| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zeus Trojaner und andere MalewareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.02.2013, 12:08
| #1 |
 |  Zeus Trojaner und andere Maleware Zeus Trojaner und andere Maleware: Also, ich erhielt vor kurzem einen Brief von meinem Internetanbieter, in dem stand, dass mein Rechner mit dem trojaner Zeus/Zbot infiziert sei. Ich ließ also wie gewohnt Antivir durchlaufen und es wurden 2 Trojaner gefunden (hatte vor 2 Wochen schon einmal 3 Zbot Trojaner, die ich entfernte). Jedoch war keiner von diesen Trojaner der besagte Zeus Trojaner, sondern beides Fareit-Trojaner. Darauf habe ich Internet nachgeschaut und bin auf diese wundervolle Seite verwiesen worden  .Durch die Empfehlungen dieser Seite holte ich mir das Programm Malewarebytes. Dies hat nun noch einmal 3 Malewares gefunden, nämlich 1 Adware und 2 Backdoor-Trojaner, die ich in die Quarantäne vorschoben habe und den log gespeichert habe!Der gesuchte Zeus Virus ist allerdings immer noch nicht aufgetaucht und ich vermute auch noch weitere Viren auf meinem Rechner. Nun meine Frage: Wie soll ich verfahren, um den Zeus Virus zu finden und was soll ich mit den andren Viren machen. Im Anhang befindet sich der Logbericht. |
|
15.02.2013, 13:06
| #2 |
| /// Malware-holic   | Zeus Trojaner und andere Maleware Hi
__________________öffne bitte Avira, poste alle Fundmeldungen. http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
|
17.02.2013, 23:49
| #3 |
| | Zeus Trojaner und andere Maleware Exportierte Ereignisse:
__________________13.02.2013 15:55 [System-Scanner] Malware gefunden Die Datei 'E:\FELIXPC\Backup Set 2013-01-20 210409\Backup Files 2013-02-10 202222\Backup files 4.zip' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Fareit.I.191' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58f30b89.qua' verschoben! 13.02.2013 15:55 [System-Scanner] Malware gefunden Die Datei 'C:\Users\felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36cd0824-7827a 8c0' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Fareit.I.191' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '40642454.qua' verschoben! 06.02.2013 19:56 [System-Scanner] Malware gefunden Die Datei 'C:\Users\felix\AppData\Roaming\Joqoy\vofo.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.1903' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59c933ad.qua' verschoben! Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2495919175-3952538426-581119390-1002\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run\{3F01554F-762A-AD41-15AA-3AE32E8E19FE}> wurde erfolgreich repariert. 06.02.2013 19:43 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\felix\AppData\Roaming\Joqoy\vofo.exe' wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.1903' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 24.01.2013 23:03 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://get-your-bet.org/?script=1&referer=" wurde ein Virus oder unerwünschtes Programm 'JS/JEHBlock.A' [virus] gefunden. Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert 21.01.2013 23:37 [System-Scanner] Malware gefunden Die Datei 'C:\Users\felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\23e27192-35903 efe' enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-0422' [exploit]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. 20.01.2013 22:16 [System-Scanner] Malware gefunden Die Datei 'E:\FELIXPC\Backup Set 2012-12-09 220943\Backup Files 2013-01-20 190000\Backup files 3.zip' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.8181' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. 20.01.2013 22:16 [System-Scanner] Malware gefunden Die Datei 'E:\FELIXPC\Backup Set 2013-01-20 210409\Backup Files 2013-01-20 210409\Backup files 20.zip' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.8181' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. 20.01.2013 22:16 [System-Scanner] Malware gefunden Die Datei 'C:\Users\felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\23e27192-4a4a0 c7c' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.8181' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. 20.01.2013 18:42 [System-Scanner] Malware gefunden Die Datei 'C:\Users\felix\AppData\Roaming\Raittu\ryiz.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.8181' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. Ich hoffe du meinst das hier, weil die Reports von den einzelnen hab ich leider nicht mehr alle!! PS: Sry für die lange Wartezeit, war eine Zeit lang nicht am PC! |
|
18.02.2013, 14:53
| #4 |
| /// Malware-holic | Zeus Trojaner und andere Maleware Hi nutzt du das Gerät für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2013, 20:00
| #5 |
| | Zeus Trojaner und andere Maleware Nein zum Glück nicht!!! Das wäre fatal! Habe nur einmal eine paysafecard eingelöst die aber schon fast aufgebraucht ist! Ich habe im Internet gelesen Trojaner verbreiten sich nicht, habe aber Angst, dass es die Malware doch irgendwie über das heimnetzwerk auf andere PC's schafft. Mein Vater nutzt nämlich seinen PC für Onlinebanking. Muss ich mir Sorgen machen oder gar mein PC neu aufsetzen?? |
|
18.02.2013, 20:39
| #6 |
| /// Malware-holic | Zeus Trojaner und andere Maleware hi, verbreiten wird sich die Malware nicht, hinweisen möchte ich aber auf folgenes: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. teile mir mit, wies weiter geht.
__________________ --> Zeus Trojaner und andere Maleware |
|
18.02.2013, 21:22
| #7 |
| | Zeus Trojaner und andere Maleware Also erstmal möchte ich nicht formatieren. Das wäre dann die Notlösung. In dem Telekom-Brief waren ein paar Programme genannt, die den Virus finden und löschen können sollen. Das wird mein nächster Schritt sein! Ich halte dich auf dem laufenden sobald ich etwas habe! |
|
18.02.2013, 21:38
| #8 |
| /// Malware-holic | Zeus Trojaner und andere Maleware nein, dein nächster Scritt wird das sein: führe bitte nur von mir angewiesenes aus. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 15:07
| #9 |
| | Zeus Trojaner und andere Maleware Habe alles so gemacht. Eine Datei ist im Anhang die andere ist zu groß. Ich schreibe sie jetzt einfach mal hier rein. Wenn du sie anderst haben willst, musst du es sagen! OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.02.2013 14:51:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,92 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,75% Memory free 15,84 Gb Paging File | 14,07 Gb Available in Paging File | 88,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,90 Gb Total Space | 5,93 Gb Free Space | 10,61% Space Free | Partition Type: NTFS Drive D: | 1464,84 Gb Total Space | 1217,05 Gb Free Space | 83,08% Space Free | Partition Type: NTFS Drive E: | 398,05 Gb Total Space | 57,98 Gb Free Space | 14,57% Space Free | Partition Type: NTFS Computer Name: FELIXPC | User Name: root | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.19 14:50:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2013.02.13 11:43:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.13 11:43:43 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.13 11:43:42 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.13 11:43:42 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.13 20:51:56 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.05.20 15:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 12:54:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.09 22:50:46 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll MOD - [2013.01.09 22:50:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll MOD - [2013.01.09 19:54:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 19:54:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 19:54:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.09 19:54:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 19:54:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 19:54:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 19:54:04 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.23 13:11:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.13 11:43:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.13 11:43:43 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.13 11:43:42 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.08 14:04:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Software\hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.13 20:51:56 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.06.14 23:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 17:11:26 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 17:11:26 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.12 09:14:23 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2) DRV:64bit: - [2011.10.15 11:48:07 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2011.08.23 20:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.08.17 11:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.08.17 11:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.14 10:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.05.20 15:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2012.04.19 10:13:50 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Software\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0AA6E94E-A1B2-42F7-BDBF-4F597EBAF0BD} IE:64bit: - HKLM\..\SearchScopes\{0AA6E94E-A1B2-42F7-BDBF-4F597EBAF0BD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{2597ED5E-7834-4663-9B6A-D8E433E3E74C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=hp&exp=true IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=ds&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..browser.startup.homepage: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=hp" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=91ef4bec-35c9-4290-9d19-ccf8b3a10124&searchtype=ds&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: D:\Software\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Software\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.16 22:02:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 18:33:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.12 09:08:21 | 000,000,000 | ---D | M] [2011.12.12 09:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions [2013.01.31 19:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\o89oo871.default\extensions [2012.07.14 14:47:07 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\o89oo871.default\extensions\ffxtlbr@Facemoods.com [2013.01.31 19:14:29 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\o89oo871.default\extensions\helperbar@helperbar.com [2013.01.31 19:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\o89oo871.default\extensions\staged [2012.11.03 18:08:44 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\o89oo871.default\extensions\toolbar@ask.com [2012.10.19 02:23:34 | 000,002,333 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\o89oo871.default\searchplugins\askcom.xml [2013.01.31 19:14:30 | 000,002,399 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\o89oo871.default\searchplugins\Web Search.xml [2012.06.20 18:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O89OO871.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} [2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Software\Java\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Software\Java\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Software\hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\root\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Software\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = haggenmueller.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32581B75-5003-4EED-BB76-904C0DFCF5D4}: NameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91ACD172-5EF9-411F-85D2-BCB8BC563EB9}: DhcpNameServer = 10.74.210.210 10.74.210.211 O18:64bit: - Protocol\Handler\inbox - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2ef0aac8-2347-11e1-99bf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2ef0aac8-2347-11e1-99bf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.15 11:33:23 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Malwarebytes [2013.02.15 11:33:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.15 11:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.15 11:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.15 11:32:33 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Programs [2013.01.31 19:14:22 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Smartbar [2013.01.30 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Image-Line [2013.01.30 22:22:08 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll [2013.01.30 22:22:08 | 000,000,000 | ---D | C] -- C:\Users\root\Documents\Image-Line [2013.01.30 22:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [2013.01.30 22:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim [2013.01.30 22:22:00 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [2013.01.30 21:20:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line [2013.01.24 16:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.24 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.24 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.01.24 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.24 16:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.01.20 22:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.19 14:35:28 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 14:35:28 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 14:34:42 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.19 14:34:42 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.19 14:34:42 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.19 14:34:42 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.19 14:34:42 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.19 14:28:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.19 14:28:13 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys [2013.02.18 23:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.18 22:01:30 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.18 22:01:30 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.17 22:54:49 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.13 12:53:33 | 000,326,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.30 22:22:08 | 000,000,661 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk [2013.01.29 17:48:20 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Tony Hawk's Underground 2.lnk [2013.01.24 16:18:45 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.30 22:22:08 | 000,000,661 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk [2012.12.16 12:58:03 | 000,000,283 | ---- | C] () -- C:\Windows\thug2.ini [2012.10.25 21:29:25 | 000,017,408 | ---- | C] () -- C:\Users\root\AppData\Local\WebpageIcons.db [2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.23 17:57:33 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.23 17:57:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.09.13 09:38:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.12.12 09:20:23 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Canneverbe_Limited [2013.01.16 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoft [2012.07.12 13:57:11 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DVDVideoSoftIEHelpers [2013.01.16 18:56:51 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\HandBrake [2013.01.30 22:30:35 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Image-Line [2013.01.30 22:22:08 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\OpenCandy [2012.01.23 17:26:14 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Origin [2012.09.13 13:00:15 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\PunkBuster [2011.12.12 09:08:23 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Thunderbird [2012.07.11 16:20:46 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.05.09 13:01:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.10.31 14:01:34 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.12.10 17:30:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.10.31 13:53:32 | 000,000,000 | ---D | M] -- C:\Driver [2011.10.31 13:53:58 | 000,000,000 | ---D | M] -- C:\Inst [2012.06.10 14:40:42 | 000,000,000 | ---D | M] -- C:\Intel [2012.03.13 20:55:54 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.24 16:18:40 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.18 00:24:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.17 23:32:20 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.12.10 17:30:17 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.07 22:51:51 | 000,000,000 | ---D | M] -- C:\PSFONTS [2011.12.10 17:30:17 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.19 14:52:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.14 16:49:15 | 000,000,000 | ---D | M] -- C:\Temp [2012.10.14 16:13:22 | 000,000,000 | ---D | M] -- C:\tmp [2012.05.01 13:55:39 | 000,000,000 | R--D | M] -- C:\Users [2013.01.25 16:48:38 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.10 15:46:36 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.02.19 14:51:25 | 001,048,576 | -HS- | M] () -- C:\Users\root\ntuser.dat [2013.02.19 14:51:25 | 000,262,144 | -HS- | M] () -- C:\Users\root\ntuser.dat.LOG1 [2011.12.10 17:30:18 | 000,000,000 | -HS- | M] () -- C:\Users\root\ntuser.dat.LOG2 [2011.12.10 17:53:44 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.12.10 17:53:44 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.12.10 17:53:44 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.05.25 19:20:06 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{0dd20b7f-a696-11e1-ad81-50e5495bdd3a}.TM.blf [2012.05.25 19:20:06 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{0dd20b7f-a696-11e1-ad81-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.05.25 19:20:06 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{0dd20b7f-a696-11e1-ad81-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.08.27 17:37:38 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{11de429c-f064-11e1-b97d-50e5495bdd3a}.TM.blf [2012.08.27 17:37:38 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{11de429c-f064-11e1-b97d-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.08.27 17:37:38 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{11de429c-f064-11e1-b97d-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.01.23 17:15:38 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{15947d11-45dc-11e1-b93c-50e5495bdd3a}.TM.blf [2012.01.23 17:15:38 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{15947d11-45dc-11e1-b93c-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.01.23 17:15:38 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{15947d11-45dc-11e1-b93c-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.07.14 22:15:54 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{1f0cde1b-cde4-11e1-adb7-50e5495bdd3a}.TM.blf [2012.07.14 22:15:54 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{1f0cde1b-cde4-11e1-adb7-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.07.14 22:15:54 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{1f0cde1b-cde4-11e1-adb7-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2013.01.29 16:22:13 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{21ecba7a-6a26-11e2-8c38-50e5495bdd3a}.TM.blf [2013.01.29 16:22:13 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{21ecba7a-6a26-11e2-8c38-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.01.29 16:22:13 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{21ecba7a-6a26-11e2-8c38-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.06.14 20:46:07 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{2dd36a01-b659-11e1-ae15-50e5495bdd3a}.TM.blf [2012.06.14 20:46:07 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{2dd36a01-b659-11e1-ae15-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.06.14 20:46:07 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{2dd36a01-b659-11e1-ae15-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.09.06 18:21:41 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{2f13cd9e-f829-11e1-ae49-50e5495bdd3a}.TM.blf [2012.09.06 18:21:41 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{2f13cd9e-f829-11e1-ae49-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.09.06 18:21:41 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{2f13cd9e-f829-11e1-ae49-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.06.19 16:42:40 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{3f3a215b-ba25-11e1-b942-50e5495bdd3a}.TM.blf [2012.06.19 16:42:40 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{3f3a215b-ba25-11e1-b942-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.06.19 16:42:40 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{3f3a215b-ba25-11e1-b942-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.06.10 14:25:16 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{499fdeb5-b2ee-11e1-bb70-50e5495bdd3a}.TM.blf [2012.06.10 14:25:16 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{499fdeb5-b2ee-11e1-bb70-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.06.10 14:25:16 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{499fdeb5-b2ee-11e1-bb70-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.08.19 14:43:27 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{4ec4eee5-ea03-11e1-b956-50e5495bdd3a}.TM.blf [2012.08.19 14:43:27 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{4ec4eee5-ea03-11e1-b956-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.08.19 14:43:27 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{4ec4eee5-ea03-11e1-b956-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.12.08 16:48:52 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{512e2c09-4147-11e2-8c69-50e5495bdd3a}.TM.blf [2012.12.08 16:48:52 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{512e2c09-4147-11e2-8c69-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.12.08 16:48:52 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{512e2c09-4147-11e2-8c69-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.09.14 19:46:13 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{5355b98f-fe82-11e1-b898-50e5495bdd3a}.TM.blf [2012.09.14 19:46:13 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{5355b98f-fe82-11e1-b898-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.09.14 19:46:13 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{5355b98f-fe82-11e1-b898-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.07.02 22:35:11 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{53e371a9-c483-11e1-b9d6-50e5495bdd3a}.TM.blf [2012.07.02 22:35:11 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{53e371a9-c483-11e1-b9d6-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.07.02 22:35:11 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{53e371a9-c483-11e1-b9d6-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2013.01.12 20:59:35 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{55a5b1a4-5cbe-11e2-8bd7-50e5495bdd3a}.TM.blf [2013.01.12 20:59:35 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{55a5b1a4-5cbe-11e2-8bd7-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.01.12 20:59:35 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{55a5b1a4-5cbe-11e2-8bd7-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.02.06 17:20:09 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{5f07237a-50dc-11e1-ad55-50e5495bdd3a}.TM.blf [2012.02.06 17:20:09 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{5f07237a-50dc-11e1-ad55-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.02.06 17:20:09 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{5f07237a-50dc-11e1-ad55-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.12.05 16:24:30 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{652a2188-3eec-11e2-8a9a-50e5495bdd3a}.TM.blf [2012.12.05 16:24:30 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{652a2188-3eec-11e2-8a9a-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.12.05 16:24:30 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{652a2188-3eec-11e2-8a9a-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.02.07 22:21:19 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{68228b98-51cf-11e1-b8dd-50e5495bdd3a}.TM.blf [2012.02.07 22:21:19 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{68228b98-51cf-11e1-b8dd-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.02.07 22:21:19 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{68228b98-51cf-11e1-b8dd-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.06.26 21:32:16 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{71232910-bfcd-11e1-ba33-ae603e4bd60d}.TM.blf [2012.06.26 21:32:16 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{71232910-bfcd-11e1-ba33-ae603e4bd60d}.TMContainer00000000000000000001.regtrans-ms [2012.06.26 21:32:16 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{71232910-bfcd-11e1-ba33-ae603e4bd60d}.TMContainer00000000000000000002.regtrans-ms [2013.01.27 13:29:51 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{725de122-67b6-11e2-8ba6-50e5495bdd3a}.TM.blf [2013.01.27 13:29:51 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{725de122-67b6-11e2-8ba6-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.01.27 13:29:51 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{725de122-67b6-11e2-8ba6-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2013.02.11 14:48:55 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{7b9aaf23-7440-11e2-8c47-50e5495bdd3a}.TM.blf [2013.02.11 14:48:55 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{7b9aaf23-7440-11e2-8c47-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.02.11 14:48:55 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{7b9aaf23-7440-11e2-8c47-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.10.07 18:17:57 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{7f3cb495-10a1-11e2-adee-50e5495bdd3a}.TM.blf [2012.10.07 18:17:57 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{7f3cb495-10a1-11e2-adee-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.10.07 18:17:57 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{7f3cb495-10a1-11e2-adee-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2013.02.15 11:32:32 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{7f89427a-775a-11e2-8c4c-50e5495bdd3a}.TM.blf [2013.02.15 11:32:32 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{7f89427a-775a-11e2-8c4c-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.02.15 11:32:32 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{7f89427a-775a-11e2-8c4c-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.03.13 20:52:54 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{838a34f8-6d41-11e1-ba54-50e5495bdd3a}.TM.blf [2012.03.13 20:52:54 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{838a34f8-6d41-11e1-ba54-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.03.13 20:52:54 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{838a34f8-6d41-11e1-ba54-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.08.03 12:52:19 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{8b825992-dd60-11e1-b970-50e5495bdd3a}.TM.blf [2012.08.03 12:52:19 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{8b825992-dd60-11e1-b970-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.08.03 12:52:19 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{8b825992-dd60-11e1-b970-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.11.18 19:00:00 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{97225093-3196-11e2-add5-50e5495bdd3a}.TM.blf [2012.11.18 19:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{97225093-3196-11e2-add5-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.11.18 19:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{97225093-3196-11e2-add5-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2013.01.30 21:20:22 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{994b4884-6b11-11e2-8c52-50e5495bdd3a}.TM.blf [2013.01.30 21:20:22 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{994b4884-6b11-11e2-8c52-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.01.30 21:20:22 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{994b4884-6b11-11e2-8c52-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.08.09 19:52:34 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{a10ced06-e252-11e1-979a-50e5495bdd3a}.TM.blf [2012.08.09 19:52:34 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{a10ced06-e252-11e1-979a-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.08.09 19:52:34 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{a10ced06-e252-11e1-979a-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.02.20 16:15:37 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{a4dae628-5bca-11e1-b924-50e5495bdd3a}.TM.blf [2012.02.20 16:15:37 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{a4dae628-5bca-11e1-b924-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.02.20 16:15:37 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{a4dae628-5bca-11e1-b924-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.06.26 15:28:56 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{b4b06f6a-bf9a-11e1-af1b-50e5495bdd3a}.TM.blf [2012.06.26 15:28:56 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{b4b06f6a-bf9a-11e1-af1b-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.06.26 15:28:56 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{b4b06f6a-bf9a-11e1-af1b-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2013.01.14 16:00:01 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{d13b6602-5e58-11e2-b93f-50e5495bdd3a}.TM.blf [2013.01.14 16:00:01 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{d13b6602-5e58-11e2-b93f-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.01.14 16:00:01 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{d13b6602-5e58-11e2-b93f-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.12.23 23:23:08 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{d2880228-4d3e-11e2-a1cf-50e5495bdd3a}.TM.blf [2012.12.23 23:23:08 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{d2880228-4d3e-11e2-a1cf-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.12.23 23:23:08 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{d2880228-4d3e-11e2-a1cf-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.11.25 19:00:01 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{d3a261a8-36f2-11e2-b8a3-50e5495bdd3a}.TM.blf [2012.11.25 19:00:01 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{d3a261a8-36f2-11e2-b8a3-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.11.25 19:00:01 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{d3a261a8-36f2-11e2-b8a3-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.09.04 21:06:19 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{d88e7e21-f6c6-11e1-b8a3-50e5495bdd3a}.TM.blf [2012.09.04 21:06:19 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{d88e7e21-f6c6-11e1-b8a3-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.09.04 21:06:19 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{d88e7e21-f6c6-11e1-b8a3-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2013.01.11 21:32:48 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{dd8faaf9-5c2d-11e2-8b8e-50e5495bdd3a}.TM.blf [2013.01.11 21:32:48 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{dd8faaf9-5c2d-11e2-8b8e-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.01.11 21:32:48 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{dd8faaf9-5c2d-11e2-8b8e-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.09.23 08:45:26 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{e7deac90-0551-11e2-b907-50e5495bdd3a}.TM.blf [2012.09.23 08:45:26 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{e7deac90-0551-11e2-b907-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.09.23 08:45:26 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{e7deac90-0551-11e2-b907-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.05.08 16:53:30 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{ee5c8428-991c-11e1-9711-50e5495bdd3a}.TM.blf [2012.05.08 16:53:30 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{ee5c8428-991c-11e1-9711-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.05.08 16:53:30 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{ee5c8428-991c-11e1-9711-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2011.12.26 23:34:51 | 000,065,536 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{f00f561b-2fd2-11e1-a28e-50e5495bdd3a}.TM.blf [2011.12.26 23:34:51 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{f00f561b-2fd2-11e1-a28e-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2011.12.26 23:34:51 | 000,524,288 | -HS- | M] () -- C:\Users\root\NTUSER.DAT{f00f561b-2fd2-11e1-a28e-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2012.10.20 19:11:15 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{f07562fc-1aba-11e2-8c0e-edbf65af1e73}.TM.blf [2012.10.20 19:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{f07562fc-1aba-11e2-8c0e-edbf65af1e73}.TMContainer00000000000000000001.regtrans-ms [2012.10.20 19:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{f07562fc-1aba-11e2-8c0e-edbf65af1e73}.TMContainer00000000000000000002.regtrans-ms [2012.11.03 16:30:53 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{f0e1231a-25b9-11e2-b7c3-50e5495bdd3a}.TM.blf [2012.11.03 16:30:53 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{f0e1231a-25b9-11e2-b7c3-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2012.11.03 16:30:53 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{f0e1231a-25b9-11e2-b7c3-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2013.01.09 15:16:36 | 000,065,536 | -HS- | M] () -- C:\Users\root\ntuser.dat{ffd5cd7a-5a63-11e2-b88e-50e5495bdd3a}.TM.blf [2013.01.09 15:16:36 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{ffd5cd7a-5a63-11e2-b88e-50e5495bdd3a}.TMContainer00000000000000000001.regtrans-ms [2013.01.09 15:16:36 | 000,524,288 | -HS- | M] () -- C:\Users\root\ntuser.dat{ffd5cd7a-5a63-11e2-b88e-50e5495bdd3a}.TMContainer00000000000000000002.regtrans-ms [2011.12.10 17:30:18 | 000,000,020 | -HS- | M] () -- C:\Users\root\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
19.02.2013, 17:01
| #10 |
| /// Malware-holic | Zeus Trojaner und andere Maleware hi, [OTLFIX]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 19:08
| #11 |
| | Zeus Trojaner und andere Maleware Was meinst du damit? |
|
19.02.2013, 19:11
| #12 |
| /// Malware-holic | Zeus Trojaner und andere Maleware hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 23:11
| #13 |
| | Zeus Trojaner und andere Maleware Ich hoffe Quarantäne macht nix hab es aus Versehen in Quarantäne geschoben  HTML-Code: 23:06:01.0082 4824 Scan started 23:06:01.0082 4824 Mode: Manual; SigCheck; TDLFS; 23:06:01.0082 4824 ============================================================ 23:06:01.0144 4824 ================ Scan system memory ======================== 23:06:01.0144 4824 System memory - ok 23:06:01.0144 4824 ================ Scan services ============================= 23:06:01.0175 4824 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:06:01.0191 4824 1394ohci - ok 23:06:01.0191 4824 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:06:01.0207 4824 ACPI - ok 23:06:01.0207 4824 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:06:01.0207 4824 AcpiPmi - ok 23:06:01.0207 4824 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:06:01.0222 4824 AdobeARMservice - ok 23:06:01.0238 4824 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 23:06:01.0238 4824 AdobeFlashPlayerUpdateSvc - ok 23:06:01.0253 4824 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 23:06:01.0269 4824 adp94xx - ok 23:06:01.0269 4824 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 23:06:01.0269 4824 adpahci - ok 23:06:01.0285 4824 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 23:06:01.0285 4824 adpu320 - ok 23:06:01.0285 4824 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:06:01.0316 4824 AeLookupSvc - ok 23:06:01.0316 4824 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 23:06:01.0331 4824 AFD - ok 23:06:01.0331 4824 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 23:06:01.0331 4824 agp440 - ok 23:06:01.0347 4824 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 23:06:01.0347 4824 ALG - ok 23:06:01.0347 4824 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 23:06:01.0347 4824 aliide - ok 23:06:01.0363 4824 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 23:06:01.0363 4824 amdide - ok 23:06:01.0363 4824 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 23:06:01.0363 4824 AmdK8 - ok 23:06:01.0378 4824 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 23:06:01.0378 4824 AmdPPM - ok 23:06:01.0378 4824 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:06:01.0394 4824 amdsata - ok 23:06:01.0394 4824 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 23:06:01.0394 4824 amdsbs - ok 23:06:01.0394 4824 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:06:01.0409 4824 amdxata - ok 23:06:01.0409 4824 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 23:06:01.0409 4824 AntiVirSchedulerService - ok 23:06:01.0425 4824 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 23:06:01.0425 4824 AntiVirService - ok 23:06:01.0425 4824 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 23:06:01.0441 4824 AntiVirWebService - ok 23:06:01.0441 4824 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 23:06:01.0456 4824 AppID - ok 23:06:01.0456 4824 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:06:01.0487 4824 AppIDSvc - ok 23:06:01.0487 4824 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 23:06:01.0503 4824 Appinfo - ok 23:06:01.0503 4824 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:06:01.0519 4824 Apple Mobile Device - ok 23:06:01.0519 4824 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 23:06:01.0519 4824 arc - ok 23:06:01.0519 4824 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 23:06:01.0534 4824 arcsas - ok 23:06:01.0534 4824 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:06:01.0550 4824 AsyncMac - ok 23:06:01.0550 4824 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 23:06:01.0565 4824 atapi - ok 23:06:01.0581 4824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:06:01.0597 4824 AudioEndpointBuilder - ok 23:06:01.0612 4824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 23:06:01.0628 4824 AudioSrv - ok 23:06:01.0628 4824 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 23:06:01.0643 4824 avgntflt - ok 23:06:01.0643 4824 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 23:06:01.0643 4824 avipbb - ok 23:06:01.0659 4824 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 23:06:01.0659 4824 avkmgr - ok 23:06:01.0659 4824 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:06:01.0675 4824 AxInstSV - ok 23:06:01.0675 4824 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 23:06:01.0690 4824 b06bdrv - ok 23:06:01.0690 4824 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 23:06:01.0690 4824 b57nd60a - ok 23:06:01.0706 4824 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 23:06:01.0706 4824 BDESVC - ok 23:06:01.0706 4824 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 23:06:01.0721 4824 Beep - ok 23:06:01.0737 4824 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 23:06:01.0768 4824 BFE - ok 23:06:01.0768 4824 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 23:06:01.0799 4824 BITS - ok 23:06:01.0799 4824 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 23:06:01.0815 4824 blbdrive - ok 23:06:01.0815 4824 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 23:06:01.0831 4824 Bonjour Service - ok 23:06:01.0831 4824 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:06:01.0831 4824 bowser - ok 23:06:01.0846 4824 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 23:06:01.0846 4824 BrFiltLo - ok 23:06:01.0846 4824 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 23:06:01.0862 4824 BrFiltUp - ok 23:06:01.0862 4824 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 23:06:01.0862 4824 Browser - ok 23:06:01.0877 4824 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:06:01.0877 4824 Brserid - ok 23:06:01.0877 4824 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:06:01.0893 4824 BrSerWdm - ok 23:06:01.0893 4824 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:06:01.0893 4824 BrUsbMdm - ok 23:06:01.0893 4824 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:06:01.0909 4824 BrUsbSer - ok 23:06:01.0909 4824 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 23:06:01.0909 4824 BTHMODEM - ok 23:06:01.0924 4824 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 23:06:01.0940 4824 bthserv - ok 23:06:01.0940 4824 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:06:01.0971 4824 cdfs - ok 23:06:01.0971 4824 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 23:06:01.0971 4824 cdrom - ok 23:06:01.0971 4824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 23:06:02.0002 4824 CertPropSvc - ok 23:06:02.0002 4824 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 23:06:02.0002 4824 circlass - ok 23:06:02.0018 4824 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 23:06:02.0018 4824 CLFS - ok 23:06:02.0033 4824 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:06:02.0033 4824 clr_optimization_v2.0.50727_32 - ok 23:06:02.0033 4824 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:06:02.0049 4824 clr_optimization_v2.0.50727_64 - ok 23:06:02.0049 4824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:06:02.0049 4824 clr_optimization_v4.0.30319_32 - ok 23:06:02.0065 4824 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:06:02.0065 4824 clr_optimization_v4.0.30319_64 - ok 23:06:02.0065 4824 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 23:06:02.0065 4824 CmBatt - ok 23:06:02.0080 4824 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:06:02.0080 4824 cmdide - ok 23:06:02.0080 4824 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 23:06:02.0096 4824 CNG - ok 23:06:02.0096 4824 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 23:06:02.0111 4824 Compbatt - ok 23:06:02.0111 4824 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 23:06:02.0111 4824 CompositeBus - ok 23:06:02.0127 4824 COMSysApp - ok 23:06:02.0127 4824 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 23:06:02.0127 4824 cphs - ok 23:06:02.0127 4824 cpuz135 - ok 23:06:02.0143 4824 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 23:06:02.0143 4824 crcdisk - ok 23:06:02.0143 4824 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:06:02.0158 4824 CryptSvc - ok 23:06:02.0158 4824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 23:06:02.0189 4824 DcomLaunch - ok 23:06:02.0189 4824 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 23:06:02.0205 4824 defragsvc - ok 23:06:02.0221 4824 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:06:02.0236 4824 DfsC - ok 23:06:02.0236 4824 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 23:06:02.0252 4824 Dhcp - ok 23:06:02.0252 4824 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 23:06:02.0267 4824 discache - ok 23:06:02.0283 4824 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 23:06:02.0283 4824 Disk - ok 23:06:02.0283 4824 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:06:02.0299 4824 Dnscache - ok 23:06:02.0299 4824 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 23:06:02.0314 4824 dot3svc - ok 23:06:02.0330 4824 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 23:06:02.0345 4824 DPS - ok 23:06:02.0345 4824 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:06:02.0345 4824 drmkaud - ok 23:06:02.0361 4824 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:06:02.0377 4824 DXGKrnl - ok 23:06:02.0392 4824 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 23:06:02.0408 4824 EapHost - ok 23:06:02.0439 4824 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 23:06:02.0455 4824 ebdrv - ok 23:06:02.0470 4824 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 23:06:02.0470 4824 EFS - ok 23:06:02.0470 4824 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:06:02.0486 4824 ehRecvr - ok 23:06:02.0486 4824 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 23:06:02.0501 4824 ehSched - ok 23:06:02.0501 4824 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 23:06:02.0517 4824 elxstor - ok 23:06:02.0517 4824 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:06:02.0517 4824 ErrDev - ok 23:06:02.0533 4824 [ D182C5A0D436C8FD8C08A5424A3448FA ] EtronHub3 C:\Windows\System32\Drivers\EtronHub3.sys 23:06:02.0533 4824 EtronHub3 - ok 23:06:02.0533 4824 [ CAD747ACEB8E693B3D92613655602219 ] EtronXHCI C:\Windows\System32\Drivers\EtronXHCI.sys 23:06:02.0533 4824 EtronXHCI - ok 23:06:02.0548 4824 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 23:06:02.0564 4824 EventSystem - ok 23:06:02.0579 4824 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 23:06:02.0595 4824 exfat - ok 23:06:02.0595 4824 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:06:02.0626 4824 fastfat - ok 23:06:02.0626 4824 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 23:06:02.0642 4824 Fax - ok 23:06:02.0642 4824 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 23:06:02.0642 4824 fdc - ok 23:06:02.0642 4824 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 23:06:02.0673 4824 fdPHost - ok 23:06:02.0673 4824 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 23:06:02.0689 4824 FDResPub - ok 23:06:02.0689 4824 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:06:02.0704 4824 FileInfo - ok 23:06:02.0704 4824 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:06:02.0720 4824 Filetrace - ok 23:06:02.0720 4824 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 23:06:02.0735 4824 flpydisk - ok 23:06:02.0735 4824 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:06:02.0751 4824 FltMgr - ok 23:06:02.0767 4824 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 23:06:02.0782 4824 FontCache - ok 23:06:02.0782 4824 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:06:02.0782 4824 FontCache3.0.0.0 - ok 23:06:02.0782 4824 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:06:02.0798 4824 FsDepends - ok 23:06:02.0798 4824 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 23:06:02.0798 4824 fssfltr - ok 23:06:02.0813 4824 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 23:06:02.0829 4824 fsssvc - ok 23:06:02.0829 4824 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:06:02.0845 4824 Fs_Rec - ok 23:06:02.0845 4824 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:06:02.0860 4824 fvevol - ok 23:06:02.0860 4824 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 23:06:02.0860 4824 gagp30kx - ok 23:06:02.0860 4824 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:06:02.0876 4824 GEARAspiWDM - ok 23:06:02.0876 4824 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 23:06:02.0907 4824 gpsvc - ok 23:06:02.0907 4824 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 23:06:02.0907 4824 hamachi - ok 23:06:02.0923 4824 Hamachi2Svc - ok 23:06:02.0923 4824 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:06:02.0923 4824 hcw85cir - ok 23:06:02.0923 4824 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:06:02.0938 4824 HdAudAddService - ok 23:06:02.0938 4824 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 23:06:02.0954 4824 HDAudBus - ok 23:06:02.0954 4824 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 23:06:02.0954 4824 HidBatt - ok 23:06:02.0954 4824 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 23:06:02.0969 4824 HidBth - ok 23:06:02.0969 4824 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 23:06:02.0985 4824 HidIr - ok 23:06:02.0985 4824 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 23:06:03.0001 4824 hidserv - ok 23:06:03.0001 4824 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:06:03.0016 4824 HidUsb - ok 23:06:03.0016 4824 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:06:03.0032 4824 hkmsvc - ok 23:06:03.0047 4824 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:06:03.0047 4824 HomeGroupListener - ok 23:06:03.0047 4824 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:06:03.0063 4824 HomeGroupProvider - ok 23:06:03.0063 4824 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:06:03.0063 4824 HpSAMD - ok 23:06:03.0079 4824 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:06:03.0110 4824 HTTP - ok 23:06:03.0110 4824 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:06:03.0110 4824 hwpolicy - ok 23:06:03.0110 4824 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 23:06:03.0125 4824 i8042prt - ok 23:06:03.0125 4824 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys 23:06:03.0141 4824 iaStor - ok 23:06:03.0141 4824 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 23:06:03.0141 4824 IAStorDataMgrSvc - ok 23:06:03.0157 4824 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:06:03.0157 4824 iaStorV - ok 23:06:03.0172 4824 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 23:06:03.0172 4824 IDriverT ( UnsignedFile.Multi.Generic ) - warning 23:06:03.0172 4824 IDriverT - detected UnsignedFile.Multi.Generic (1) 23:06:03.0172 4824 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:06:03.0188 4824 idsvc - ok 23:06:03.0406 4824 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 23:06:03.0515 4824 igfx - ok 23:06:03.0515 4824 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 23:06:03.0531 4824 iirsp - ok 23:06:03.0531 4824 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 23:06:03.0562 4824 IKEEXT - ok 23:06:03.0593 4824 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 23:06:03.0625 4824 IntcAzAudAddService - ok 23:06:03.0640 4824 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 23:06:03.0640 4824 IntcDAud - ok 23:06:03.0640 4824 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 23:06:03.0656 4824 intelide - ok 23:06:03.0656 4824 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 23:06:03.0656 4824 intelppm - ok 23:06:03.0656 4824 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:06:03.0687 4824 IPBusEnum - ok 23:06:03.0687 4824 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:06:03.0703 4824 IpFilterDriver - ok 23:06:03.0718 4824 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:06:03.0718 4824 iphlpsvc - ok 23:06:03.0734 4824 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:06:03.0734 4824 IPMIDRV - ok 23:06:03.0734 4824 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:06:03.0749 4824 IPNAT - ok 23:06:03.0765 4824 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:06:03.0781 4824 iPod Service - ok 23:06:03.0781 4824 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:06:03.0796 4824 IRENUM - ok 23:06:03.0796 4824 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:06:03.0796 4824 isapnp - ok 23:06:03.0796 4824 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:06:03.0812 4824 iScsiPrt - ok 23:06:03.0812 4824 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:06:03.0812 4824 kbdclass - ok 23:06:03.0827 4824 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:06:03.0827 4824 kbdhid - ok 23:06:03.0827 4824 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 23:06:03.0827 4824 KeyIso - ok 23:06:03.0843 4824 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:06:03.0843 4824 KSecDD - ok 23:06:03.0843 4824 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:06:03.0859 4824 KSecPkg - ok 23:06:03.0859 4824 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 23:06:03.0874 4824 ksthunk - ok 23:06:03.0890 4824 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 23:06:03.0905 4824 KtmRm - ok 23:06:03.0921 4824 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 23:06:03.0937 4824 LanmanServer - ok 23:06:03.0937 4824 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:06:03.0952 4824 LanmanWorkstation - ok 23:06:03.0968 4824 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:06:03.0983 4824 lltdio - ok 23:06:03.0983 4824 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:06:04.0015 4824 lltdsvc - ok 23:06:04.0015 4824 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:06:04.0030 4824 lmhosts - ok 23:06:04.0030 4824 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 23:06:04.0046 4824 LSI_FC - ok 23:06:04.0046 4824 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 23:06:04.0046 4824 LSI_SAS - ok 23:06:04.0061 4824 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 23:06:04.0061 4824 LSI_SAS2 - ok 23:06:04.0061 4824 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 23:06:04.0077 4824 LSI_SCSI - ok 23:06:04.0077 4824 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 23:06:04.0093 4824 luafv - ok 23:06:04.0093 4824 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:06:04.0108 4824 Mcx2Svc - ok 23:06:04.0108 4824 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 23:06:04.0108 4824 megasas - ok 23:06:04.0124 4824 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 23:06:04.0124 4824 MegaSR - ok 23:06:04.0124 4824 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys 23:06:04.0139 4824 MEIx64 - ok 23:06:04.0139 4824 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 23:06:04.0155 4824 MMCSS - ok 23:06:04.0155 4824 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 23:06:04.0186 4824 Modem - ok 23:06:04.0186 4824 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:06:04.0186 4824 monitor - ok 23:06:04.0186 4824 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:06:04.0202 4824 mouclass - ok 23:06:04.0202 4824 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:06:04.0202 4824 mouhid - ok 23:06:04.0202 4824 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:06:04.0217 4824 mountmgr - ok 23:06:04.0217 4824 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:06:04.0217 4824 MozillaMaintenance - ok 23:06:04.0233 4824 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 23:06:04.0233 4824 mpio - ok 23:06:04.0233 4824 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:06:04.0249 4824 mpsdrv - ok 23:06:04.0264 4824 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:06:04.0295 4824 MpsSvc - ok 23:06:04.0295 4824 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:06:04.0311 4824 MRxDAV - ok 23:06:04.0311 4824 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:06:04.0311 4824 mrxsmb - ok 23:06:04.0327 4824 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:06:04.0327 4824 mrxsmb10 - ok 23:06:04.0327 4824 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:06:04.0342 4824 mrxsmb20 - ok 23:06:04.0342 4824 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 23:06:04.0342 4824 msahci - ok 23:06:04.0342 4824 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe 23:06:04.0358 4824 MSCamSvc - ok 23:06:04.0358 4824 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:06:04.0358 4824 msdsm - ok 23:06:04.0373 4824 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 23:06:04.0373 4824 MSDTC - ok 23:06:04.0373 4824 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:06:04.0405 4824 Msfs - ok 23:06:04.0405 4824 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:06:04.0420 4824 mshidkmdf - ok 23:06:04.0420 4824 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:06:04.0436 4824 msisadrv - ok 23:06:04.0436 4824 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:06:04.0451 4824 MSiSCSI - ok 23:06:04.0451 4824 msiserver - ok 23:06:04.0451 4824 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:06:04.0483 4824 MSKSSRV - ok 23:06:04.0483 4824 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:06:04.0498 4824 MSPCLOCK - ok 23:06:04.0498 4824 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:06:04.0514 4824 MSPQM - ok 23:06:04.0529 4824 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:06:04.0529 4824 MsRPC - ok 23:06:04.0545 4824 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 23:06:04.0545 4824 mssmbios - ok 23:06:04.0545 4824 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:06:04.0561 4824 MSTEE - ok 23:06:04.0576 4824 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 23:06:04.0576 4824 MTConfig - ok 23:06:04.0576 4824 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 23:06:04.0592 4824 Mup - ok 23:06:04.0592 4824 [ A906B08944EF1BEC17AE306E9FDB35D0 ] mv2 C:\Windows\system32\DRIVERS\mv2.sys 23:06:04.0592 4824 mv2 - ok 23:06:04.0592 4824 [ A986DC81534582FA478C286E8F57A877 ] mvs91xx C:\Windows\system32\drivers\mvs91xx.sys 23:06:04.0607 4824 mvs91xx - ok 23:06:04.0607 4824 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 23:06:04.0639 4824 napagent - ok 23:06:04.0639 4824 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:06:04.0654 4824 NativeWifiP - ok 23:06:04.0670 4824 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:06:04.0685 4824 NDIS - ok 23:06:04.0685 4824 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:06:04.0701 4824 NdisCap - ok 23:06:04.0701 4824 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:06:04.0717 4824 NdisTapi - ok 23:06:04.0732 4824 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:06:04.0748 4824 Ndisuio - ok 23:06:04.0748 4824 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:06:04.0763 4824 NdisWan - ok 23:06:04.0779 4824 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:06:04.0795 4824 NDProxy - ok 23:06:04.0795 4824 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys 23:06:04.0795 4824 Netaapl - ok 23:06:04.0795 4824 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:06:04.0826 4824 NetBIOS - ok 23:06:04.0826 4824 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:06:04.0857 4824 NetBT - ok 23:06:04.0857 4824 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 23:06:04.0857 4824 Netlogon - ok 23:06:04.0857 4824 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 23:06:04.0888 4824 Netman - ok 23:06:04.0888 4824 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 23:06:04.0919 4824 netprofm - ok 23:06:04.0919 4824 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:06:04.0919 4824 NetTcpPortSharing - ok 23:06:04.0935 4824 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 23:06:04.0935 4824 nfrd960 - ok 23:06:04.0935 4824 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 23:06:04.0951 4824 NlaSvc - ok 23:06:04.0951 4824 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 23:06:04.0951 4824 NMSAccessU - ok 23:06:04.0966 4824 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:06:04.0982 4824 Npfs - ok 23:06:04.0982 4824 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 23:06:04.0997 4824 nsi - ok 23:06:04.0997 4824 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:06:05.0029 4824 nsiproxy - ok 23:06:05.0060 4824 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:06:05.0075 4824 Ntfs - ok 23:06:05.0075 4824 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 23:06:05.0091 4824 Null - ok 23:06:05.0107 4824 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 23:06:05.0107 4824 NVHDA - ok 23:06:05.0231 4824 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:06:05.0372 4824 nvlddmkm - ok 23:06:05.0372 4824 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:06:05.0372 4824 nvraid - ok 23:06:05.0387 4824 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:06:05.0387 4824 nvstor - ok 23:06:05.0387 4824 [ 4DC87CDA61D7B185E79618581F46B85A ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys 23:06:05.0403 4824 NvStUSB - ok 23:06:05.0419 4824 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 23:06:05.0434 4824 nvsvc - ok 23:06:05.0434 4824 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 23:06:05.0450 4824 nvUpdatusService - ok 23:06:05.0465 4824 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:06:05.0465 4824 nv_agp - ok 23:06:05.0465 4824 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:06:05.0481 4824 ohci1394 - ok 23:06:05.0481 4824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:06:05.0481 4824 p2pimsvc - ok 23:06:05.0497 4824 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 23:06:05.0497 4824 p2psvc - ok 23:06:05.0497 4824 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 23:06:05.0512 4824 Parport - ok 23:06:05.0512 4824 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:06:05.0528 4824 partmgr - ok 23:06:05.0528 4824 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:06:05.0528 4824 PcaSvc - ok 23:06:05.0543 4824 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 23:06:05.0543 4824 pci - ok 23:06:05.0543 4824 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 23:06:05.0559 4824 pciide - ok 23:06:05.0559 4824 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 23:06:05.0559 4824 pcmcia - ok 23:06:05.0575 4824 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 23:06:05.0575 4824 pcw - ok 23:06:05.0590 4824 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:06:05.0606 4824 PEAUTH - ok 23:06:05.0621 4824 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 23:06:05.0637 4824 PerfHost - ok 23:06:05.0653 4824 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 23:06:05.0684 4824 pla - ok 23:06:05.0684 4824 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:06:05.0699 4824 PlugPlay - ok 23:06:05.0699 4824 PnkBstrA - ok 23:06:05.0699 4824 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:06:05.0699 4824 PNRPAutoReg - ok 23:06:05.0715 4824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:06:05.0715 4824 PNRPsvc - ok 23:06:05.0731 4824 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:06:05.0746 4824 PolicyAgent - ok 23:06:05.0762 4824 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 23:06:05.0777 4824 Power - ok 23:06:05.0777 4824 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:06:05.0809 4824 PptpMiniport - ok 23:06:05.0809 4824 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 23:06:05.0809 4824 Processor - ok 23:06:05.0809 4824 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 23:06:05.0824 4824 ProfSvc - ok 23:06:05.0824 4824 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:06:05.0824 4824 ProtectedStorage - ok 23:06:05.0840 4824 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:06:05.0855 4824 Psched - ok 23:06:05.0871 4824 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 23:06:05.0887 4824 ql2300 - ok 23:06:05.0887 4824 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 23:06:05.0902 4824 ql40xx - ok 23:06:05.0902 4824 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 23:06:05.0918 4824 QWAVE - ok 23:06:05.0918 4824 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:06:05.0918 4824 QWAVEdrv - ok 23:06:05.0933 4824 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:06:05.0949 4824 RasAcd - ok 23:06:05.0949 4824 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:06:05.0965 4824 RasAgileVpn - ok 23:06:05.0965 4824 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 23:06:05.0996 4824 RasAuto - ok 23:06:05.0996 4824 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:06:06.0011 4824 Rasl2tp - ok 23:06:06.0027 4824 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 23:06:06.0043 4824 RasMan - ok 23:06:06.0043 4824 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:06:06.0074 4824 RasPppoe - ok 23:06:06.0074 4824 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:06:06.0089 4824 RasSstp - ok 23:06:06.0089 4824 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:06:06.0121 4824 rdbss - ok 23:06:06.0121 4824 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 23:06:06.0121 4824 rdpbus - ok 23:06:06.0136 4824 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:06:06.0152 4824 RDPCDD - ok 23:06:06.0152 4824 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:06:06.0167 4824 RDPENCDD - ok 23:06:06.0183 4824 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:06:06.0199 4824 RDPREFMP - ok 23:06:06.0199 4824 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:06:06.0214 4824 RDPWD - ok 23:06:06.0214 4824 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:06:06.0230 4824 rdyboost - ok 23:06:06.0230 4824 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:06:06.0245 4824 RemoteAccess - ok 23:06:06.0245 4824 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:06:06.0277 4824 RemoteRegistry - ok 23:06:06.0277 4824 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:06:06.0292 4824 RpcEptMapper - ok 23:06:06.0292 4824 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 23:06:06.0308 4824 RpcLocator - ok 23:06:06.0308 4824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 23:06:06.0339 4824 RpcSs - ok 23:06:06.0339 4824 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:06:06.0355 4824 rspndr - ok 23:06:06.0355 4824 [ 4B60EF388071E0BAF299496E3D6590AE ] RTCore64 D:\Software\MSI Afterburner\RTCore64.sys 23:06:06.0370 4824 RTCore64 - ok 23:06:06.0370 4824 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 23:06:06.0386 4824 RTL8167 - ok 23:06:06.0386 4824 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 23:06:06.0386 4824 SamSs - ok 23:06:06.0401 4824 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:06:06.0401 4824 sbp2port - ok 23:06:06.0401 4824 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:06:06.0433 4824 SCardSvr - ok 23:06:06.0433 4824 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:06:06.0448 4824 scfilter - ok 23:06:06.0464 4824 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 23:06:06.0495 4824 Schedule - ok 23:06:06.0495 4824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:06:06.0511 4824 SCPolicySvc - ok 23:06:06.0511 4824 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:06:06.0526 4824 SDRSVC - ok 23:06:06.0526 4824 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:06:06.0542 4824 secdrv - ok 23:06:06.0557 4824 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 23:06:06.0573 4824 seclogon - ok 23:06:06.0573 4824 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 23:06:06.0589 4824 SENS - ok 23:06:06.0604 4824 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:06:06.0604 4824 SensrSvc - ok 23:06:06.0604 4824 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 23:06:06.0604 4824 Serenum - ok 23:06:06.0620 4824 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 23:06:06.0620 4824 Serial - ok 23:06:06.0620 4824 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 23:06:06.0635 4824 sermouse - ok 23:06:06.0635 4824 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 23:06:06.0651 4824 SessionEnv - ok 23:06:06.0651 4824 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:06:06.0667 4824 sffdisk - ok 23:06:06.0667 4824 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:06:06.0667 4824 sffp_mmc - ok 23:06:06.0682 4824 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:06:06.0682 4824 sffp_sd - ok 23:06:06.0682 4824 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 23:06:06.0698 4824 sfloppy - ok 23:06:06.0698 4824 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:06:06.0713 4824 SharedAccess - ok 23:06:06.0729 4824 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:06:06.0745 4824 ShellHWDetection - ok 23:06:06.0745 4824 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 23:06:06.0760 4824 SiSRaid2 - ok 23:06:06.0760 4824 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 23:06:06.0760 4824 SiSRaid4 - ok 23:06:06.0776 4824 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 23:06:06.0776 4824 SkypeUpdate - ok 23:06:06.0776 4824 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:06:06.0791 4824 Smb - ok 23:06:06.0807 4824 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:06:06.0807 4824 SNMPTRAP - ok 23:06:06.0807 4824 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 23:06:06.0823 4824 spldr - ok 23:06:06.0823 4824 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 23:06:06.0838 4824 Spooler - ok 23:06:06.0885 4824 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 23:06:06.0932 4824 sppsvc - ok 23:06:06.0932 4824 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:06:06.0947 4824 sppuinotify - ok 23:06:06.0963 4824 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 23:06:06.0963 4824 srv - ok 23:06:06.0979 4824 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:06:06.0979 4824 srv2 - ok 23:06:06.0994 4824 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:06:06.0994 4824 srvnet - ok 23:06:06.0994 4824 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:06:07.0025 4824 SSDPSRV - ok 23:06:07.0025 4824 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:06:07.0041 4824 SstpSvc - ok 23:06:07.0041 4824 Steam Client Service - ok 23:06:07.0057 4824 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 23:06:07.0072 4824 Stereo Service - ok 23:06:07.0072 4824 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 23:06:07.0072 4824 stexstor - ok 23:06:07.0088 4824 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 23:06:07.0103 4824 stisvc - ok 23:06:07.0103 4824 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 23:06:07.0103 4824 swenum - ok 23:06:07.0119 4824 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 23:06:07.0135 4824 swprv - ok 23:06:07.0166 4824 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 23:06:07.0181 4824 SysMain - ok 23:06:07.0181 4824 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:06:07.0197 4824 TabletInputService - ok 23:06:07.0197 4824 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 23:06:07.0228 4824 TapiSrv - ok 23:06:07.0228 4824 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 23:06:07.0244 4824 TBS - ok 23:06:07.0259 4824 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:06:07.0291 4824 Tcpip - ok 23:06:07.0306 4824 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:06:07.0322 4824 TCPIP6 - ok 23:06:07.0337 4824 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:06:07.0337 4824 tcpipreg - ok 23:06:07.0337 4824 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:06:07.0353 4824 TDPIPE - ok 23:06:07.0353 4824 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:06:07.0353 4824 TDTCP - ok 23:06:07.0353 4824 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:06:07.0384 4824 tdx - ok 23:06:07.0384 4824 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 23:06:07.0384 4824 TermDD - ok 23:06:07.0400 4824 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 23:06:07.0415 4824 TermService - ok 23:06:07.0415 4824 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 23:06:07.0431 4824 Themes - ok 23:06:07.0431 4824 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 23:06:07.0447 4824 THREADORDER - ok 23:06:07.0462 4824 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 23:06:07.0478 4824 TrkWks - ok 23:06:07.0478 4824 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:06:07.0509 4824 TrustedInstaller - ok 23:06:07.0509 4824 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:06:07.0525 4824 tssecsrv - ok 23:06:07.0525 4824 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:06:07.0540 4824 TsUsbFlt - ok 23:06:07.0540 4824 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 23:06:07.0540 4824 TsUsbGD - ok 23:06:07.0540 4824 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:06:07.0571 4824 tunnel - ok 23:06:07.0571 4824 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 23:06:07.0571 4824 uagp35 - ok 23:06:07.0571 4824 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:06:07.0603 4824 udfs - ok 23:06:07.0603 4824 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:06:07.0603 4824 UI0Detect - ok 23:06:07.0618 4824 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:06:07.0618 4824 uliagpkx - ok 23:06:07.0618 4824 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 23:06:07.0634 4824 umbus - ok 23:06:07.0634 4824 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 23:06:07.0634 4824 UmPass - ok 23:06:07.0634 4824 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 23:06:07.0665 4824 upnphost - ok 23:06:07.0665 4824 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 23:06:07.0665 4824 USBAAPL64 - ok 23:06:07.0681 4824 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 23:06:07.0681 4824 usbaudio - ok 23:06:07.0681 4824 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:06:07.0696 4824 usbccgp - ok 23:06:07.0696 4824 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:06:07.0696 4824 usbcir - ok 23:06:07.0696 4824 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 23:06:07.0712 4824 usbehci - ok 23:06:07.0712 4824 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 23:06:07.0727 4824 usbhub - ok 23:06:07.0727 4824 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 23:06:07.0727 4824 usbohci - ok 23:06:07.0727 4824 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 23:06:07.0743 4824 usbprint - ok 23:06:07.0743 4824 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:06:07.0759 4824 USBSTOR - ok 23:06:07.0759 4824 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 23:06:07.0759 4824 usbuhci - ok 23:06:07.0759 4824 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 23:06:07.0790 4824 UxSms - ok 23:06:07.0790 4824 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 23:06:07.0790 4824 VaultSvc - ok 23:06:07.0790 4824 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:06:07.0805 4824 vdrvroot - ok 23:06:07.0805 4824 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 23:06:07.0821 4824 vds - ok 23:06:07.0837 4824 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:06:07.0837 4824 vga - ok 23:06:07.0837 4824 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 23:06:07.0868 4824 VgaSave - ok 23:06:07.0868 4824 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:06:07.0868 4824 vhdmp - ok 23:06:07.0868 4824 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 23:06:07.0883 4824 viaide - ok 23:06:07.0883 4824 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:06:07.0883 4824 volmgr - ok 23:06:07.0899 4824 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:06:07.0899 4824 volmgrx - ok 23:06:07.0915 4824 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:06:07.0915 4824 volsnap - ok 23:06:07.0915 4824 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 23:06:07.0930 4824 vsmraid - ok 23:06:07.0946 4824 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 23:06:07.0977 4824 VSS - ok 23:06:07.0977 4824 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 23:06:07.0993 4824 vwifibus - ok 23:06:08.0008 4824 [ C366AE91D2CC2C1C25380061D235C36B ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys 23:06:08.0024 4824 VX3000 - ok 23:06:08.0024 4824 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 23:06:08.0055 4824 W32Time - ok 23:06:08.0055 4824 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 23:06:08.0071 4824 WacomPen - ok 23:06:08.0071 4824 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:06:08.0086 4824 WANARP - ok 23:06:08.0086 4824 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:06:08.0102 4824 Wanarpv6 - ok 23:06:08.0117 4824 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 23:06:08.0133 4824 wbengine - ok 23:06:08.0149 4824 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:06:08.0149 4824 WbioSrvc - ok 23:06:08.0164 4824 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:06:08.0164 4824 wcncsvc - ok 23:06:08.0180 4824 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:06:08.0180 4824 WcsPlugInService - ok 23:06:08.0180 4824 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 23:06:08.0195 4824 Wd - ok 23:06:08.0195 4824 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:06:08.0211 4824 Wdf01000 - ok 23:06:08.0211 4824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:06:08.0227 4824 WdiServiceHost - ok 23:06:08.0227 4824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:06:08.0242 4824 WdiSystemHost - ok 23:06:08.0242 4824 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 23:06:08.0258 4824 WebClient - ok 23:06:08.0258 4824 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:06:08.0273 4824 Wecsvc - ok 23:06:08.0289 4824 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:06:08.0305 4824 wercplsupport - ok 23:06:08.0305 4824 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 23:06:08.0336 4824 WerSvc - ok 23:06:08.0336 4824 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:06:08.0351 4824 WfpLwf - ok 23:06:08.0351 4824 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:06:08.0367 4824 WIMMount - ok 23:06:08.0367 4824 WinDefend - ok 23:06:08.0367 4824 WinHttpAutoProxySvc - ok 23:06:08.0367 4824 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:06:08.0398 4824 Winmgmt - ok 23:06:08.0414 4824 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 23:06:08.0461 4824 WinRM - ok 23:06:08.0461 4824 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:06:08.0461 4824 WinUsb - ok 23:06:08.0476 4824 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 23:06:08.0492 4824 Wlansvc - ok 23:06:08.0492 4824 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 23:06:08.0507 4824 wlcrasvc - ok 23:06:08.0539 4824 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:06:08.0554 4824 wlidsvc - ok 23:06:08.0570 4824 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:06:08.0570 4824 WmiAcpi - ok 23:06:08.0570 4824 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:06:08.0585 4824 wmiApSrv - ok 23:06:08.0585 4824 WMPNetworkSvc - ok 23:06:08.0585 4824 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:06:08.0585 4824 WPCSvc - ok 23:06:08.0601 4824 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:06:08.0601 4824 WPDBusEnum - ok 23:06:08.0601 4824 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:06:08.0632 4824 ws2ifsl - ok 23:06:08.0632 4824 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 23:06:08.0648 4824 wscsvc - ok 23:06:08.0648 4824 WSearch - ok 23:06:08.0679 4824 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 23:06:08.0710 4824 wuauserv - ok 23:06:08.0710 4824 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:06:08.0710 4824 WudfPf - ok 23:06:08.0726 4824 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:06:08.0726 4824 WUDFRd - ok 23:06:08.0726 4824 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:06:08.0741 4824 wudfsvc - ok 23:06:08.0741 4824 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 23:06:08.0757 4824 WwanSvc - ok 23:06:08.0757 4824 ================ Scan global =============================== 23:06:08.0757 4824 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 23:06:08.0757 4824 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 23:06:08.0757 4824 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 23:06:08.0773 4824 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 23:06:08.0773 4824 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 23:06:08.0773 4824 [Global] - ok 23:06:08.0773 4824 ================ Scan MBR ================================== 23:06:08.0773 4824 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 23:06:08.0866 4824 \Device\Harddisk0\DR0 - ok 23:06:08.0866 4824 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 23:06:08.0897 4824 \Device\Harddisk1\DR1 - ok 23:06:08.0897 4824 ================ Scan VBR ================================== 23:06:08.0897 4824 [ 6B5142EA70EF74DC0067C2084D5F6CEB ] \Device\Harddisk0\DR0\Partition1 23:06:08.0897 4824 \Device\Harddisk0\DR0\Partition1 - ok 23:06:08.0897 4824 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1 23:06:08.0897 4824 \Device\Harddisk1\DR1\Partition1 - ok 23:06:08.0913 4824 [ F447C30D75A499CCE4F2CA6DDF5D42D9 ] \Device\Harddisk1\DR1\Partition2 23:06:08.0913 4824 \Device\Harddisk1\DR1\Partition2 - ok 23:06:08.0913 4824 [ 00E36292DA080D10A9DC89246D713132 ] \Device\Harddisk1\DR1\Partition3 23:06:08.0913 4824 \Device\Harddisk1\DR1\Partition3 - ok 23:06:08.0913 4824 ============================================================ 23:06:08.0913 4824 Scan finished 23:06:08.0913 4824 ============================================================ 23:06:08.0913 0836 Detected object count: 1 23:06:08.0913 0836 Actual detected object count: 1 23:07:10.0642 0836 C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe - copied to quarantine 23:07:10.0642 0836 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine |
|
19.02.2013, 23:29
| #14 |
| /// Malware-holic | Zeus Trojaner und andere Maleware Update alle Treiber, dann sollte es gehen. und das nächste mal genau drauf achten was du tust, schreib das ja nicht umsonst! Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.02.2013, 15:46
| #15 |
| | Zeus Trojaner und andere Maleware Avira erlaubt es mir nicht den prozess zu beenden! Reicht es auch wenn ich nur den browser schutz und den echtzeit scanner deaktiviere? |
|
| Themen zu Zeus Trojaner und andere Maleware |
| adware, anbieter, andere, anhang, antivir, aufgetaucht, befindet, bieter, brief, frage, gen, gespeichert, gesuch, infiziert, interne, log, maleware, malewarebytes, programm, quarantäne, rechner, seite, trojaner, viren, virus, was tun, woche, wochen, zeus/zbot |
WARNUNG an die MITLESER: 
Linear-Darstellung
