Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.05.2013, 21:48   #1
chaoshelge
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Hallo Zusammen,

zuallererst vielen Dank, dass es solch Forummöglichkeiten für Noobs wie mich gibt....

NACHDEM ich am 09.05 einen Routinescan mit Avira gemacht habe und diser Scan den TR/Dropper.Gen (Pic2) erkannt hat (Quarantäne->Pic1) bleibt mein Rechner nun immer im Firefox hängen und macht keinen Laut mehr, reagiert auch auf nichts mehr.

Wie den Bilder zu entnehmen, habe ich seit Dez 2012 auch den TR/Crypt.EPACK.Gen2 (Pic3) in Quarantäne.

Über anleitende rettende Hilfe wäre ich sehr dankbar. Bin gerade frustriert, da ich bei diesem neuen Setup nun endlich dachte ich mach es richtig mit regelmässigen (tägl.) Updates und Scans....

Im folgenden die Logfiles.

Btw, wann re-enable ich die defogger-Geschichte?

Danke und Gruss
Helge

Code:
ATTFilter
OTL logfile created on: 10/05/2013 21:07:16 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\AJ\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.37% Memory free
6.00 Gb Paging File | 5.08 Gb Available in Paging File | 84.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88.62 Gb Total Space | 58.12 Gb Free Space | 65.58% Space Free | Partition Type: NTFS
 
Computer Name: TRASHER | User Name: AJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/10 20:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AJ\Desktop\OTL.exe
PRC - [2013/04/08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2013/04/08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/03/27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/11/22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/10/04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/11 18:49:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/14 19:37:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/14 19:37:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/14 19:37:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/21 01:59:32 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013/04/24 09:59:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/15 00:09:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013/04/08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/05/14 19:37:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/14 19:37:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/28 00:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012/12/13 11:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2012/11/22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/05/14 19:37:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/14 19:37:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/01/09 19:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/09 19:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012/01/09 19:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/12/15 16:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/14 19:25:10 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/12/01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/27 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=a0cd22d70000000000000016cfe134ab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 CE DF 72 2D D9 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=a0cd22d70000000000000016cfe134ab
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:6.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/04/09 21:48:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013/05/06 18:29:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/15 00:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/24 15:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/15 00:09:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/02/28 19:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\Extensions
[2013/05/08 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\Firefox\Profiles\4al20v81.default\extensions
[2013/04/30 17:07:40 | 000,052,496 | ---- | M] () (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\firefox\profiles\4al20v81.default\extensions\googledictionary@toptip.ca.xpi
[2013/04/24 20:20:39 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\firefox\profiles\4al20v81.default\extensions\quickdrag@mozilla.ktechcomputing.com.xpi
[2013/05/08 18:57:45 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\AJ\AppData\Roaming\mozilla\firefox\profiles\4al20v81.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/28 19:14:01 | 000,001,294 | ---- | M] () -- C:\Users\AJ\AppData\Roaming\mozilla\firefox\profiles\4al20v81.default\searchplugins\delta.xml
[2013/04/15 00:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/15 00:09:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/15 00:09:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/02/28 19:13:23 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013/04/15 00:09:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/15 00:09:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/15 00:09:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/15 00:09:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/15 00:09:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED59C9B6-8E58-4863-8DE1-1932F54CED2F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/10 20:40:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\AJ\Desktop\OTL.exe
[2013/05/10 20:32:29 | 000,000,000 | ---D | C] -- C:\Users\AJ\Tools
[2013/05/06 18:30:04 | 000,000,000 | ---D | C] -- C:\Users\AJ\Documents\PDF Architect Files
[2013/05/06 18:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013/05/06 18:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect
[2013/05/06 18:29:20 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Roaming\pdfforge
[2013/05/06 18:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/05/06 18:29:15 | 000,095,416 | ---- | C] (pdfforge GmbH) -- C:\Windows\System32\pdfcmon.dll
[2013/05/06 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/05/06 18:26:53 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Local\Programs
[2013/05/03 19:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/24 15:27:28 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Roaming\Thunderbird
[2013/04/24 15:27:28 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Local\Thunderbird
[2013/04/24 15:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/04/24 14:27:30 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Local\PokerStars.EU
[2013/04/24 14:27:29 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2013/04/24 14:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU
[2013/04/24 14:02:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/24 13:24:47 | 000,000,000 | ---D | C] -- C:\Users\AJ\AppData\Roaming\vlc
[2013/04/24 13:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/24 13:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/04/24 10:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/15 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/10 21:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
[2013/04/10 21:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\FreeAlarmClock
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/10 21:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/10 21:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/10 21:05:47 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/10 20:54:38 | 000,377,856 | ---- | M] () -- C:\Users\AJ\Desktop\gmer_2.1.19163.exe
[2013/05/10 20:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AJ\Desktop\OTL.exe
[2013/05/10 20:39:00 | 000,000,000 | ---- | M] () -- C:\Users\AJ\defogger_reenable
[2013/05/10 20:24:13 | 000,022,441 | ---- | M] () -- C:\Users\AJ\Desktop\pic3.PNG
[2013/05/10 20:23:34 | 000,066,739 | ---- | M] () -- C:\Users\AJ\Desktop\pic1.PNG
[2013/05/10 20:23:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/10 20:23:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/10 20:22:43 | 000,023,893 | ---- | M] () -- C:\Users\AJ\Desktop\pic2.PNG
[2013/05/06 18:23:09 | 000,645,988 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/06 18:23:09 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/06 18:23:09 | 000,130,152 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/06 18:23:09 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/27 17:24:36 | 000,018,440 | ---- | M] () -- C:\Users\AJ\Documents\Trinkrezepte.odt
[2013/04/24 14:45:42 | 000,001,507 | ---- | M] () -- C:\Users\AJ\Desktop\Home.lnk
[2013/04/24 14:45:14 | 000,000,174 | ---- | M] () -- C:\Users\AJ\Desktop\Brücke.lnk
[2013/04/24 11:17:28 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/05/10 20:54:36 | 000,377,856 | ---- | C] () -- C:\Users\AJ\Desktop\gmer_2.1.19163.exe
[2013/05/10 20:39:00 | 000,000,000 | ---- | C] () -- C:\Users\AJ\defogger_reenable
[2013/05/10 20:24:13 | 000,022,441 | ---- | C] () -- C:\Users\AJ\Desktop\pic3.PNG
[2013/05/10 20:23:33 | 000,066,739 | ---- | C] () -- C:\Users\AJ\Desktop\pic1.PNG
[2013/05/10 20:22:43 | 000,023,893 | ---- | C] () -- C:\Users\AJ\Desktop\pic2.PNG
[2013/04/27 17:24:34 | 000,018,440 | ---- | C] () -- C:\Users\AJ\Documents\Trinkrezepte.odt
[2013/04/24 15:27:24 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013/04/24 14:41:47 | 000,001,507 | ---- | C] () -- C:\Users\AJ\Desktop\Home.lnk
[2013/04/24 14:39:23 | 000,000,174 | ---- | C] () -- C:\Users\AJ\Desktop\Brücke.lnk
[2012/01/23 19:14:26 | 000,645,988 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/01/23 19:14:26 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/01/23 19:14:26 | 000,130,152 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/01/23 19:14:26 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/01/23 19:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/22 21:26:52 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/22 21:25:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/02/28 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\AJ\AppData\Roaming\Babylon
[2012/12/11 20:07:19 | 000,000,000 | ---D | M] -- C:\Users\AJ\AppData\Roaming\CheckPoint
[2013/05/06 18:29:20 | 000,000,000 | ---D | M] -- C:\Users\AJ\AppData\Roaming\pdfforge
[2013/04/24 15:27:28 | 000,000,000 | ---D | M] -- C:\Users\AJ\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 10/05/2013 20:42:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\AJ\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 68.28% Memory free
6.00 Gb Paging File | 4.51 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88.62 Gb Total Space | 58.10 Gb Free Space | 65.57% Space Free | Partition Type: NTFS
 
Computer Name: TRASHER | User Name: AJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ABD04B-A060-47D3-950A-F570AECE2409}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{012463E2-F3EA-48BC-8DFA-77543C228222}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0ADD48EF-9B16-4DDE-B80A-DF1D19870893}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2178AAC3-72B8-4BEE-B9B1-09B89513F3A8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{30A38F0C-C6A4-409E-B7E8-248CBCF54E71}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{33FECB37-11E9-4A29-86B4-8B99EAB2EB5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3543812B-B12B-4D57-8564-83412FFEF633}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4680EEE8-2D76-4F90-9E40-5B7E1EC46B02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D3F4C39-C2B1-4980-9329-F4ACDA6CEE8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{66EFDC84-158F-4D03-B493-E3E4B1198390}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{78C134C0-A74D-4647-88F2-9BFEB6D228C6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB07E669-7576-463D-A8AE-DBEFA9C9BEC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ABBF1550-7997-4D77-8EC7-76FC027CF094}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C347766E-BFF8-4D0B-B86E-8ABC633D80AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C85E1973-5E6D-4D85-9821-C769CA30CE26}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D172C79D-FF95-4195-A7AB-2171A7A04871}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D9F87314-7E4E-4A19-8E41-370EC494140D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E204231F-3FD0-4CC1-A6D9-77BADF806E09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ED68C18C-68A4-491F-9436-4BBA0D05010C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F308B5BD-3E08-47A3-9B0B-E0E8212322CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3F216B3-5FBF-4044-91CC-DDC6019603EC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F7C38FC6-9B8F-42C1-9383-2B4BCD32F450}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{164FE3A0-8F3B-4D07-9A7F-5FAA4A1262B0}" = protocol=6 | dir=out | app=system | 
"{17244EB5-4D52-40A7-8E0B-AC3766A8D731}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1EC51D46-BFE8-4F5C-931D-6CDBF8040274}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{242115A6-FCB8-4ED0-BDCB-3D8389E59837}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36772BF9-CEC3-4260-A39B-9029A48ECEED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{371E7D7E-FE97-4360-8D77-3A3DB877E629}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4A4F2ABF-279D-4F77-8555-648C87D23FF2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5B10A036-2CDA-4167-8366-16A5849908C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{708961B1-69C5-4D3E-B403-9B52C96D8B26}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{82AFC2CA-378E-4E69-8654-47CFE0C25848}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B562CD4-62F9-401D-A45C-A028F7BF7299}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D12490F-02E6-4FAD-A3BC-FBCEE8457799}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{954BEF8D-933A-4913-BBC8-CE424520B16F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E9601F6-AACE-423F-BCC5-3EB5BB299C18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A685F1E0-9B1D-4D38-A931-8F2841060A79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC296525-515C-4253-BF1C-503111A84CDE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BA7211C9-059D-41C9-8224-DAA6AC31FD8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC832549-2D48-45BF-A916-3A2E94BCBBDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DB0FD85E-2B0A-45B0-B302-0B9F68AA2119}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EBDA3F50-70C8-47E6-8AB7-A6A30BE98712}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F47EBABF-B781-48AE-ABF2-584A1C3FC479}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FA8B721B-3846-47E3-864E-FE57565240BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.0
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9532F6E0-ED0A-41A4-87F9-49478E44E8C1}" = ZoneAlarm Antivirus
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PokerStars.eu" = PokerStars.eu
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/12/2012 14:20:06 | Computer Name = AJ-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 23.0.1271.95 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: df0    Start
 Time: 01cdd7ca67c59f7f    Termination Time: 14    Application Path: C:\Users\AJ\AppData\Local\Google\Chrome\Application\chrome.exe

Report
 Id: 47c9b9dd-43bf-11e2-afca-0016cfe134ab  
 
Error - 02/03/2013 03:08:39 | Computer Name = AJ-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\checkpoint\Install\Clean_tool64.exe".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 02/03/2013 03:08:41 | Computer Name = AJ-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\checkpoint\Install\Clean_tool64.exe".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 14/03/2013 13:29:46 | Computer Name = AJ-PC | Source = MsiInstaller | ID = 11310
Description = 
 
Error - 09/04/2013 15:47:37 | Computer Name = AJ-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'ZoneAlarm LTD Toolbar IswSvc' could not be
 shut down.
 
Error - 09/04/2013 15:47:37 | Computer Name = AJ-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'ZoneAlarm LTD Toolbar IswSvc' could not be
 shut down.
 
Error - 16/04/2013 15:20:16 | Computer Name = AJ-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 20.0.1.4847, time
 stamp: 0x51650aee  Faulting module name: xul.dll, version: 20.0.1.4847, time stamp:
 0x51650a09  Exception code: 0xc0000005  Fault offset: 0x000b10e8  Faulting process id:
 0xab4  Faulting application start time: 0x01ce3aad965af7eb  Faulting application path:
 C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files\Mozilla
 Firefox\xul.dll  Report Id: ab0514f3-a6ca-11e2-a8bf-0016cfe134ab
 
Error - 27/04/2013 18:04:27 | Computer Name = Trasher | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 20.0.1.4847, time
 stamp: 0x51650aee  Faulting module name: xul.dll, version: 20.0.1.4847, time stamp:
 0x51650a09  Exception code: 0xc0000005  Fault offset: 0x000b10e8  Faulting process id:
 0xf7c  Faulting application start time: 0x01ce435af57f18fe  Faulting application path:
 C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files\Mozilla
 Firefox\xul.dll  Report Id: 6d1be188-af86-11e2-9f3a-0016cfe134ab
 
Error - 28/04/2013 13:00:00 | Computer Name = Trasher | Source = Windows Backup | ID = 4103
Description = 
 
Error - 05/05/2013 13:00:01 | Computer Name = Trasher | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 02/05/2013 11:21:48 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
 storage could not grow in time.  Consider reducing the IO load on the system or
 choose a shadow copy storage volume that is not being shadow copied.
 
Error - 08/05/2013 12:45:30 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
 storage could not grow in time.  Consider reducing the IO load on the system or
 choose a shadow copy storage volume that is not being shadow copied.
 
Error - 08/05/2013 12:48:48 | Computer Name = Trasher | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Defender service to connect.
 
Error - 08/05/2013 12:48:48 | Computer Name = Trasher | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following 
error:   %%1053
 
Error - 08/05/2013 17:35:10 | Computer Name = Trasher | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:32:56 PM on ?08/?05/?2013 was unexpected.
 
Error - 08/05/2013 17:35:01 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
 storage could not grow in time.  Consider reducing the IO load on the system or
 choose a shadow copy storage volume that is not being shadow copied.
 
Error - 09/05/2013 00:55:35 | Computer Name = Trasher | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:52:12 AM on ?09/?05/?2013 was unexpected.
 
Error - 09/05/2013 00:55:26 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
 storage could not grow in time.  Consider reducing the IO load on the system or
 choose a shadow copy storage volume that is not being shadow copied.
 
Error - 10/05/2013 12:12:38 | Computer Name = Trasher | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
 storage could not grow in time.  Consider reducing the IO load on the system or
 choose a shadow copy storage volume that is not being shadow copied.
 
Error - 10/05/2013 14:17:27 | Computer Name = Trasher | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:15:09 PM on ?10/?05/?2013 was unexpected.
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-10 22:22:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HTS721010G9SA00 rev.MCZIC10V 93.16GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\AJ\AppData\Local\Temp\uxddipoc.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAdjustPrivilegesToken [0x8EC5D8AA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwAlpcConnectPort [0x8E82E082]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwAlpcCreatePort [0x8E82E94A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAlpcSendWaitReceivePort [0x8EC7685A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwClose [0x8EC5E324]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwConnectPort [0x8E82DAD8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateEvent [0x8EC5E894]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateFile [0x8E827334]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateKey [0x8E8491DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateMutant [0x8EC5E782]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreatePort [0x8E82E5E2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateProcess [0x8E842F1C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateProcessEx [0x8E843344]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateSection [0x8E84D96E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateSemaphore [0x8EC5E9AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateThread [0x8EC5DEDA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateThreadEx [0x8EC5E04A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateUserProcess [0x8E8437B8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateWaitablePort [0x8E82E740]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDebugActiveProcess [0x8EC5ED6C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteFile [0x8E828070]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteKey [0x8E84ACCE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteValueKey [0x8E84A580]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDeviceIoControlFile [0x8EC5E366]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDuplicateObject [0x8E841CFC]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadDriver [0x8E821D46]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKey [0x8E84B760]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKey2 [0x8E84B99E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKeyEx [0x8E84BE50]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwMapViewOfSection [0x8E84DD2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwNotifyChangeKey [0x8EC746AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenEvent [0x8EC5E926]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenFile [0x8E827C22]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenMutant [0x8EC5E80E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenProcess [0x8E845430]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenSection [0x8EC5F1AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenSemaphore [0x8EC5EA3E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenThread [0x8E84501E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwProtectVirtualMemory [0x8E85A340]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueryDirectoryObject [0x8EC5EB7A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueryObject [0x8EC748A4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQuerySection [0x8EC5F6F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueueApcThread [0x8EC5EFFE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRenameKey [0x8E84C838]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwReplaceKey [0x8E84C11A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyPort [0x8EC76648]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyWaitReceivePort [0x8EC76596]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRequestWaitReplyPort [0x8E82D67C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRestoreKey [0x8E84D29E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwResumeThread [0x8EC5FC10]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSecureConnectPort [0x8E82DDA4]
SSDT            8F048803                                                                                         ZwSetContextThread
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetInformationFile [0x8E82847C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetInformationObject [0x8E85A204]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSetInformationToken [0x8EC5EC18]
SSDT            8F04880D                                                                                         ZwSetSecurityObject
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetSystemInformation [0x8E821410]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetValueKey [0x8E849CA0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSuspendProcess [0x8EC5F934]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSuspendThread [0x8EC5FA6E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSystemDebugControl [0x8E844042]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwTerminateProcess [0x8E843D72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwTerminateThread [0x8EC5DBDA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwUnloadDriver [0x8E822198]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwUnmapViewOfSection [0x8EC5F5A8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwWriteVirtualMemory [0x8EC5DD70]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         81A8DA09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81AC71F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                              81ACE22C 4 Bytes  [AA, D8, C5, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                              81ACE254 8 Bytes  [82, E0, 82, 8E, 4A, E9, 82, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                              81ACE298 4 Bytes  [5A, 68, C7, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                              81ACE2C4 4 Bytes  [24, E3, C5, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                              81ACE2E8 4 Bytes  [D8, DA, 82, 8E]
.text           ...                                                                                              
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x8F215000, 0x23097E, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1728] USER32.dll!GetUpdateRect + CF          75A4A644 5 Bytes  JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys

Device          \Driver\BTHUSB \Device\00000074                                                                  bthport.sys
Device          \Driver\BTHUSB \Device\00000076                                                                  bthport.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cfe134ab                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cfe134ab (not active ControlSet)  

---- EOF - GMER 2.1 ----
         
Angehängte Grafiken
Dateityp: png pic1.PNG (65,2 KB, 303x aufgerufen)
Dateityp: png pic2.PNG (23,3 KB, 245x aufgerufen)
Dateityp: png pic3.PNG (21,9 KB, 271x aufgerufen)

Geändert von chaoshelge (10.05.2013 um 22:13 Uhr) Grund: Posten in CODE-Tags

Alt 10.05.2013, 22:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Hallo und

Zitat:
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.05.2013, 22:16   #3
chaoshelge
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Danke für den Hinweis.

Habe den Rechner von meinem Schwager, welcher im int. Managment tätig ist...

Zu den OTL Extra-Logfiles muss ich sagen, dass ich den ersten Scan ohne "Rechtsklick Administratorenrechte" gemacht habe. Diese beiden Files dann gelöscht. Neuen Scan mit Rechtskliuck. Da hatte ich dann nur die OTL, aber keine Extra mehr. Also habe ich die Extrafiles wieder hergestellt. Hoffe, das hat das Vorhaben nicht unterminiert.

Gruss
__________________

Alt 10.05.2013, 22:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Das beantwortet meine Frage, ob es jemals Funde von einem Virenscanner gab aber nicht wirklich.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.05.2013, 22:26   #5
chaoshelge
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Nun ja, habe den Rechner seit Nov. Ausser den beiden protokollierten ist mir keiner bekannt.


Alt 10.05.2013, 22:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Ok, das ist ne brauchbare Aussage!

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)

Alt 10.05.2013, 22:58   #7
chaoshelge
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Code:
ATTFilter
ComboFix 13-05-10.03 - AJ 10/05/2013  23:39:45.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.3070.1121 [GMT 2:00]
Running from: c:\users\AJ\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-10 to 2013-05-10  )))))))))))))))))))))))))))))))
.
.
2013-05-10 21:50 . 2013-05-10 21:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-10 20:27 . 2013-05-10 20:27	--------	d-----w-	c:\program files\7-Zip
2013-05-10 18:32 . 2013-05-10 20:27	--------	d-----w-	c:\users\AJ\Tools
2013-05-06 16:29 . 2013-05-06 16:30	--------	d-----w-	c:\program files\PDF Architect
2013-05-06 16:29 . 2013-05-06 16:29	--------	d-----w-	c:\users\AJ\AppData\Roaming\pdfforge
2013-05-06 16:29 . 2013-04-09 13:13	95416	----a-w-	c:\windows\system32\pdfcmon.dll
2013-05-06 16:29 . 2012-05-05 09:54	662288	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2013-05-06 16:29 . 2012-05-05 09:54	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2013-05-06 16:29 . 2013-05-06 16:30	--------	d-----w-	c:\program files\PDFCreator
2013-05-06 16:29 . 2012-05-05 09:54	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2013-05-06 16:29 . 1998-07-06 16:56	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2013-05-06 16:29 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2013-05-06 16:29 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2013-05-06 16:26 . 2013-05-06 16:26	--------	d-----w-	c:\users\AJ\AppData\Local\Programs
2013-05-03 17:29 . 2013-05-03 17:29	--------	d-----w-	c:\program files\Common Files\Skype
2013-04-29 09:07 . 2013-04-29 09:09	--------	d-----w-	c:\users\Guest
2013-04-24 13:27 . 2013-04-24 13:27	--------	d-----w-	c:\users\AJ\AppData\Roaming\Thunderbird
2013-04-24 13:27 . 2013-04-24 13:27	--------	d-----w-	c:\users\AJ\AppData\Local\Thunderbird
2013-04-24 13:27 . 2013-04-24 13:27	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-04-24 12:27 . 2013-04-24 12:29	--------	d-----w-	c:\users\AJ\AppData\Local\PokerStars.EU
2013-04-24 12:27 . 2013-04-24 12:28	--------	d-----w-	c:\program files\PokerStars.EU
2013-04-24 11:24 . 2013-04-24 11:29	--------	d-----w-	c:\users\AJ\AppData\Roaming\vlc
2013-04-24 11:23 . 2013-04-24 11:23	--------	d-----w-	c:\program files\VideoLAN
2013-04-24 09:07 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2013-04-24 09:07 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-04-24 08:56 . 2013-04-17 04:31	6906960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{41335CF6-0FF5-46FC-9B49-7F7B8806F3C7}\mpengine.dll
2013-04-24 08:56 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-04-24 08:56 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2013-04-24 08:56 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2013-04-24 08:50 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2013-04-24 08:50 . 2012-06-06 05:05	143360	----a-w-	c:\program files\Common Files\System\ado\msjro.dll
2013-04-24 08:50 . 2012-06-06 05:05	372736	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2013-04-24 08:50 . 2012-06-06 05:05	57344	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2013-04-24 08:50 . 2012-06-06 05:05	352256	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2013-04-24 08:50 . 2012-06-06 05:05	212992	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2013-04-24 08:50 . 2012-06-06 05:05	1019904	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2013-04-24 08:50 . 2012-06-06 05:03	805376	----a-w-	c:\windows\system32\cdosys.dll
2013-04-24 08:49 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
2013-04-24 08:49 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-04-24 08:48 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-24 08:48 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-24 08:48 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-24 08:48 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-24 08:48 . 2012-06-02 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-04-24 08:48 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\system32\crypt32.dll
2013-04-24 08:48 . 2012-06-02 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-04-24 08:46 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\system32\msxml3.dll
2013-04-24 08:46 . 2010-06-26 03:24	2048	----a-w-	c:\windows\system32\msxml3r.dll
2013-04-24 08:36 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
2013-04-24 08:12 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2013-04-24 08:12 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2013-04-24 08:12 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2013-04-24 08:12 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2013-04-24 08:12 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2013-04-24 08:12 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2013-04-24 08:12 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2013-04-24 08:11 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2013-04-24 08:11 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2013-04-24 08:07 . 2013-04-24 08:07	--------	d-----w-	c:\program files\Common Files\Java
2013-04-24 08:07 . 2013-04-24 08:07	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 08:07 . 2012-09-07 17:24	866720	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-24 08:07 . 2012-02-14 18:02	788896	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-24 07:59 . 2012-04-12 18:19	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-24 07:59 . 2012-01-22 18:32	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2012-01-22 17:53	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-04-14 22:09 . 2013-04-14 22:09	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54	91520	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - UXDDIPOC
*Deregistered* - uxddipoc
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=a0cd22d70000000000000016cfe134ab
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\4al20v81.default\
FF - ExtSQL: 2013-04-09 21:48; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: 2013-04-24 19:20; googledictionary@toptip.ca; c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\4al20v81.default\extensions\googledictionary@toptip.ca.xpi
FF - ExtSQL: 2013-04-24 20:20; quickdrag@mozilla.ktechcomputing.com; c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\4al20v81.default\extensions\quickdrag@mozilla.ktechcomputing.com.xpi
FF - ExtSQL: 2013-05-06 18:29; FFPDFArchitectConverter@pdfarchitect.com; c:\program files\PDF Architect\FFPDFArchitectExt
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - a0cd22d70000000000000016cfe134ab
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15764
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.018:13
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=743f799b4f704713a609397cbaca5950&tu=10GX0007U2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - a0cd22d70000000000000016cfe134ab
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15804
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1121:45
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN25546142391619-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=743f799b4f704713a609397cbaca5950&tu=10GX0007U2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(524)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(7456)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2013-05-10  23:55:21
ComboFix-quarantined-files.txt  2013-05-10 21:55
.
Pre-Run: 61,851,701,248 bytes free
Post-Run: 63,026,700,288 bytes free
.
- - End Of File - - 7A1B2905B84789388672B7BCD9E42EC4
         

Alt 10.05.2013, 23:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Zitat:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
Ehm..was soll denn das werden?
Zwei Sicherheitsprogramme vertragen sich in den seltensten Fällen, zudem kannst du auf ZoneAlarm-Firewall pfeifen, die von Windows entspricht allen Sicherheitsanforderungen.

Bitte ZoneAlarm komplette deinstallieren, gib mit Bescheid wenn fertig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.05.2013, 23:19   #9
chaoshelge
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



ZA ist deinstalliert.

Alt 12.05.2013, 19:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.05.2013, 20:59   #11
chaoshelge
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Hallo,

danke, dass Du dran bleibst...

Habe das erste Programm ausgeführt, kein Fund und kein Scan notwendig.
Avast hat dann mitten im Scan abgebrochen. W7 hat mir angeboten im Netz nach einer Problemlösung zu suchen, das wars. Nun bin ich unsicher, ob ich den letzten Schritt trotzdem noch ausführen soll.

Gruss Helge

Alt 12.05.2013, 21:19   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Am Ende der Anleitung zu aswMBR wurde doch deswegen extra ein Hinweis gebracht
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.05.2013, 21:34   #13
chaoshelge
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Entschuldige...

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_30

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 3219578880, free: 2134323200

------------ Kernel report ------------
     05/12/2013 21:02:27
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6232.sys
\SystemRoot\system32\DRIVERS\netw5v32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\nscirda.sys
\SystemRoot\system32\drivers\irenum.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff855b37a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8554a030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.05.12.05
Downloaded database version: v2013.05.07.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff855b37a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff855b33d8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff855b37a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85081848, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8554a030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffa85ad6a8, 0xffffffff855b37a0, 0xffffffff84acaac8
Lower DeviceData: 0xffffffffa8564a08, 0xffffffff8554a030, 0xffffffff84aca3a0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D6719FEF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 185839857
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 185839920  Numsec = 9525600

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-195351568-195371568)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
         
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-12 22:22:45
-----------------------------
22:22:45.232    OS Version: Windows 6.1.7601 Service Pack 1
22:22:45.232    Number of processors: 2 586 0xE08
22:22:45.232    ComputerName: TRASHER  UserName: AJ
22:22:45.762    Initialize success
22:23:01.066    AVAST engine defs: 13051200
22:23:08.429    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:23:08.429    Disk 0 Vendor: HTS721010G9SA00 MCZIC10V Size: 95396MB BusType: 3
22:23:08.616    Disk 0 MBR read successfully
22:23:08.616    Disk 0 MBR scan
22:23:08.632    Disk 0 Windows 7 default MBR code
22:23:08.647    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        90742 MB offset 63
22:23:08.678    Disk 0 Partition 2 00     12  Compaq diag MSDOS5.0     4651 MB offset 185839920
22:23:08.725    Disk 0 scanning sectors +195365520
22:23:08.772    Disk 0 scanning C:\Windows\system32\drivers
22:23:24.403    Service scanning
22:24:04.480    Modules scanning
22:24:17.599    Disk 0 trace - called modules:
22:24:17.631    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
22:24:17.646    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855b37a0]
22:24:17.646    3 CLASSPNP.SYS[8b39f59e] -> nt!IofCallDriver -> [0x85081848]
22:24:17.662    5 ACPI.sys[8a8973d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8554a030]
22:24:17.677    Scan finished successfully
22:24:46.116    Disk 0 MBR has been saved successfully to "C:\Users\AJ\Desktop\MBR.dat"
22:24:46.116    The log file has been saved successfully to "C:\Users\AJ\Desktop\aswMBR.txt"
         
Code:
ATTFilter
22:27:06.0812 5864  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:27:07.0124 5864  ============================================================
22:27:07.0124 5864  Current date / time: 2013/05/12 22:27:07.0124
22:27:07.0124 5864  SystemInfo:
22:27:07.0124 5864  
22:27:07.0124 5864  OS Version: 6.1.7601 ServicePack: 1.0
22:27:07.0124 5864  Product type: Workstation
22:27:07.0124 5864  ComputerName: TRASHER
22:27:07.0124 5864  UserName: AJ
22:27:07.0124 5864  Windows directory: C:\Windows
22:27:07.0124 5864  System windows directory: C:\Windows
22:27:07.0124 5864  Processor architecture: Intel x86
22:27:07.0124 5864  Number of processors: 2
22:27:07.0124 5864  Page size: 0x1000
22:27:07.0124 5864  Boot type: Normal boot
22:27:07.0124 5864  ============================================================
22:27:08.0216 5864  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:27:08.0216 5864  ============================================================
22:27:08.0216 5864  \Device\Harddisk0\DR0:
22:27:08.0216 5864  MBR partitions:
22:27:08.0216 5864  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB13B0F1
22:27:08.0216 5864  ============================================================
22:27:08.0232 5864  C: <-> \Device\Harddisk0\DR0\Partition1
22:27:08.0232 5864  ============================================================
22:27:08.0232 5864  Initialize success
22:27:08.0232 5864  ============================================================
22:27:18.0949 4348  ============================================================
22:27:18.0949 4348  Scan started
22:27:18.0949 4348  Mode: Manual; SigCheck; TDLFS; 
22:27:18.0949 4348  ============================================================
22:27:19.0308 4348  ================ Scan system memory ========================
22:27:19.0308 4348  System memory - ok
22:27:19.0308 4348  ================ Scan services =============================
22:27:19.0526 4348  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:27:19.0651 4348  1394ohci - ok
22:27:19.0713 4348  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:27:19.0760 4348  ACPI - ok
22:27:19.0869 4348  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:27:19.0963 4348  AcpiPmi - ok
22:27:20.0025 4348  [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
22:27:20.0103 4348  ADIHdAudAddService - ok
22:27:20.0213 4348  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:27:20.0244 4348  AdobeARMservice - ok
22:27:20.0322 4348  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:20.0369 4348  AdobeFlashPlayerUpdateSvc - ok
22:27:20.0431 4348  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:27:20.0462 4348  adp94xx - ok
22:27:20.0493 4348  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:27:20.0509 4348  adpahci - ok
22:27:20.0540 4348  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:27:20.0556 4348  adpu320 - ok
22:27:20.0603 4348  [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
22:27:20.0634 4348  AEADIFilters - ok
22:27:20.0665 4348  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:27:20.0712 4348  AeLookupSvc - ok
22:27:20.0759 4348  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
22:27:20.0837 4348  AFD - ok
22:27:20.0883 4348  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:27:20.0915 4348  agp440 - ok
22:27:20.0961 4348  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
22:27:20.0993 4348  aic78xx - ok
22:27:21.0039 4348  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
22:27:21.0086 4348  ALG - ok
22:27:21.0102 4348  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:27:21.0117 4348  aliide - ok
22:27:21.0133 4348  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:27:21.0149 4348  amdagp - ok
22:27:21.0164 4348  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:27:21.0180 4348  amdide - ok
22:27:21.0211 4348  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:27:21.0258 4348  AmdK8 - ok
22:27:21.0273 4348  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:27:21.0305 4348  AmdPPM - ok
22:27:21.0336 4348  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:27:21.0351 4348  amdsata - ok
22:27:21.0414 4348  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:27:21.0445 4348  amdsbs - ok
22:27:21.0476 4348  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:27:21.0492 4348  amdxata - ok
22:27:21.0554 4348  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:27:21.0601 4348  AntiVirSchedulerService - ok
22:27:21.0601 4348  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:27:21.0617 4348  AntiVirService - ok
22:27:21.0663 4348  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
22:27:21.0726 4348  AppID - ok
22:27:21.0773 4348  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:27:21.0819 4348  AppIDSvc - ok
22:27:21.0851 4348  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
22:27:21.0882 4348  Appinfo - ok
22:27:21.0929 4348  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:27:21.0944 4348  AppMgmt - ok
22:27:22.0007 4348  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:27:22.0022 4348  arc - ok
22:27:22.0038 4348  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:27:22.0053 4348  arcsas - ok
22:27:22.0069 4348  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:22.0209 4348  AsyncMac - ok
22:27:22.0241 4348  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
22:27:22.0256 4348  atapi - ok
22:27:22.0303 4348  [ 2039E24FE00639A9123DCD6F22D42D74 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:27:22.0412 4348  Ati External Event Utility - ok
22:27:22.0599 4348  [ D2E9ACB68FA61C911CC21E07F87705BF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:27:22.0787 4348  atikmdag - ok
22:27:22.0833 4348  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:27:22.0896 4348  AudioEndpointBuilder - ok
22:27:22.0911 4348  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:27:22.0943 4348  Audiosrv - ok
22:27:22.0974 4348  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:27:22.0989 4348  avgntflt - ok
22:27:23.0036 4348  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:27:23.0052 4348  avipbb - ok
22:27:23.0067 4348  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:27:23.0083 4348  avkmgr - ok
22:27:23.0130 4348  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:27:23.0192 4348  AxInstSV - ok
22:27:23.0239 4348  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
22:27:23.0286 4348  b06bdrv - ok
22:27:23.0317 4348  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:27:23.0333 4348  b57nd60x - ok
22:27:23.0379 4348  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:27:23.0426 4348  BDESVC - ok
22:27:23.0442 4348  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:27:23.0489 4348  Beep - ok
22:27:23.0551 4348  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
22:27:23.0613 4348  BFE - ok
22:27:23.0660 4348  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
22:27:23.0723 4348  BITS - ok
22:27:23.0738 4348  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:27:23.0769 4348  blbdrive - ok
22:27:23.0816 4348  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:27:23.0879 4348  bowser - ok
22:27:23.0910 4348  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:27:24.0003 4348  BrFiltLo - ok
22:27:24.0019 4348  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:27:24.0050 4348  BrFiltUp - ok
22:27:24.0081 4348  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:27:24.0128 4348  BridgeMP - ok
22:27:24.0175 4348  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
22:27:24.0206 4348  Browser - ok
22:27:24.0253 4348  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:27:24.0269 4348  Brserid - ok
22:27:24.0300 4348  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:27:24.0331 4348  BrSerWdm - ok
22:27:24.0347 4348  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:27:24.0378 4348  BrUsbMdm - ok
22:27:24.0393 4348  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:27:24.0425 4348  BrUsbSer - ok
22:27:24.0487 4348  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:27:24.0549 4348  BthEnum - ok
22:27:24.0565 4348  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:27:24.0596 4348  BTHMODEM - ok
22:27:24.0643 4348  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:27:24.0674 4348  BthPan - ok
22:27:24.0721 4348  [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
22:27:24.0737 4348  BTHPORT - ok
22:27:24.0783 4348  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
22:27:24.0815 4348  bthserv - ok
22:27:24.0830 4348  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:27:24.0861 4348  BTHUSB - ok
22:27:24.0986 4348  catchme - ok
22:27:25.0017 4348  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:27:25.0080 4348  cdfs - ok
22:27:25.0142 4348  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:27:25.0173 4348  cdrom - ok
22:27:25.0236 4348  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:27:25.0298 4348  CertPropSvc - ok
22:27:25.0345 4348  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:27:25.0376 4348  circlass - ok
22:27:25.0407 4348  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
22:27:25.0439 4348  CLFS - ok
22:27:25.0517 4348  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:25.0548 4348  clr_optimization_v2.0.50727_32 - ok
22:27:25.0563 4348  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:27:25.0595 4348  CmBatt - ok
22:27:25.0610 4348  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:27:25.0626 4348  cmdide - ok
22:27:25.0673 4348  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:27:25.0704 4348  CNG - ok
22:27:25.0751 4348  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:27:25.0782 4348  Compbatt - ok
22:27:25.0829 4348  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:27:25.0860 4348  CompositeBus - ok
22:27:25.0875 4348  COMSysApp - ok
22:27:25.0907 4348  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:27:25.0922 4348  crcdisk - ok
22:27:25.0953 4348  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:27:25.0985 4348  CryptSvc - ok
22:27:26.0016 4348  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
22:27:26.0063 4348  CSC - ok
22:27:26.0094 4348  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
22:27:26.0141 4348  CscService - ok
22:27:26.0172 4348  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:27:26.0234 4348  DcomLaunch - ok
22:27:26.0281 4348  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:27:26.0343 4348  defragsvc - ok
22:27:26.0406 4348  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:27:26.0453 4348  DfsC - ok
22:27:26.0499 4348  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:27:26.0546 4348  Dhcp - ok
22:27:26.0577 4348  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
22:27:26.0624 4348  discache - ok
22:27:26.0671 4348  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:27:26.0687 4348  Disk - ok
22:27:26.0718 4348  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:27:26.0749 4348  Dnscache - ok
22:27:26.0796 4348  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:27:26.0858 4348  dot3svc - ok
22:27:26.0905 4348  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
22:27:26.0936 4348  DPS - ok
22:27:26.0999 4348  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:27:27.0045 4348  drmkaud - ok
22:27:27.0108 4348  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:27:27.0170 4348  DXGKrnl - ok
22:27:27.0233 4348  [ E1EEE3216482DB7DB5666125C3969CD0 ] e1express       C:\Windows\system32\DRIVERS\e1e6232.sys
22:27:27.0264 4348  e1express - ok
22:27:27.0311 4348  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
22:27:27.0357 4348  EapHost - ok
22:27:27.0513 4348  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
22:27:27.0607 4348  ebdrv - ok
22:27:27.0638 4348  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
22:27:27.0669 4348  EFS - ok
22:27:27.0763 4348  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:27:27.0810 4348  ehRecvr - ok
22:27:27.0857 4348  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
22:27:27.0872 4348  ehSched - ok
22:27:27.0935 4348  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:27:27.0981 4348  elxstor - ok
22:27:27.0997 4348  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:27:28.0013 4348  ErrDev - ok
22:27:28.0075 4348  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
22:27:28.0153 4348  EventSystem - ok
22:27:28.0169 4348  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
22:27:28.0215 4348  exfat - ok
22:27:28.0231 4348  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:27:28.0278 4348  fastfat - ok
22:27:28.0325 4348  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
22:27:28.0387 4348  Fax - ok
22:27:28.0418 4348  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:27:28.0434 4348  fdc - ok
22:27:28.0465 4348  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:27:28.0527 4348  fdPHost - ok
22:27:28.0527 4348  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
22:27:28.0590 4348  FDResPub - ok
22:27:28.0605 4348  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:27:28.0621 4348  FileInfo - ok
22:27:28.0637 4348  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:27:28.0668 4348  Filetrace - ok
22:27:28.0699 4348  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:27:28.0715 4348  flpydisk - ok
22:27:28.0730 4348  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:27:28.0761 4348  FltMgr - ok
22:27:28.0824 4348  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
22:27:28.0871 4348  FontCache - ok
22:27:28.0949 4348  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:27:28.0980 4348  FontCache3.0.0.0 - ok
22:27:29.0011 4348  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:27:29.0027 4348  FsDepends - ok
22:27:29.0042 4348  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:27:29.0058 4348  Fs_Rec - ok
22:27:29.0105 4348  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:27:29.0136 4348  fvevol - ok
22:27:29.0151 4348  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:27:29.0167 4348  gagp30kx - ok
22:27:29.0214 4348  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:27:29.0276 4348  gpsvc - ok
22:27:29.0307 4348  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:27:29.0354 4348  hcw85cir - ok
22:27:29.0401 4348  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:27:29.0432 4348  HdAudAddService - ok
22:27:29.0448 4348  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:27:29.0479 4348  HDAudBus - ok
22:27:29.0495 4348  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:27:29.0541 4348  HidBatt - ok
22:27:29.0573 4348  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:27:29.0588 4348  HidBth - ok
22:27:29.0651 4348  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:27:29.0697 4348  HidIr - ok
22:27:29.0729 4348  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
22:27:29.0775 4348  hidserv - ok
22:27:29.0838 4348  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:27:29.0885 4348  HidUsb - ok
22:27:29.0931 4348  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:27:29.0978 4348  hkmsvc - ok
22:27:30.0025 4348  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:27:30.0056 4348  HomeGroupListener - ok
22:27:30.0103 4348  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:27:30.0134 4348  HomeGroupProvider - ok
22:27:30.0165 4348  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:27:30.0181 4348  HpSAMD - ok
22:27:30.0275 4348  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:27:30.0337 4348  HSF_DPV - ok
22:27:30.0368 4348  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:27:30.0399 4348  HSXHWAZL - ok
22:27:30.0446 4348  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:27:30.0493 4348  HTTP - ok
22:27:30.0524 4348  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:27:30.0540 4348  hwpolicy - ok
22:27:30.0587 4348  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:27:30.0649 4348  i8042prt - ok
22:27:30.0711 4348  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:27:30.0743 4348  iaStorV - ok
22:27:30.0789 4348  [ BF648877413F6160E480814A24942B65 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:27:30.0805 4348  IBMPMDRV - ok
22:27:30.0805 4348  [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
22:27:30.0821 4348  IBMPMSVC - ok
22:27:30.0914 4348  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:27:30.0961 4348  idsvc - ok
22:27:31.0008 4348  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:27:31.0023 4348  iirsp - ok
22:27:31.0086 4348  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:27:31.0148 4348  IKEEXT - ok
22:27:31.0179 4348  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:27:31.0195 4348  intelide - ok
22:27:31.0242 4348  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:27:31.0257 4348  intelppm - ok
22:27:31.0304 4348  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:27:31.0335 4348  IPBusEnum - ok
22:27:31.0351 4348  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:31.0429 4348  IpFilterDriver - ok
22:27:31.0476 4348  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:27:31.0538 4348  iphlpsvc - ok
22:27:31.0569 4348  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:27:31.0616 4348  IPMIDRV - ok
22:27:31.0663 4348  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:27:31.0725 4348  IPNAT - ok
22:27:31.0741 4348  [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda            C:\Windows\system32\DRIVERS\irda.sys
22:27:31.0835 4348  irda - ok
22:27:31.0850 4348  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:27:31.0897 4348  IRENUM - ok
22:27:31.0928 4348  [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon           C:\Windows\System32\irmon.dll
22:27:31.0959 4348  Irmon - ok
22:27:32.0006 4348  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:27:32.0037 4348  isapnp - ok
22:27:32.0069 4348  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:27:32.0100 4348  iScsiPrt - ok
22:27:32.0131 4348  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:32.0147 4348  kbdclass - ok
22:27:32.0162 4348  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:27:32.0193 4348  kbdhid - ok
22:27:32.0209 4348  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
22:27:32.0225 4348  KeyIso - ok
22:27:32.0287 4348  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
22:27:32.0318 4348  KL1 - ok
22:27:32.0318 4348  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
22:27:32.0334 4348  kl2 - ok
22:27:32.0381 4348  [ 46FA00BEF951762919B66269371C22AF ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
22:27:32.0396 4348  KLIF - ok
22:27:32.0427 4348  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:27:32.0443 4348  KSecDD - ok
22:27:32.0474 4348  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:27:32.0490 4348  KSecPkg - ok
22:27:32.0537 4348  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:27:32.0630 4348  KtmRm - ok
22:27:32.0677 4348  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:27:32.0739 4348  LanmanServer - ok
22:27:32.0755 4348  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:27:32.0786 4348  LanmanWorkstation - ok
22:27:32.0849 4348  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:27:32.0895 4348  lltdio - ok
22:27:32.0942 4348  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:27:32.0973 4348  lltdsvc - ok
22:27:32.0989 4348  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:27:33.0036 4348  lmhosts - ok
22:27:33.0067 4348  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:27:33.0098 4348  LSI_FC - ok
22:27:33.0098 4348  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:27:33.0114 4348  LSI_SAS - ok
22:27:33.0129 4348  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:27:33.0145 4348  LSI_SAS2 - ok
22:27:33.0176 4348  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:27:33.0192 4348  LSI_SCSI - ok
22:27:33.0192 4348  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
22:27:33.0239 4348  luafv - ok
22:27:33.0270 4348  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:27:33.0301 4348  Mcx2Svc - ok
22:27:33.0317 4348  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:27:33.0332 4348  mdmxsdk - ok
22:27:33.0363 4348  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:27:33.0379 4348  megasas - ok
22:27:33.0410 4348  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:27:33.0441 4348  MegaSR - ok
22:27:33.0488 4348  Microsoft SharePoint Workspace Audit Service - ok
22:27:33.0535 4348  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
22:27:33.0597 4348  MMCSS - ok
22:27:33.0613 4348  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
22:27:33.0675 4348  Modem - ok
22:27:33.0707 4348  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:27:33.0722 4348  monitor - ok
22:27:33.0769 4348  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:27:33.0785 4348  mouclass - ok
22:27:33.0831 4348  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:27:33.0847 4348  mouhid - ok
22:27:33.0878 4348  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:27:33.0894 4348  mountmgr - ok
22:27:33.0956 4348  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:27:33.0987 4348  MozillaMaintenance - ok
22:27:34.0019 4348  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:27:34.0034 4348  mpio - ok
22:27:34.0050 4348  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:27:34.0097 4348  mpsdrv - ok
22:27:34.0143 4348  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:27:34.0206 4348  MpsSvc - ok
22:27:34.0253 4348  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:27:34.0284 4348  MRxDAV - ok
22:27:34.0331 4348  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:34.0377 4348  mrxsmb - ok
22:27:34.0393 4348  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:34.0424 4348  mrxsmb10 - ok
22:27:34.0440 4348  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:34.0487 4348  mrxsmb20 - ok
22:27:34.0533 4348  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:27:34.0565 4348  msahci - ok
22:27:34.0580 4348  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:27:34.0596 4348  msdsm - ok
22:27:34.0611 4348  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
22:27:34.0643 4348  MSDTC - ok
22:27:34.0689 4348  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:27:34.0721 4348  Msfs - ok
22:27:34.0736 4348  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:27:34.0783 4348  mshidkmdf - ok
22:27:34.0799 4348  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:27:34.0814 4348  msisadrv - ok
22:27:34.0877 4348  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:27:34.0923 4348  MSiSCSI - ok
22:27:34.0923 4348  msiserver - ok
22:27:34.0955 4348  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:27:35.0001 4348  MSKSSRV - ok
22:27:35.0017 4348  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:35.0064 4348  MSPCLOCK - ok
22:27:35.0095 4348  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:27:35.0157 4348  MSPQM - ok
22:27:35.0173 4348  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:27:35.0204 4348  MsRPC - ok
22:27:35.0235 4348  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:27:35.0251 4348  mssmbios - ok
22:27:35.0267 4348  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:27:35.0298 4348  MSTEE - ok
22:27:35.0313 4348  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:27:35.0345 4348  MTConfig - ok
22:27:35.0360 4348  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:27:35.0376 4348  Mup - ok
22:27:35.0423 4348  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
22:27:35.0469 4348  napagent - ok
22:27:35.0532 4348  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:27:35.0610 4348  NativeWifiP - ok
22:27:35.0657 4348  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:27:35.0688 4348  NDIS - ok
22:27:35.0703 4348  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:27:35.0750 4348  NdisCap - ok
22:27:35.0797 4348  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:35.0859 4348  NdisTapi - ok
22:27:35.0906 4348  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:35.0969 4348  Ndisuio - ok
22:27:36.0015 4348  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:36.0078 4348  NdisWan - ok
22:27:36.0109 4348  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:27:36.0156 4348  NDProxy - ok
22:27:36.0203 4348  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:27:36.0265 4348  NetBIOS - ok
22:27:36.0296 4348  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:27:36.0343 4348  NetBT - ok
22:27:36.0374 4348  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
22:27:36.0390 4348  Netlogon - ok
22:27:36.0437 4348  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
22:27:36.0499 4348  Netman - ok
22:27:36.0515 4348  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
22:27:36.0577 4348  netprofm - ok
22:27:36.0608 4348  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:27:36.0624 4348  NetTcpPortSharing - ok
22:27:36.0795 4348  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
22:27:36.0873 4348  netw5v32 - ok
22:27:36.0920 4348  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:27:36.0936 4348  nfrd960 - ok
22:27:36.0983 4348  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:27:37.0029 4348  NlaSvc - ok
22:27:37.0061 4348  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:27:37.0107 4348  Npfs - ok
22:27:37.0154 4348  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
22:27:37.0185 4348  NSCIRDA - ok
22:27:37.0232 4348  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
22:27:37.0279 4348  nsi - ok
22:27:37.0326 4348  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:27:37.0373 4348  nsiproxy - ok
22:27:37.0435 4348  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:27:37.0482 4348  Ntfs - ok
22:27:37.0497 4348  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
22:27:37.0544 4348  Null - ok
22:27:37.0575 4348  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:27:37.0591 4348  nvraid - ok
22:27:37.0622 4348  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:27:37.0638 4348  nvstor - ok
22:27:37.0669 4348  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:27:37.0716 4348  nv_agp - ok
22:27:37.0731 4348  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:27:37.0763 4348  ohci1394 - ok
22:27:37.0825 4348  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:37.0856 4348  ose - ok
22:27:38.0075 4348  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:27:38.0277 4348  osppsvc - ok
22:27:38.0324 4348  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:27:38.0371 4348  p2pimsvc - ok
22:27:38.0387 4348  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:27:38.0418 4348  p2psvc - ok
22:27:38.0465 4348  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:27:38.0511 4348  Parport - ok
22:27:38.0543 4348  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:27:38.0558 4348  partmgr - ok
22:27:38.0574 4348  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:27:38.0621 4348  Parvdm - ok
22:27:38.0667 4348  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:27:38.0730 4348  PcaSvc - ok
22:27:38.0761 4348  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
22:27:38.0777 4348  pci - ok
22:27:38.0808 4348  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
22:27:38.0823 4348  pciide - ok
22:27:38.0855 4348  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:27:38.0870 4348  pcmcia - ok
22:27:38.0886 4348  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
22:27:38.0901 4348  pcw - ok
22:27:38.0979 4348  [ 20372BE109FEE1C37E2D5216680DB9EB ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe
22:27:39.0026 4348  PDF Architect Helper Service - ok
22:27:39.0057 4348  [ B90A279073A815A4AA2C45A09EE004FA ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe
22:27:39.0089 4348  PDF Architect Service - ok
22:27:39.0135 4348  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:27:39.0182 4348  PEAUTH - ok
22:27:39.0260 4348  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:27:39.0338 4348  PeerDistSvc - ok
22:27:39.0432 4348  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
22:27:39.0494 4348  pla - ok
22:27:39.0557 4348  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:27:39.0619 4348  PlugPlay - ok
22:27:39.0650 4348  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:27:39.0681 4348  PNRPAutoReg - ok
22:27:39.0713 4348  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:27:39.0744 4348  PNRPsvc - ok
22:27:39.0775 4348  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:27:39.0869 4348  PolicyAgent - ok
22:27:39.0915 4348  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
22:27:39.0962 4348  Power - ok
22:27:39.0993 4348  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:27:40.0040 4348  PptpMiniport - ok
22:27:40.0071 4348  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:27:40.0087 4348  Processor - ok
22:27:40.0134 4348  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:27:40.0243 4348  ProfSvc - ok
22:27:40.0259 4348  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:27:40.0274 4348  ProtectedStorage - ok
22:27:40.0290 4348  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:27:40.0337 4348  Psched - ok
22:27:40.0399 4348  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:27:40.0461 4348  ql2300 - ok
22:27:40.0493 4348  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:27:40.0508 4348  ql40xx - ok
22:27:40.0555 4348  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
22:27:40.0602 4348  QWAVE - ok
22:27:40.0617 4348  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:27:40.0664 4348  QWAVEdrv - ok
22:27:40.0680 4348  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:27:40.0727 4348  RasAcd - ok
22:27:40.0789 4348  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:40.0851 4348  RasAgileVpn - ok
22:27:40.0883 4348  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
22:27:40.0914 4348  RasAuto - ok
22:27:40.0961 4348  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:40.0992 4348  Rasl2tp - ok
22:27:41.0039 4348  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
22:27:41.0085 4348  RasMan - ok
22:27:41.0101 4348  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:41.0148 4348  RasPppoe - ok
22:27:41.0163 4348  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:27:41.0210 4348  RasSstp - ok
22:27:41.0241 4348  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:27:41.0319 4348  rdbss - ok
22:27:41.0351 4348  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:27:41.0397 4348  rdpbus - ok
22:27:41.0429 4348  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:41.0475 4348  RDPCDD - ok
22:27:41.0507 4348  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:27:41.0538 4348  RDPDR - ok
22:27:41.0569 4348  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:27:41.0616 4348  RDPENCDD - ok
22:27:41.0631 4348  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:27:41.0678 4348  RDPREFMP - ok
22:27:41.0725 4348  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:27:41.0787 4348  RdpVideoMiniport - ok
22:27:41.0803 4348  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:27:41.0834 4348  RDPWD - ok
22:27:41.0897 4348  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:27:41.0928 4348  rdyboost - ok
22:27:41.0959 4348  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:27:42.0037 4348  RemoteAccess - ok
22:27:42.0084 4348  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:27:42.0131 4348  RemoteRegistry - ok
22:27:42.0162 4348  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:27:42.0209 4348  RFCOMM - ok
22:27:42.0240 4348  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:27:42.0287 4348  RpcEptMapper - ok
22:27:42.0318 4348  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
22:27:42.0380 4348  RpcLocator - ok
22:27:42.0412 4348  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\System32\rpcss.dll
22:27:42.0443 4348  RpcSs - ok
22:27:42.0490 4348  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:27:42.0552 4348  rspndr - ok
22:27:42.0583 4348  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:27:42.0614 4348  s3cap - ok
22:27:42.0630 4348  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
22:27:42.0661 4348  SamSs - ok
22:27:42.0692 4348  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:27:42.0708 4348  sbp2port - ok
22:27:42.0739 4348  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:27:42.0786 4348  SCardSvr - ok
22:27:42.0786 4348  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:27:42.0833 4348  scfilter - ok
22:27:42.0895 4348  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
22:27:42.0973 4348  Schedule - ok
22:27:43.0004 4348  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:27:43.0036 4348  SCPolicySvc - ok
22:27:43.0067 4348  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:27:43.0098 4348  SDRSVC - ok
22:27:43.0145 4348  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:27:43.0176 4348  secdrv - ok
22:27:43.0207 4348  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
22:27:43.0254 4348  seclogon - ok
22:27:43.0270 4348  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
22:27:43.0316 4348  SENS - ok
22:27:43.0332 4348  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:27:43.0363 4348  SensrSvc - ok
22:27:43.0379 4348  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:27:43.0394 4348  Serenum - ok
22:27:43.0410 4348  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:27:43.0457 4348  Serial - ok
22:27:43.0472 4348  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:27:43.0504 4348  sermouse - ok
22:27:43.0550 4348  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:27:43.0582 4348  SessionEnv - ok
22:27:43.0613 4348  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:27:43.0644 4348  sffdisk - ok
22:27:43.0660 4348  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:27:43.0691 4348  sffp_mmc - ok
22:27:43.0722 4348  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:27:43.0738 4348  sffp_sd - ok
22:27:43.0769 4348  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:27:43.0800 4348  sfloppy - ok
22:27:43.0862 4348  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:27:43.0956 4348  SharedAccess - ok
22:27:43.0987 4348  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:27:44.0034 4348  ShellHWDetection - ok
22:27:44.0050 4348  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:27:44.0081 4348  sisagp - ok
22:27:44.0128 4348  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:27:44.0143 4348  SiSRaid2 - ok
22:27:44.0159 4348  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:27:44.0174 4348  SiSRaid4 - ok
22:27:44.0221 4348  [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:27:44.0252 4348  SkypeUpdate - ok
22:27:44.0284 4348  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:27:44.0315 4348  Smb - ok
22:27:44.0377 4348  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:27:44.0408 4348  SNMPTRAP - ok
22:27:44.0424 4348  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:27:44.0440 4348  spldr - ok
22:27:44.0502 4348  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\Windows\System32\spoolsv.exe
22:27:44.0549 4348  Spooler - ok
22:27:44.0689 4348  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:27:44.0783 4348  sppsvc - ok
22:27:44.0814 4348  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:27:44.0845 4348  sppuinotify - ok
22:27:44.0876 4348  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:27:44.0923 4348  srv - ok
22:27:44.0954 4348  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:27:44.0986 4348  srv2 - ok
22:27:45.0048 4348  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:27:45.0079 4348  SrvHsfHDA - ok
22:27:45.0126 4348  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:27:45.0173 4348  SrvHsfV92 - ok
22:27:45.0204 4348  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:27:45.0235 4348  SrvHsfWinac - ok
22:27:45.0282 4348  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:27:45.0344 4348  srvnet - ok
22:27:45.0391 4348  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:27:45.0469 4348  SSDPSRV - ok
22:27:45.0500 4348  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:27:45.0500 4348  ssmdrv - ok
22:27:45.0516 4348  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:27:45.0563 4348  SstpSvc - ok
22:27:45.0610 4348  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:27:45.0625 4348  stexstor - ok
22:27:45.0672 4348  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:27:45.0719 4348  StiSvc - ok
22:27:45.0734 4348  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:27:45.0750 4348  storflt - ok
22:27:45.0781 4348  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:27:45.0797 4348  storvsc - ok
22:27:45.0812 4348  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:27:45.0828 4348  swenum - ok
22:27:45.0859 4348  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
22:27:45.0953 4348  swprv - ok
22:27:45.0953 4348  Synth3dVsc - ok
22:27:46.0015 4348  [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:27:46.0046 4348  SynTP - ok
22:27:46.0124 4348  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
22:27:46.0171 4348  SysMain - ok
22:27:46.0202 4348  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:27:46.0249 4348  TabletInputService - ok
22:27:46.0280 4348  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:27:46.0327 4348  TapiSrv - ok
22:27:46.0374 4348  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
22:27:46.0405 4348  TBS - ok
22:27:46.0468 4348  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:27:46.0530 4348  Tcpip - ok
22:27:46.0561 4348  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:27:46.0592 4348  TCPIP6 - ok
22:27:46.0639 4348  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:27:46.0686 4348  tcpipreg - ok
22:27:46.0717 4348  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:27:46.0748 4348  TDPIPE - ok
22:27:46.0780 4348  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:27:46.0811 4348  TDTCP - ok
22:27:46.0842 4348  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:27:46.0889 4348  tdx - ok
22:27:46.0904 4348  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:27:46.0920 4348  TermDD - ok
22:27:46.0967 4348  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
22:27:47.0029 4348  TermService - ok
22:27:47.0060 4348  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
22:27:47.0092 4348  Themes - ok
22:27:47.0123 4348  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
22:27:47.0154 4348  THREADORDER - ok
22:27:47.0201 4348  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys
22:27:47.0216 4348  TPM - ok
22:27:47.0248 4348  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
22:27:47.0294 4348  TrkWks - ok
22:27:47.0372 4348  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:27:47.0435 4348  TrustedInstaller - ok
22:27:47.0482 4348  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:47.0544 4348  tssecsrv - ok
22:27:47.0591 4348  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:27:47.0622 4348  TsUsbFlt - ok
22:27:47.0622 4348  tsusbhub - ok
22:27:47.0684 4348  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:27:47.0731 4348  tunnel - ok
22:27:47.0762 4348  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:27:47.0778 4348  uagp35 - ok
22:27:47.0825 4348  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:27:47.0887 4348  udfs - ok
22:27:47.0934 4348  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:27:47.0965 4348  UI0Detect - ok
22:27:47.0996 4348  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:27:48.0012 4348  uliagpkx - ok
22:27:48.0043 4348  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
22:27:48.0059 4348  umbus - ok
22:27:48.0106 4348  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:27:48.0137 4348  UmPass - ok
22:27:48.0199 4348  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:27:48.0230 4348  UmRdpService - ok
22:27:48.0293 4348  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
22:27:48.0324 4348  upnphost - ok
22:27:48.0371 4348  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:48.0402 4348  usbccgp - ok
22:27:48.0449 4348  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:27:48.0496 4348  usbcir - ok
22:27:48.0511 4348  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:27:48.0527 4348  usbehci - ok
22:27:48.0558 4348  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:27:48.0589 4348  usbhub - ok
22:27:48.0605 4348  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:27:48.0636 4348  usbohci - ok
22:27:48.0667 4348  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:27:48.0714 4348  usbprint - ok
22:27:48.0761 4348  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:27:48.0792 4348  USBSTOR - ok
22:27:48.0823 4348  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:27:48.0839 4348  usbuhci - ok
22:27:48.0870 4348  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
22:27:48.0917 4348  UxSms - ok
22:27:48.0948 4348  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
22:27:48.0964 4348  VaultSvc - ok
22:27:48.0995 4348  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:27:49.0010 4348  vdrvroot - ok
22:27:49.0057 4348  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
22:27:49.0104 4348  vds - ok
22:27:49.0151 4348  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:49.0229 4348  vga - ok
22:27:49.0260 4348  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:27:49.0291 4348  VgaSave - ok
22:27:49.0307 4348  VGPU - ok
22:27:49.0385 4348  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:27:49.0416 4348  vhdmp - ok
22:27:49.0447 4348  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:27:49.0463 4348  viaagp - ok
22:27:49.0478 4348  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
22:27:49.0510 4348  ViaC7 - ok
22:27:49.0541 4348  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
22:27:49.0556 4348  viaide - ok
22:27:49.0572 4348  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:27:49.0603 4348  vmbus - ok
22:27:49.0619 4348  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:27:49.0634 4348  VMBusHID - ok
22:27:49.0650 4348  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:27:49.0666 4348  volmgr - ok
22:27:49.0697 4348  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:27:49.0744 4348  volmgrx - ok
22:27:49.0759 4348  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:27:49.0775 4348  volsnap - ok
22:27:49.0806 4348  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:27:49.0822 4348  vsmraid - ok
22:27:49.0884 4348  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
22:27:49.0978 4348  VSS - ok
22:27:50.0009 4348  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:27:50.0040 4348  vwifibus - ok
22:27:50.0071 4348  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
22:27:50.0134 4348  W32Time - ok
22:27:50.0165 4348  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:27:50.0180 4348  WacomPen - ok
22:27:50.0227 4348  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:27:50.0274 4348  WANARP - ok
22:27:50.0290 4348  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:27:50.0321 4348  Wanarpv6 - ok
22:27:50.0383 4348  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
22:27:50.0430 4348  wbengine - ok
22:27:50.0492 4348  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:27:50.0539 4348  WbioSrvc - ok
22:27:50.0586 4348  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:27:50.0633 4348  wcncsvc - ok
22:27:50.0664 4348  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:27:50.0695 4348  WcsPlugInService - ok
22:27:50.0726 4348  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:27:50.0742 4348  Wd - ok
22:27:50.0773 4348  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:27:50.0789 4348  Wdf01000 - ok
22:27:50.0836 4348  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:27:50.0867 4348  WdiServiceHost - ok
22:27:50.0867 4348  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:27:50.0898 4348  WdiSystemHost - ok
22:27:50.0929 4348  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
22:27:50.0976 4348  WebClient - ok
22:27:50.0992 4348  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:27:51.0038 4348  Wecsvc - ok
22:27:51.0054 4348  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:27:51.0085 4348  wercplsupport - ok
22:27:51.0116 4348  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:27:51.0163 4348  WerSvc - ok
22:27:51.0210 4348  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:27:51.0257 4348  WfpLwf - ok
22:27:51.0272 4348  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:27:51.0288 4348  WIMMount - ok
22:27:51.0335 4348  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:27:51.0366 4348  winachsf - ok
22:27:51.0444 4348  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:27:51.0506 4348  WinDefend - ok
22:27:51.0506 4348  WinHttpAutoProxySvc - ok
22:27:51.0584 4348  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:27:51.0616 4348  Winmgmt - ok
22:27:51.0678 4348  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:27:51.0756 4348  WinRM - ok
22:27:51.0803 4348  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
22:27:51.0834 4348  WinUsb - ok
22:27:51.0896 4348  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:27:51.0959 4348  Wlansvc - ok
22:27:51.0990 4348  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:27:52.0037 4348  WmiAcpi - ok
22:27:52.0084 4348  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:27:52.0115 4348  wmiApSrv - ok
22:27:52.0224 4348  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:27:52.0271 4348  WMPNetworkSvc - ok
22:27:52.0302 4348  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:27:52.0318 4348  WPCSvc - ok
22:27:52.0364 4348  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:27:52.0396 4348  WPDBusEnum - ok
22:27:52.0427 4348  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:27:52.0505 4348  ws2ifsl - ok
22:27:52.0552 4348  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
22:27:52.0567 4348  wscsvc - ok
22:27:52.0567 4348  WSearch - ok
22:27:52.0661 4348  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:27:52.0739 4348  wuauserv - ok
22:27:52.0770 4348  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:27:52.0801 4348  WudfPf - ok
22:27:52.0864 4348  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:52.0926 4348  WUDFRd - ok
22:27:52.0973 4348  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:27:53.0020 4348  wudfsvc - ok
22:27:53.0051 4348  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:27:53.0098 4348  WwanSvc - ok
22:27:53.0129 4348  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
22:27:53.0160 4348  XAudio - ok
22:27:53.0191 4348  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
22:27:53.0222 4348  XAudioService - ok
22:27:53.0254 4348  ================ Scan global ===============================
22:27:53.0300 4348  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:27:53.0316 4348  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:27:53.0332 4348  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:27:53.0363 4348  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:27:53.0410 4348  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:27:53.0425 4348  [Global] - ok
22:27:53.0425 4348  ================ Scan MBR ==================================
22:27:53.0441 4348  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:53.0706 4348  \Device\Harddisk0\DR0 - ok
22:27:53.0706 4348  ================ Scan VBR ==================================
22:27:53.0722 4348  [ 580CA3902D5F4F13236AC3E3CA42D136 ] \Device\Harddisk0\DR0\Partition1
22:27:53.0722 4348  \Device\Harddisk0\DR0\Partition1 - ok
22:27:53.0722 4348  ============================================================
22:27:53.0722 4348  Scan finished
22:27:53.0722 4348  ============================================================
22:27:53.0737 4124  Detected object count: 0
22:27:53.0737 4124  Actual detected object count: 0
22:33:59.0545 3848  Deinitialize success
         

Alt 12.05.2013, 21:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Du hast das falsche Log von MBAR gepostet
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.05.2013, 22:16   #15
chaoshelge
 
TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Standard

TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.12.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
AJ :: TRASHER [administrator]

12/05/2013 21:11:56
mbar-log-2013-05-12 (21-11-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 25534
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Antwort

Themen zu TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)
avira, bilder, erkannt, escan, firefox, folge, folgende, folgenden, hallo zusammen, hänge, hängen, hängt, hängt sich auf, install.exe, msiinstaller, neue, neuen, nichts, reagiert, rechner, rechner hängt sich auf, richtig, setup, tr/crypt.epack.gen2, tr/dropper.gen, updates, zusammen



Ähnliche Themen: TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)


  1. Rechner vermutlich nicht sauber - crypt.epack.gen2
    Log-Analyse und Auswertung - 25.04.2013 (5)
  2. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (5)
  3. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (9)
  4. TR/Crypt.EPACK.Gen2 auf dem pc
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (7)
  5. Virenmeldungen TR/Crypt.Epack.Gen2
    Log-Analyse und Auswertung - 18.12.2012 (2)
  6. TR/Crypt.EPACK.Gen2 - Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (6)
  7. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (6)
  8. TR/Crypt.EPACK.Gen2
    Log-Analyse und Auswertung - 06.11.2012 (18)
  9. TR/Crypt.EPACK.Gen2 - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (2)
  10. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (5)
  11. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (18)
  12. TR/Crypt.EPACK.Gen2 gefunden!
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (13)
  13. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (17)
  14. Trojaner TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (34)
  15. TR/Crypt.EPACK.Gen2 auf meinem Rechner
    Log-Analyse und Auswertung - 09.04.2011 (3)
  16. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (10)
  17. TR/Crypt.EPACK.Gen2 auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (1)

Zum Thema TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) - Hallo Zusammen, zuallererst vielen Dank, dass es solch Forummöglichkeiten für Noobs wie mich gibt.... NACHDEM ich am 09.05 einen Routinescan mit Avira gemacht habe und diser Scan den TR/Dropper.Gen (Pic2) - TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox)...
Archiv
Du betrachtest: TR/Crypt.EPACK.Gen2 und TR/Dropper.Gen Rechner hängt sich auf (Firefox) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.