10.04.2012 (15)
  8. Verknüpfungen von Desktop gelöscht/ Desktop schwarz und keinen Zugriff auf Dateien
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (1)
  9. Alle Dateien und Programme weg, Desktop schwarz
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (19)
  10. Trojaner eingefangen.. Desktop schwarz und alle Dateien weg
    Log-Analyse und Auswertung - 11.08.2011 (5)
  11. Desktop schwarz, kein Zugriff auf Dateien von Festplatte
    Log-Analyse und Auswertung - 06.07.2011 (29)
  12. Nach Virusmeldung Desktop schwarz & Dateien verschwunden
    Log-Analyse und Auswertung - 05.06.2011 (19)
  13. Desktop schwarz, Dateien versteckt, RAM ausgelastet/Festplattenfehler-Meldung
    Plagegeister aller Art und deren Bekämpfung - 04.06.2011 (7)
  14. Nach Trojaner Desktop schwarz Programme und Dateien verschwunden
    Log-Analyse und Auswertung - 23.05.2011 (39)
  15. TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(
    Log-Analyse und Auswertung - 29.04.2011 (6)
  16. TR/Kazy.mekml.1 Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (12)
  17. TR/Kazy.mekml.1: Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Mülltonne - 21.04.2011 (1)

Zum Thema Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg - Hallo Zusammen, ich habe anscheinend einen Trojaner. Mein Desktop ist komplett Schwarz, mein Rechner ziemlich langsam und alles nicht mehr beim alten. ALle Dateien sind weg, oder zumindest ausgeblendet. Ich - Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg...
Archiv
Du betrachtest: Trojaner: Desktop Schwarz, Dateien ausgeblendet oder weg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.