| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32/Small.CA-Virus lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.06.2013, 18:05
| #1 |
 |  Win32/Small.CA-Virus lässt sich nicht entfernen Hallo allerseits, Seit gut einer Woche taucht bei mir im Wartungscenter die Meldung "entfernen des Win32/Small.CA-Virus" auf, der Systemcheck durch Microsoft Security Essentials oder durch Malwarebytes zeigt aber keine Funde an. Seit dem ich diese Anzeige bekomme, habe ich beim Öffnen eines Dateiordners immer folgende Fehlermeldung "Microsoft Visual C++ Runtime Library - This application has requested the Runtime to terminate it in an unusual way". Die Dateien in dem Ordner lassen sich aber öffnen, löschen usw. Defogger hab ich ausgeführt - keine Fehlermeldung! hier der OTL.txt Code:
ATTFilter OTL logfile created on: 16.06.2013 18:22:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 8,91 Gb Available Physical Memory | 74,29% Memory free 23,99 Gb Paging File | 20,99 Gb Available in Paging File | 87,48% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 49,70 Gb Free Space | 44,46% Space Free | Partition Type: NTFS Drive D: | 931,41 Gb Total Space | 428,60 Gb Free Space | 46,02% Space Free | Partition Type: NTFS Drive F: | 100,00 Mb Total Space | 71,75 Mb Free Space | 71,75% Space Free | Partition Type: NTFS Computer Name: SA-PC | User Name: Sa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.16 15:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe PRC - [2013.05.24 14:38:46 | 002,952,096 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.05.12 20:20:36 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.27 18:25:30 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2012.07.13 15:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.09.02 10:57:52 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 19:02:42 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe MOD - [1998.10.31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll ========== Services (SafeList) ========== SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.24 11:51:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.27 18:25:30 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 41 A7 B3 60 4E CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.11 18:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sa\AppData\Roaming\mozilla\Extensions [2013.05.24 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 11:51:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe () O4 - Startup: C:\Users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8AF9D13-C41E-4118-BB70-7512C0AB5B39}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{42cbf241-ba50-11e2-822d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{42cbf241-ba50-11e2-822d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.16 15:55:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe [2013.06.12 20:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2013.06.12 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2013.06.12 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\Malwarebytes [2013.06.12 20:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.12 20:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.12 20:17:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.12 20:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.12 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.06.12 17:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.06.11 16:23:38 | 000,000,000 | --SD | C] -- C:\Users\Sa\Documents\Passwords Database [2013.06.06 20:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.06 20:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.06 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.06 20:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.05 23:18:32 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\thriXXX [2013.06.04 11:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician [2013.06.04 11:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician [2013.05.29 14:25:41 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\dvdcss [2013.05.28 12:15:31 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\vlc [2013.05.28 12:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.24 11:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.24 10:48:29 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Local\NVIDIA [2013.05.22 20:21:45 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\LumacDaemon [2013.05.22 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Local\Firstload [2013.05.22 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.05.21 19:58:48 | 000,000,000 | ---D | C] -- C:\Users\Sa\Cyberlink [2013.05.18 12:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server [2013.05.18 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Sa\fontconfig [2013.05.18 12:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server ========== Files - Modified Within 30 Days ========== [2013.06.16 18:13:20 | 000,000,000 | ---- | M] () -- C:\Users\Sa\defogger_reenable [2013.06.16 15:54:28 | 000,050,477 | ---- | M] () -- C:\Users\Sa\Desktop\Defogger.exe [2013.06.16 15:54:18 | 000,377,856 | ---- | M] () -- C:\Users\Sa\Desktop\gmer_2.1.19163.exe [2013.06.16 15:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe [2013.06.16 13:17:02 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 13:17:02 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 13:15:53 | 001,640,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.16 13:15:53 | 000,711,206 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.16 13:15:53 | 000,656,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.16 13:15:53 | 000,152,478 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.16 13:15:53 | 000,124,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.16 13:10:13 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini [2013.06.16 13:09:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.16 13:09:53 | 1072,295,934 | -HS- | M] () -- C:\hiberfil.sys [2013.06.12 20:17:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.12 17:13:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.06.12 17:08:37 | 001,617,670 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.12 15:30:38 | 000,543,333 | ---- | M] () -- C:\Users\Sa\Desktop\gutschein.pdf [2013.06.06 20:09:32 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.04 11:10:26 | 000,001,193 | ---- | M] () -- C:\Users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2013.06.04 11:10:26 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Magician.lnk [2013.05.28 12:15:27 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.24 10:46:52 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.05.21 20:13:16 | 000,003,584 | ---- | M] () -- C:\Users\Sa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.18 12:44:40 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk ========== Files Created - No Company Name ========== [2013.06.16 18:13:20 | 000,000,000 | ---- | C] () -- C:\Users\Sa\defogger_reenable [2013.06.16 15:54:55 | 000,377,856 | ---- | C] () -- C:\Users\Sa\Desktop\gmer_2.1.19163.exe [2013.06.16 15:54:46 | 000,050,477 | ---- | C] () -- C:\Users\Sa\Desktop\Defogger.exe [2013.06.12 20:48:37 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2013.06.12 20:48:37 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013.06.12 20:48:36 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2013.06.12 20:48:36 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2013.06.12 20:17:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.12 17:13:17 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.06.12 17:13:11 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.06.12 15:30:38 | 000,543,333 | ---- | C] () -- C:\Users\Sa\Desktop\gutschein.pdf [2013.06.06 20:09:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.28 12:15:27 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.24 10:46:52 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.05.24 10:44:30 | 001,617,670 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.21 20:13:16 | 000,003,584 | ---- | C] () -- C:\Users\Sa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.18 12:44:40 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2013.05.13 13:39:42 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.05.13 13:39:42 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.05.12 20:19:47 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini [2013.05.11 17:43:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.05.11 17:43:52 | 000,029,940 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\DVDVideoSoft [2013.05.24 12:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\LumacDaemon [2013.06.05 23:18:32 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\thriXXX [2013.06.13 01:14:25 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.06.2013 18:22:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
12,00 Gb Total Physical Memory | 8,91 Gb Available Physical Memory | 74,29% Memory free
23,99 Gb Paging File | 20,99 Gb Available in Paging File | 87,48% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 49,70 Gb Free Space | 44,46% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 428,60 Gb Free Space | 46,02% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 71,75 Mb Free Space | 71,75% Space Free | Partition Type: NTFS
Computer Name: SA-PC | User Name: Sa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E28B841-BA6A-4BC3-BDFE-3E4485156073}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11930A03-69DF-428E-A238-50A59C023157}" = rport=139 | protocol=6 | dir=out | app=system |
"{15F2F110-E56B-4A3E-8155-58D5619E4E6F}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E1B2672-3BB5-4405-9892-3BF85B498897}" = rport=445 | protocol=6 | dir=out | app=system |
"{35573A32-4AD3-4DE2-B651-2B070BC90CAE}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E960E62-2448-42DA-A95D-B05184BDB6D8}" = lport=139 | protocol=6 | dir=in | app=system |
"{4ECEE9A0-3AEF-46D0-946C-2CBD4FECAD43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BD3B459-49A3-42F6-AB7C-F847247324A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{760E81A5-E2FB-4692-9BB6-783106F712DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83C532A2-FBC3-4234-957C-77E282750E46}" = lport=138 | protocol=17 | dir=in | app=system |
"{96D56981-EDE9-4D83-92C5-AD63FA367673}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98056B07-611C-4D59-BB00-75474D9772CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEA0BFE6-E4C8-44B9-A05F-95B58C085008}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5405498-C952-47F5-8D12-2DF24181A283}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C60F4CBF-276F-45FD-82A0-BB167901299F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D33C4D15-1304-4A33-828A-8718F35435DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA759D40-FB66-40D1-AA12-0A2417AFB940}" = rport=138 | protocol=17 | dir=out | app=system |
"{E22C2D04-5A4A-498C-A50B-B0C14594A748}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E307FBD2-0E13-497C-9BC2-0531D66AEBDB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E761BF2E-35B6-43F5-BDA1-5161D3C3DC92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC828601-B40B-4E6C-991E-12347B4529AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001FB124-E161-436E-910A-46AA5F9FE74A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{0390AF47-CA63-47AB-AEA5-627D0F3C0229}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CA3FC4B-4264-478F-A359-D8A0A1730025}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{1F6668D0-BFF6-4F80-8023-65C5F682A4EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2271D2BE-FB41-4493-9206-18C7B00B4450}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23388D77-30A3-494E-A41F-3503F400B7CE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{284DABA4-FC64-4C07-B14B-8CDF60CDBA9E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37C9954B-B30F-4EF7-AAF4-B42702F413ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{3D939B98-82B0-45CF-B325-B0EB612F192A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3FE0E7E7-3513-4FE9-8280-7553C0BB55E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40F363C0-2BD3-434D-9D7F-B41F6C8CA712}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42F373F0-4B3E-4945-874B-8C3654DDA42B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{45321AD9-91D0-420D-B3D2-D48FC55C32B0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4E4A358C-902C-4AFF-A5AF-B596B2776CC9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5171411A-DF8D-4B3B-BECF-FC62A5C090BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D1BD0FB-7D52-4A0A-832D-2FD0CBAF46DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63A7AB44-AE0E-48EE-943D-BE8C81AE7783}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6714BE23-EB81-49F6-8339-0ECB4CD074F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{6F8D1998-EFE1-4E5D-B353-D8ED7523877B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{75969557-A423-409D-889F-477797AB7066}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7693B766-F14C-48E1-B117-B6B5F36BD109}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7EED0794-A6C8-45EA-98C5-97C9ACB09414}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8528102D-0096-4805-9AD7-19399FE29D37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DABF8CC-9A92-498B-8220-4F85C16BFCEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A8DC16F-4A85-42A2-9F99-33C365B2B18F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{B50B52A2-F640-4E17-8524-8128FD9D3F25}" = protocol=58 | dir=in | app=system |
"{B8668B11-83DB-4063-A497-DEBE6349B062}" = protocol=6 | dir=out | app=system |
"{BBA13239-5ED8-4012-9D34-DAF543268EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4EB371F-E0A2-4FE6-B66E-5FE87F023F87}" = protocol=17 | dir=in | app=c:\users\sa\appdata\roaming\utorrent\utorrent.exe |
"{C8A92FA0-DF5B-4980-A739-21471D6BAC64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{CC35C617-8816-412A-9D33-23E316A5F885}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D28F4543-63D8-4AFF-A24F-1A4381D37966}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5EF30B0-CA6F-4F7B-AAB4-D11DB37C93E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D67C7E13-8008-4182-AC9C-AD89AB8D072E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E09DBB47-C441-43A0-B4A7-8E32024BCE6C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E980F2CF-4A65-4D58-83B6-A07E57FEA2F8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB7874D5-5DE8-43BF-9018-A2754275A67E}" = protocol=17 | dir=in | app=d:\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{F63C81A0-314B-4064-8665-3EE8E723FDC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6AB5FCC-8550-4759-87E5-D927C36B0143}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCFFA76C-8846-4900-8754-D83E72A9CDC3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{FD7BDCF6-124C-4165-8E33-AD9A21E8741A}" = protocol=6 | dir=in | app=c:\users\sa\appdata\roaming\utorrent\utorrent.exe |
"{FF81E413-8375-4A49-8730-F84D08AF899C}" = protocol=6 | dir=in | app=d:\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"TCP Query User{16B7CB05-F195-4DC7-A912-0500FF5CFAB2}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{539161E7-E485-4991-84EA-48366099F33A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F9FD3094-87A9-4F45-AE0A-A8E20A7804C7}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe |
"UDP Query User{B770F0AD-90C0-4820-97BE-7F3A1C47DC50}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{D481FCDF-C238-4CB3-AA29-5E19E84887DA}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe |
"UDP Query User{EB25654D-A27B-4E20-9013-F2A3FBB83D02}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = LG CyberLink BD Advisor
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.85
"EA Installer.-1188349928" = EA Installer
"Free Video Dub_is1" = Free Video Dub version 2.0.18.430
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = EXPERTool 7.13
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PS3 Media Server" = PS3 Media Server
"uTorrent" = µTorrent
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.06.2013 05:50:41 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0x96c Startzeit der fehlerhaften Anwendung: 0x01ce69adbff89827
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
09b41333-d5a1-11e2-a4cd-bcaec53688ce
Error - 15.06.2013 05:59:39 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0x1358 Startzeit der fehlerhaften Anwendung: 0x01ce69adcdae9f2c
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
4a670a22-d5a2-11e2-a4cd-bcaec53688ce
Error - 15.06.2013 05:59:43 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0x5d4 Startzeit der fehlerhaften Anwendung: 0x01ce69af0d8feb29
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
4c964e63-d5a2-11e2-a4cd-bcaec53688ce
Error - 15.06.2013 06:06:57 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0x368 Startzeit der fehlerhaften Anwendung: 0x01ce69b009a09a74
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
4f7815fa-d5a3-11e2-a4cd-bcaec53688ce
Error - 15.06.2013 07:18:59 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0x418 Startzeit der fehlerhaften Anwendung: 0x01ce69ba1e9419ac
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
5f950fab-d5ad-11e2-a4cd-bcaec53688ce
Error - 15.06.2013 17:54:45 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0x158 Startzeit der fehlerhaften Anwendung: 0x01ce6a12ee6721dd
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
305f31d0-d606-11e2-a99b-bcaec53688ce
Error - 15.06.2013 18:17:53 | Computer Name = Sa-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 21.0.0.4879 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1200 Startzeit:
01ce6a10a35921b2 Endzeit: 61 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
691b1cf9-d609-11e2-a99b-bcaec53688ce
Error - 15.06.2013 18:20:38 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0x168 Startzeit der fehlerhaften Anwendung: 0x01ce6a12f4c7ea86
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
ce025d13-d609-11e2-a99b-bcaec53688ce
Error - 15.06.2013 19:07:28 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0x514 Startzeit der fehlerhaften Anwendung: 0x01ce6a1c7258795c
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
58eb2d51-d610-11e2-a99b-bcaec53688ce
Error - 16.06.2013 10:04:40 | Computer Name = Sa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: avformat-ics-54.dll, Version:
0.0.0.0, Zeitstempel: 0x51377157 Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000000cadf
ID
des fehlerhaften Prozesses: 0xb38 Startzeit der fehlerhaften Anwendung: 0x01ce6a9913949678
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Program Files\K-Lite Codec Pack x64\Icaros\avformat-ics-54.dll Berichtskennung:
af84771d-d68d-11e2-96bc-bcaec53688ce
[ System Events ]
Error - 13.06.2013 17:36:47 | Computer Name = Sa-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 13.06.2013 20:04:23 | Computer Name = Sa-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 13.06.2013 20:25:26 | Computer Name = Sa-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 14.06.2013 13:57:27 | Computer Name = Sa-PC | Source = bowser | ID = 8003
Description =
Error - 14.06.2013 15:01:46 | Computer Name = Sa-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 14.06.2013 15:09:24 | Computer Name = Sa-PC | Source = bowser | ID = 8003
Description =
Error - 15.06.2013 05:32:01 | Computer Name = Sa-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 16.06.2013 06:51:29 | Computer Name = Sa-PC | Source = bowser | ID = 8003
Description =
Error - 16.06.2013 07:02:58 | Computer Name = Sa-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 16.06.2013 07:15:31 | Computer Name = Sa-PC | Source = bowser | ID = 8003
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-16 18:46:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000004f Samsung_ rev.DXT0 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Sa\AppData\Local\Temp\pxldypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003003000 8 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576 fffff80003003010 29 bytes [43, 07, 50, 01, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Vielen Dank schon jetzt für die Hilfe! Sa |
|
16.06.2013, 18:06
| #2 |
| /// Malware-holic   | Win32/Small.CA-Virus lässt sich nicht entfernen Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
16.06.2013, 18:19
| #3 |
| | Win32/Small.CA-Virus lässt sich nicht entfernen Hallo Markus
__________________hier das Ergebnis Code:
ATTFilter 19:17:34.0691 4624 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:17:34.0909 4624 ============================================================
19:17:34.0909 4624 Current date / time: 2013/06/16 19:17:34.0909
19:17:34.0909 4624 SystemInfo:
19:17:34.0909 4624
19:17:34.0909 4624 OS Version: 6.1.7601 ServicePack: 1.0
19:17:34.0909 4624 Product type: Workstation
19:17:34.0909 4624 ComputerName: SA-PC
19:17:34.0909 4624 UserName: Sa
19:17:34.0909 4624 Windows directory: C:\Windows
19:17:34.0909 4624 System windows directory: C:\Windows
19:17:34.0909 4624 Running under WOW64
19:17:34.0909 4624 Processor architecture: Intel x64
19:17:34.0909 4624 Number of processors: 4
19:17:34.0909 4624 Page size: 0x1000
19:17:34.0909 4624 Boot type: Normal boot
19:17:34.0909 4624 ============================================================
19:17:35.0720 4624 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:35.0736 4624 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:35.0814 4624 ============================================================
19:17:35.0814 4624 \Device\Harddisk0\DR0:
19:17:35.0814 4624 MBR partitions:
19:17:35.0814 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:17:35.0814 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:17:35.0814 4624 \Device\Harddisk1\DR1:
19:17:35.0814 4624 MBR partitions:
19:17:35.0814 4624 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
19:17:35.0814 4624 ============================================================
19:17:35.0814 4624 C: <-> \Device\Harddisk1\DR1\Partition1
19:17:35.0892 4624 D: <-> \Device\Harddisk0\DR0\Partition2
19:17:35.0907 4624 F: <-> \Device\Harddisk0\DR0\Partition1
19:17:35.0907 4624 ============================================================
19:17:35.0907 4624 Initialize success
19:17:35.0907 4624 ============================================================
19:17:43.0255 2152 ============================================================
19:17:43.0255 2152 Scan started
19:17:43.0255 2152 Mode: Manual; SigCheck; TDLFS;
19:17:43.0255 2152 ============================================================
19:17:44.0019 2152 ================ Scan system memory ========================
19:17:44.0019 2152 System memory - ok
19:17:44.0019 2152 ================ Scan services =============================
19:17:44.0051 2152 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:17:44.0082 2152 1394ohci - ok
19:17:44.0082 2152 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:17:44.0097 2152 ACPI - ok
19:17:44.0097 2152 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:17:44.0113 2152 AcpiPmi - ok
19:17:44.0113 2152 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:17:44.0129 2152 AdobeARMservice - ok
19:17:44.0129 2152 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:17:44.0144 2152 adp94xx - ok
19:17:44.0144 2152 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:17:44.0160 2152 adpahci - ok
19:17:44.0160 2152 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:17:44.0175 2152 adpu320 - ok
19:17:44.0175 2152 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:17:44.0207 2152 AeLookupSvc - ok
19:17:44.0207 2152 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:17:44.0222 2152 AFD - ok
19:17:44.0222 2152 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:17:44.0238 2152 agp440 - ok
19:17:44.0238 2152 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:17:44.0238 2152 ALG - ok
19:17:44.0253 2152 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:17:44.0253 2152 aliide - ok
19:17:44.0253 2152 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:17:44.0269 2152 amdide - ok
19:17:44.0269 2152 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:17:44.0285 2152 AmdK8 - ok
19:17:44.0285 2152 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:17:44.0285 2152 AmdPPM - ok
19:17:44.0285 2152 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:17:44.0300 2152 amdsata - ok
19:17:44.0300 2152 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:17:44.0316 2152 amdsbs - ok
19:17:44.0316 2152 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:17:44.0331 2152 amdxata - ok
19:17:44.0331 2152 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:17:44.0347 2152 AppID - ok
19:17:44.0347 2152 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:17:44.0378 2152 AppIDSvc - ok
19:17:44.0378 2152 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:17:44.0394 2152 Appinfo - ok
19:17:44.0394 2152 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:44.0394 2152 Apple Mobile Device - ok
19:17:44.0409 2152 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:17:44.0409 2152 arc - ok
19:17:44.0409 2152 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:17:44.0425 2152 arcsas - ok
19:17:44.0441 2152 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
19:17:44.0441 2152 AsIO - ok
19:17:44.0456 2152 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:17:44.0472 2152 aspnet_state - ok
19:17:44.0472 2152 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:44.0487 2152 AsyncMac - ok
19:17:44.0503 2152 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:17:44.0503 2152 atapi - ok
19:17:44.0503 2152 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:17:44.0519 2152 AtiPcie - ok
19:17:44.0519 2152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:17:44.0550 2152 AudioEndpointBuilder - ok
19:17:44.0550 2152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:17:44.0581 2152 AudioSrv - ok
19:17:44.0581 2152 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:17:44.0597 2152 AxInstSV - ok
19:17:44.0597 2152 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:17:44.0612 2152 b06bdrv - ok
19:17:44.0628 2152 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:17:44.0628 2152 b57nd60a - ok
19:17:44.0628 2152 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:17:44.0643 2152 BDESVC - ok
19:17:44.0643 2152 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:17:44.0675 2152 Beep - ok
19:17:44.0675 2152 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:17:44.0706 2152 BFE - ok
19:17:44.0721 2152 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:17:44.0753 2152 BITS - ok
19:17:44.0753 2152 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:17:44.0753 2152 blbdrive - ok
19:17:44.0768 2152 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:17:44.0768 2152 Bonjour Service - ok
19:17:44.0784 2152 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:17:44.0784 2152 bowser - ok
19:17:44.0784 2152 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:17:44.0799 2152 BrFiltLo - ok
19:17:44.0799 2152 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:17:44.0815 2152 BrFiltUp - ok
19:17:44.0815 2152 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:17:44.0815 2152 Browser - ok
19:17:44.0831 2152 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:17:44.0831 2152 Brserid - ok
19:17:44.0846 2152 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:17:44.0846 2152 BrSerWdm - ok
19:17:44.0846 2152 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:17:44.0862 2152 BrUsbMdm - ok
19:17:44.0862 2152 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:17:44.0877 2152 BrUsbSer - ok
19:17:44.0877 2152 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:17:44.0893 2152 BTHMODEM - ok
19:17:44.0893 2152 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:17:44.0909 2152 bthserv - ok
19:17:44.0924 2152 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:17:44.0940 2152 cdfs - ok
19:17:44.0940 2152 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:17:44.0955 2152 cdrom - ok
19:17:44.0955 2152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:17:44.0987 2152 CertPropSvc - ok
19:17:44.0987 2152 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:17:45.0002 2152 circlass - ok
19:17:45.0002 2152 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:17:45.0018 2152 CLFS - ok
19:17:45.0018 2152 [ D7F297C77695BAF282FAB653ADF80828 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
19:17:45.0033 2152 CLKMSVC10_38F51D56 - ok
19:17:45.0033 2152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:45.0033 2152 clr_optimization_v2.0.50727_32 - ok
19:17:45.0049 2152 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:17:45.0049 2152 clr_optimization_v2.0.50727_64 - ok
19:17:45.0065 2152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:17:45.0065 2152 clr_optimization_v4.0.30319_32 - ok
19:17:45.0065 2152 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:17:45.0080 2152 clr_optimization_v4.0.30319_64 - ok
19:17:45.0080 2152 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:17:45.0096 2152 CmBatt - ok
19:17:45.0096 2152 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:17:45.0096 2152 cmdide - ok
19:17:45.0111 2152 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:17:45.0127 2152 CNG - ok
19:17:45.0127 2152 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:17:45.0127 2152 Compbatt - ok
19:17:45.0143 2152 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:17:45.0143 2152 CompositeBus - ok
19:17:45.0143 2152 COMSysApp - ok
19:17:45.0158 2152 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:17:45.0158 2152 crcdisk - ok
19:17:45.0158 2152 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:17:45.0174 2152 CryptSvc - ok
19:17:45.0189 2152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:17:45.0205 2152 DcomLaunch - ok
19:17:45.0221 2152 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:17:45.0252 2152 defragsvc - ok
19:17:45.0267 2152 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:17:45.0283 2152 DfsC - ok
19:17:45.0283 2152 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:17:45.0299 2152 Dhcp - ok
19:17:45.0299 2152 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:17:45.0330 2152 discache - ok
19:17:45.0330 2152 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:17:45.0330 2152 Disk - ok
19:17:45.0345 2152 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:17:45.0345 2152 Dnscache - ok
19:17:45.0361 2152 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:17:45.0377 2152 dot3svc - ok
19:17:45.0392 2152 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:17:45.0408 2152 DPS - ok
19:17:45.0408 2152 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:17:45.0423 2152 drmkaud - ok
19:17:45.0423 2152 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:17:45.0455 2152 DXGKrnl - ok
19:17:45.0455 2152 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:17:45.0486 2152 EapHost - ok
19:17:45.0501 2152 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:17:45.0533 2152 ebdrv - ok
19:17:45.0548 2152 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:17:45.0548 2152 EFS - ok
19:17:45.0564 2152 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:17:45.0579 2152 ehRecvr - ok
19:17:45.0579 2152 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:17:45.0579 2152 ehSched - ok
19:17:45.0595 2152 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:17:45.0611 2152 elxstor - ok
19:17:45.0611 2152 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:17:45.0611 2152 ErrDev - ok
19:17:45.0626 2152 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:17:45.0657 2152 EventSystem - ok
19:17:45.0657 2152 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:17:45.0689 2152 exfat - ok
19:17:45.0689 2152 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:17:45.0704 2152 fastfat - ok
19:17:45.0720 2152 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:17:45.0735 2152 Fax - ok
19:17:45.0735 2152 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:17:45.0751 2152 fdc - ok
19:17:45.0751 2152 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:17:45.0767 2152 fdPHost - ok
19:17:45.0767 2152 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:17:45.0798 2152 FDResPub - ok
19:17:45.0798 2152 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:17:45.0813 2152 FileInfo - ok
19:17:45.0813 2152 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:17:45.0829 2152 Filetrace - ok
19:17:45.0845 2152 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:17:45.0845 2152 flpydisk - ok
19:17:45.0845 2152 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:17:45.0860 2152 FltMgr - ok
19:17:45.0876 2152 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:17:45.0891 2152 FontCache - ok
19:17:45.0891 2152 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:17:45.0907 2152 FontCache3.0.0.0 - ok
19:17:45.0907 2152 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:17:45.0907 2152 FsDepends - ok
19:17:45.0923 2152 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:17:45.0923 2152 Fs_Rec - ok
19:17:45.0923 2152 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:17:45.0938 2152 fvevol - ok
19:17:45.0938 2152 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:17:45.0954 2152 gagp30kx - ok
19:17:45.0954 2152 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:17:45.0954 2152 GEARAspiWDM - ok
19:17:45.0969 2152 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:17:46.0001 2152 gpsvc - ok
19:17:46.0001 2152 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:17:46.0001 2152 hcw85cir - ok
19:17:46.0016 2152 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:17:46.0032 2152 HdAudAddService - ok
19:17:46.0032 2152 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:17:46.0047 2152 HDAudBus - ok
19:17:46.0047 2152 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:17:46.0047 2152 HidBatt - ok
19:17:46.0047 2152 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:17:46.0063 2152 HidBth - ok
19:17:46.0063 2152 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:17:46.0079 2152 HidIr - ok
19:17:46.0079 2152 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:17:46.0110 2152 hidserv - ok
19:17:46.0110 2152 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:17:46.0110 2152 HidUsb - ok
19:17:46.0125 2152 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:17:46.0141 2152 hkmsvc - ok
19:17:46.0141 2152 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:17:46.0157 2152 HomeGroupListener - ok
19:17:46.0157 2152 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:17:46.0172 2152 HomeGroupProvider - ok
19:17:46.0172 2152 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:17:46.0188 2152 HpSAMD - ok
19:17:46.0188 2152 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:17:46.0219 2152 HTTP - ok
19:17:46.0219 2152 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:17:46.0235 2152 hwpolicy - ok
19:17:46.0235 2152 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:17:46.0235 2152 i8042prt - ok
19:17:46.0250 2152 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:17:46.0250 2152 iaStorV - ok
19:17:46.0266 2152 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:17:46.0281 2152 idsvc - ok
19:17:46.0281 2152 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:17:46.0297 2152 iirsp - ok
19:17:46.0297 2152 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:17:46.0328 2152 IKEEXT - ok
19:17:46.0344 2152 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:17:46.0344 2152 intelide - ok
19:17:46.0344 2152 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:17:46.0359 2152 intelppm - ok
19:17:46.0359 2152 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:17:46.0391 2152 IPBusEnum - ok
19:17:46.0391 2152 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:46.0406 2152 IpFilterDriver - ok
19:17:46.0422 2152 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:17:46.0437 2152 iphlpsvc - ok
19:17:46.0437 2152 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:17:46.0437 2152 IPMIDRV - ok
19:17:46.0437 2152 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:17:46.0469 2152 IPNAT - ok
19:17:46.0469 2152 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:17:46.0484 2152 iPod Service - ok
19:17:46.0500 2152 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:17:46.0500 2152 IRENUM - ok
19:17:46.0500 2152 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:17:46.0515 2152 isapnp - ok
19:17:46.0515 2152 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:17:46.0531 2152 iScsiPrt - ok
19:17:46.0531 2152 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:17:46.0547 2152 kbdclass - ok
19:17:46.0547 2152 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:17:46.0547 2152 kbdhid - ok
19:17:46.0547 2152 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:17:46.0562 2152 KeyIso - ok
19:17:46.0562 2152 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:17:46.0578 2152 KSecDD - ok
19:17:46.0578 2152 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:17:46.0593 2152 KSecPkg - ok
19:17:46.0593 2152 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:17:46.0609 2152 ksthunk - ok
19:17:46.0625 2152 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:17:46.0640 2152 KtmRm - ok
19:17:46.0656 2152 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:17:46.0671 2152 LanmanServer - ok
19:17:46.0671 2152 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:17:46.0703 2152 LanmanWorkstation - ok
19:17:46.0703 2152 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:17:46.0749 2152 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:17:46.0749 2152 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:17:46.0749 2152 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:17:46.0781 2152 lltdio - ok
19:17:46.0781 2152 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:17:46.0812 2152 lltdsvc - ok
19:17:46.0812 2152 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:17:46.0843 2152 lmhosts - ok
19:17:46.0843 2152 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:17:46.0843 2152 LSI_FC - ok
19:17:46.0859 2152 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:17:46.0859 2152 LSI_SAS - ok
19:17:46.0859 2152 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:17:46.0874 2152 LSI_SAS2 - ok
19:17:46.0874 2152 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:17:46.0890 2152 LSI_SCSI - ok
19:17:46.0890 2152 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:17:46.0905 2152 luafv - ok
19:17:46.0921 2152 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:17:46.0921 2152 Mcx2Svc - ok
19:17:46.0921 2152 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:17:46.0937 2152 megasas - ok
19:17:46.0937 2152 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:17:46.0952 2152 MegaSR - ok
19:17:46.0952 2152 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:17:46.0983 2152 MMCSS - ok
19:17:46.0983 2152 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:17:46.0999 2152 Modem - ok
19:17:47.0015 2152 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:17:47.0015 2152 monitor - ok
19:17:47.0015 2152 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:17:47.0030 2152 mouclass - ok
19:17:47.0030 2152 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:17:47.0046 2152 mouhid - ok
19:17:47.0046 2152 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:17:47.0046 2152 mountmgr - ok
19:17:47.0061 2152 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:17:47.0061 2152 MozillaMaintenance - ok
19:17:47.0061 2152 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:17:47.0077 2152 MpFilter - ok
19:17:47.0093 2152 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:17:47.0093 2152 mpio - ok
19:17:47.0093 2152 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:17:47.0124 2152 mpsdrv - ok
19:17:47.0124 2152 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:17:47.0155 2152 MpsSvc - ok
19:17:47.0171 2152 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:17:47.0171 2152 MRxDAV - ok
19:17:47.0186 2152 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:47.0186 2152 mrxsmb - ok
19:17:47.0186 2152 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:47.0202 2152 mrxsmb10 - ok
19:17:47.0202 2152 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:47.0217 2152 mrxsmb20 - ok
19:17:47.0217 2152 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:17:47.0217 2152 msahci - ok
19:17:47.0233 2152 [ 41FB1D61DF09C36CCAB0B04EEC66F6D5 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
19:17:47.0233 2152 MSCamSvc - ok
19:17:47.0249 2152 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:17:47.0249 2152 msdsm - ok
19:17:47.0249 2152 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:17:47.0264 2152 MSDTC - ok
19:17:47.0264 2152 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:17:47.0295 2152 Msfs - ok
19:17:47.0295 2152 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:17:47.0311 2152 mshidkmdf - ok
19:17:47.0327 2152 [ BB590070D606AE6F008341FC9A7B2AD7 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
19:17:47.0327 2152 MSHUSBVideo - ok
19:17:47.0327 2152 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:17:47.0342 2152 msisadrv - ok
19:17:47.0342 2152 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:17:47.0373 2152 MSiSCSI - ok
19:17:47.0373 2152 msiserver - ok
19:17:47.0373 2152 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:17:47.0405 2152 MSKSSRV - ok
19:17:47.0405 2152 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:17:47.0405 2152 MsMpSvc - ok
19:17:47.0405 2152 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:47.0436 2152 MSPCLOCK - ok
19:17:47.0436 2152 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:17:47.0467 2152 MSPQM - ok
19:17:47.0467 2152 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:17:47.0483 2152 MsRPC - ok
19:17:47.0483 2152 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:17:47.0498 2152 mssmbios - ok
19:17:47.0498 2152 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:17:47.0514 2152 MSTEE - ok
19:17:47.0514 2152 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:17:47.0529 2152 MTConfig - ok
19:17:47.0529 2152 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:17:47.0545 2152 MTsensor - ok
19:17:47.0545 2152 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:17:47.0545 2152 Mup - ok
19:17:47.0561 2152 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:17:47.0576 2152 napagent - ok
19:17:47.0592 2152 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:17:47.0607 2152 NativeWifiP - ok
19:17:47.0607 2152 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:17:47.0623 2152 NDIS - ok
19:17:47.0639 2152 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:17:47.0654 2152 NdisCap - ok
19:17:47.0654 2152 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:47.0685 2152 NdisTapi - ok
19:17:47.0685 2152 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:47.0701 2152 Ndisuio - ok
19:17:47.0717 2152 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:47.0732 2152 NdisWan - ok
19:17:47.0732 2152 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:17:47.0763 2152 NDProxy - ok
19:17:47.0763 2152 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:17:47.0795 2152 NetBIOS - ok
19:17:47.0795 2152 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:17:47.0826 2152 NetBT - ok
19:17:47.0826 2152 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:17:47.0826 2152 Netlogon - ok
19:17:47.0841 2152 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:17:47.0857 2152 Netman - ok
19:17:47.0873 2152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:47.0873 2152 NetMsmqActivator - ok
19:17:47.0873 2152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:47.0888 2152 NetPipeActivator - ok
19:17:47.0888 2152 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:17:47.0919 2152 netprofm - ok
19:17:47.0919 2152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:47.0935 2152 NetTcpActivator - ok
19:17:47.0935 2152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:47.0935 2152 NetTcpPortSharing - ok
19:17:47.0935 2152 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:17:47.0951 2152 nfrd960 - ok
19:17:47.0951 2152 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:17:47.0966 2152 NisDrv - ok
19:17:47.0966 2152 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:17:47.0982 2152 NisSrv - ok
19:17:47.0982 2152 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:17:47.0997 2152 NlaSvc - ok
19:17:47.0997 2152 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:17:48.0029 2152 Npfs - ok
19:17:48.0029 2152 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:17:48.0044 2152 nsi - ok
19:17:48.0060 2152 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:17:48.0075 2152 nsiproxy - ok
19:17:48.0091 2152 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:17:48.0122 2152 Ntfs - ok
19:17:48.0122 2152 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:17:48.0153 2152 Null - ok
19:17:48.0153 2152 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:17:48.0169 2152 nusb3hub - ok
19:17:48.0169 2152 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:17:48.0185 2152 nusb3xhc - ok
19:17:48.0200 2152 [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:17:48.0200 2152 NVHDA - ok
19:17:48.0278 2152 [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:17:48.0419 2152 nvlddmkm - ok
19:17:48.0419 2152 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:17:48.0434 2152 nvraid - ok
19:17:48.0434 2152 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:17:48.0450 2152 nvstor - ok
19:17:48.0450 2152 [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:17:48.0481 2152 nvsvc - ok
19:17:48.0497 2152 [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:17:48.0528 2152 nvUpdatusService - ok
19:17:48.0528 2152 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:17:48.0528 2152 nv_agp - ok
19:17:48.0543 2152 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:17:48.0543 2152 ohci1394 - ok
19:17:48.0543 2152 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:17:48.0559 2152 ose - ok
19:17:48.0590 2152 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:17:48.0653 2152 osppsvc - ok
19:17:48.0668 2152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:17:48.0668 2152 p2pimsvc - ok
19:17:48.0684 2152 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:17:48.0699 2152 p2psvc - ok
19:17:48.0699 2152 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:17:48.0699 2152 Parport - ok
19:17:48.0715 2152 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:17:48.0715 2152 partmgr - ok
19:17:48.0715 2152 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:17:48.0731 2152 PcaSvc - ok
19:17:48.0731 2152 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:17:48.0746 2152 pci - ok
19:17:48.0746 2152 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:17:48.0762 2152 pciide - ok
19:17:48.0762 2152 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:17:48.0777 2152 pcmcia - ok
19:17:48.0777 2152 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:17:48.0793 2152 pcw - ok
19:17:48.0793 2152 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:17:48.0824 2152 PEAUTH - ok
19:17:48.0840 2152 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:17:48.0855 2152 PerfHost - ok
19:17:48.0871 2152 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:17:48.0902 2152 pla - ok
19:17:48.0918 2152 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:17:48.0918 2152 PlugPlay - ok
19:17:48.0933 2152 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:17:48.0933 2152 PNRPAutoReg - ok
19:17:48.0933 2152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:17:48.0949 2152 PNRPsvc - ok
19:17:48.0949 2152 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:17:48.0980 2152 PolicyAgent - ok
19:17:48.0996 2152 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:17:49.0011 2152 Power - ok
19:17:49.0011 2152 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:17:49.0043 2152 PptpMiniport - ok
19:17:49.0043 2152 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:17:49.0058 2152 Processor - ok
19:17:49.0058 2152 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:17:49.0074 2152 ProfSvc - ok
19:17:49.0074 2152 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:17:49.0074 2152 ProtectedStorage - ok
19:17:49.0074 2152 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:17:49.0105 2152 Psched - ok
19:17:49.0121 2152 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:17:49.0136 2152 ql2300 - ok
19:17:49.0152 2152 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:17:49.0152 2152 ql40xx - ok
19:17:49.0167 2152 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:17:49.0167 2152 QWAVE - ok
19:17:49.0183 2152 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:17:49.0183 2152 QWAVEdrv - ok
19:17:49.0183 2152 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:17:49.0214 2152 RasAcd - ok
19:17:49.0214 2152 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:17:49.0245 2152 RasAgileVpn - ok
19:17:49.0245 2152 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:17:49.0261 2152 RasAuto - ok
19:17:49.0277 2152 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:49.0292 2152 Rasl2tp - ok
19:17:49.0308 2152 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:17:49.0323 2152 RasMan - ok
19:17:49.0323 2152 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:49.0355 2152 RasPppoe - ok
19:17:49.0355 2152 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:17:49.0386 2152 RasSstp - ok
19:17:49.0386 2152 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:17:49.0417 2152 rdbss - ok
19:17:49.0417 2152 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:17:49.0433 2152 rdpbus - ok
19:17:49.0433 2152 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:49.0448 2152 RDPCDD - ok
19:17:49.0448 2152 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:17:49.0479 2152 RDPENCDD - ok
19:17:49.0479 2152 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:17:49.0511 2152 RDPREFMP - ok
19:17:49.0511 2152 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:17:49.0511 2152 RdpVideoMiniport - ok
19:17:49.0526 2152 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:17:49.0526 2152 RDPWD - ok
19:17:49.0542 2152 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:17:49.0542 2152 rdyboost - ok
19:17:49.0557 2152 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:17:49.0573 2152 RemoteAccess - ok
19:17:49.0573 2152 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:17:49.0604 2152 RemoteRegistry - ok
19:17:49.0604 2152 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:17:49.0651 2152 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:17:49.0651 2152 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:17:49.0651 2152 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:17:49.0667 2152 RpcEptMapper - ok
19:17:49.0682 2152 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:17:49.0682 2152 RpcLocator - ok
19:17:49.0698 2152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:17:49.0713 2152 RpcSs - ok
19:17:49.0713 2152 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:17:49.0745 2152 rspndr - ok
19:17:49.0745 2152 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:17:49.0760 2152 RTL8167 - ok
19:17:49.0776 2152 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:17:49.0776 2152 SamSs - ok
19:17:49.0776 2152 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:17:49.0791 2152 sbp2port - ok
19:17:49.0791 2152 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:17:49.0823 2152 SCardSvr - ok
19:17:49.0823 2152 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:17:49.0838 2152 scfilter - ok
19:17:49.0854 2152 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:17:49.0885 2152 Schedule - ok
19:17:49.0885 2152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:17:49.0916 2152 SCPolicySvc - ok
19:17:49.0916 2152 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:17:49.0932 2152 SDRSVC - ok
19:17:49.0932 2152 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:17:49.0947 2152 secdrv - ok
19:17:49.0963 2152 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:17:49.0979 2152 seclogon - ok
19:17:49.0979 2152 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:17:50.0010 2152 SENS - ok
19:17:50.0010 2152 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:17:50.0025 2152 SensrSvc - ok
19:17:50.0025 2152 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:17:50.0025 2152 Serenum - ok
19:17:50.0025 2152 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:17:50.0041 2152 Serial - ok
19:17:50.0041 2152 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:17:50.0057 2152 sermouse - ok
19:17:50.0057 2152 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:17:50.0088 2152 SessionEnv - ok
19:17:50.0088 2152 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:17:50.0088 2152 sffdisk - ok
19:17:50.0103 2152 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:17:50.0103 2152 sffp_mmc - ok
19:17:50.0103 2152 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:17:50.0119 2152 sffp_sd - ok
19:17:50.0119 2152 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:17:50.0119 2152 sfloppy - ok
19:17:50.0135 2152 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:17:50.0150 2152 SharedAccess - ok
19:17:50.0166 2152 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:17:50.0197 2152 ShellHWDetection - ok
19:17:50.0197 2152 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:17:50.0197 2152 SiSRaid2 - ok
19:17:50.0197 2152 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:17:50.0213 2152 SiSRaid4 - ok
19:17:50.0213 2152 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:17:50.0228 2152 SkypeUpdate - ok
19:17:50.0228 2152 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:17:50.0244 2152 Smb - ok
19:17:50.0259 2152 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:17:50.0259 2152 SNMPTRAP - ok
19:17:50.0275 2152 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:17:50.0275 2152 spldr - ok
19:17:50.0291 2152 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:17:50.0291 2152 Spooler - ok
19:17:50.0322 2152 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:17:50.0384 2152 sppsvc - ok
19:17:50.0384 2152 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:17:50.0400 2152 sppuinotify - ok
19:17:50.0415 2152 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:17:50.0431 2152 srv - ok
19:17:50.0431 2152 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:17:50.0447 2152 srv2 - ok
19:17:50.0447 2152 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:17:50.0462 2152 srvnet - ok
19:17:50.0462 2152 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:17:50.0478 2152 SSDPSRV - ok
19:17:50.0493 2152 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:17:50.0509 2152 SstpSvc - ok
19:17:50.0525 2152 [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:17:50.0525 2152 Stereo Service - ok
19:17:50.0540 2152 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:17:50.0540 2152 stexstor - ok
19:17:50.0556 2152 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:17:50.0571 2152 stisvc - ok
19:17:50.0571 2152 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:17:50.0571 2152 swenum - ok
19:17:50.0587 2152 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:17:50.0618 2152 swprv - ok
19:17:50.0618 2152 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:17:50.0649 2152 SysMain - ok
19:17:50.0665 2152 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:17:50.0665 2152 TabletInputService - ok
19:17:50.0681 2152 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:17:50.0696 2152 TapiSrv - ok
19:17:50.0696 2152 TBPanel - ok
19:17:50.0712 2152 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:17:50.0727 2152 TBS - ok
19:17:50.0743 2152 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:17:50.0774 2152 Tcpip - ok
19:17:50.0790 2152 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:17:50.0821 2152 TCPIP6 - ok
19:17:50.0821 2152 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:17:50.0837 2152 tcpipreg - ok
19:17:50.0837 2152 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:17:50.0852 2152 TDPIPE - ok
19:17:50.0852 2152 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:17:50.0852 2152 TDTCP - ok
19:17:50.0852 2152 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:17:50.0883 2152 tdx - ok
19:17:50.0883 2152 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:17:50.0899 2152 TermDD - ok
19:17:50.0899 2152 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:17:50.0930 2152 TermService - ok
19:17:50.0930 2152 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:17:50.0946 2152 Themes - ok
19:17:50.0946 2152 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:17:50.0977 2152 THREADORDER - ok
19:17:50.0977 2152 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:17:51.0008 2152 TrkWks - ok
19:17:51.0008 2152 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:17:51.0024 2152 TrustedInstaller - ok
19:17:51.0039 2152 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:17:51.0055 2152 tssecsrv - ok
19:17:51.0055 2152 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:17:51.0071 2152 TsUsbFlt - ok
19:17:51.0071 2152 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:17:51.0102 2152 tunnel - ok
19:17:51.0102 2152 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:17:51.0102 2152 uagp35 - ok
19:17:51.0117 2152 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:17:51.0133 2152 udfs - ok
19:17:51.0149 2152 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:17:51.0149 2152 UI0Detect - ok
19:17:51.0149 2152 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:17:51.0164 2152 uliagpkx - ok
19:17:51.0164 2152 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:17:51.0180 2152 umbus - ok
19:17:51.0180 2152 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:17:51.0180 2152 UmPass - ok
19:17:51.0195 2152 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:17:51.0211 2152 upnphost - ok
19:17:51.0227 2152 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:17:51.0227 2152 USBAAPL64 - ok
19:17:51.0227 2152 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:17:51.0242 2152 usbaudio - ok
19:17:51.0242 2152 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:17:51.0258 2152 usbccgp - ok
19:17:51.0258 2152 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:17:51.0273 2152 usbcir - ok
19:17:51.0273 2152 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:17:51.0273 2152 usbehci - ok
19:17:51.0273 2152 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:17:51.0289 2152 usbfilter - ok
19:17:51.0289 2152 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:17:51.0305 2152 usbhub - ok
19:17:51.0305 2152 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:17:51.0305 2152 usbohci - ok
19:17:51.0320 2152 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:17:51.0320 2152 usbprint - ok
19:17:51.0320 2152 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:17:51.0336 2152 USBSTOR - ok
19:17:51.0336 2152 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:17:51.0351 2152 usbuhci - ok
19:17:51.0351 2152 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:17:51.0367 2152 usbvideo - ok
19:17:51.0367 2152 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:17:51.0383 2152 UxSms - ok
19:17:51.0398 2152 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:17:51.0398 2152 VaultSvc - ok
19:17:51.0398 2152 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:17:51.0414 2152 vdrvroot - ok
19:17:51.0414 2152 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:17:51.0445 2152 vds - ok
19:17:51.0445 2152 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:51.0461 2152 vga - ok
19:17:51.0461 2152 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:17:51.0476 2152 VgaSave - ok
19:17:51.0492 2152 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:17:51.0492 2152 vhdmp - ok
19:17:51.0507 2152 [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:17:51.0539 2152 VIAHdAudAddService - ok
19:17:51.0539 2152 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:17:51.0539 2152 viaide - ok
19:17:51.0539 2152 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:17:51.0554 2152 volmgr - ok
19:17:51.0554 2152 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:17:51.0570 2152 volmgrx - ok
19:17:51.0570 2152 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:17:51.0585 2152 volsnap - ok
19:17:51.0585 2152 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:17:51.0601 2152 vsmraid - ok
19:17:51.0617 2152 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:17:51.0648 2152 VSS - ok
19:17:51.0648 2152 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:17:51.0663 2152 vwifibus - ok
19:17:51.0663 2152 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:17:51.0695 2152 W32Time - ok
19:17:51.0695 2152 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:17:51.0710 2152 WacomPen - ok
19:17:51.0710 2152 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:17:51.0741 2152 WANARP - ok
19:17:51.0741 2152 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:17:51.0757 2152 Wanarpv6 - ok
19:17:51.0773 2152 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:17:51.0788 2152 wbengine - ok
19:17:51.0804 2152 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:17:51.0819 2152 WbioSrvc - ok
19:17:51.0819 2152 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:17:51.0835 2152 wcncsvc - ok
19:17:51.0835 2152 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:17:51.0851 2152 WcsPlugInService - ok
19:17:51.0851 2152 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:17:51.0851 2152 Wd - ok
19:17:51.0866 2152 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:17:51.0882 2152 Wdf01000 - ok
19:17:51.0882 2152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:17:51.0897 2152 WdiServiceHost - ok
19:17:51.0897 2152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:17:51.0913 2152 WdiSystemHost - ok
19:17:51.0913 2152 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:17:51.0929 2152 WebClient - ok
19:17:51.0929 2152 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:17:51.0960 2152 Wecsvc - ok
19:17:51.0960 2152 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:17:51.0991 2152 wercplsupport - ok
19:17:51.0991 2152 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:17:52.0022 2152 WerSvc - ok
19:17:52.0022 2152 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:17:52.0038 2152 WfpLwf - ok
19:17:52.0053 2152 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:17:52.0053 2152 WIMMount - ok
19:17:52.0053 2152 WinDefend - ok
19:17:52.0069 2152 WinHttpAutoProxySvc - ok
19:17:52.0069 2152 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:17:52.0100 2152 Winmgmt - ok
19:17:52.0116 2152 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:17:52.0147 2152 WinRM - ok
19:17:52.0163 2152 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:17:52.0178 2152 Wlansvc - ok
19:17:52.0194 2152 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:17:52.0194 2152 WmiAcpi - ok
19:17:52.0194 2152 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:17:52.0209 2152 wmiApSrv - ok
19:17:52.0209 2152 WMPNetworkSvc - ok
19:17:52.0209 2152 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:17:52.0225 2152 WPCSvc - ok
19:17:52.0225 2152 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:17:52.0241 2152 WPDBusEnum - ok
19:17:52.0241 2152 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:17:52.0272 2152 ws2ifsl - ok
19:17:52.0272 2152 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:17:52.0287 2152 wscsvc - ok
19:17:52.0287 2152 WSearch - ok
19:17:52.0303 2152 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:17:52.0350 2152 wuauserv - ok
19:17:52.0350 2152 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:17:52.0350 2152 WudfPf - ok
19:17:52.0365 2152 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:52.0365 2152 WUDFRd - ok
19:17:52.0365 2152 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:17:52.0381 2152 wudfsvc - ok
19:17:52.0381 2152 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:17:52.0397 2152 WwanSvc - ok
19:17:52.0397 2152 ================ Scan global ===============================
19:17:52.0397 2152 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:17:52.0397 2152 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:17:52.0412 2152 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:17:52.0412 2152 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:17:52.0412 2152 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:17:52.0412 2152 [Global] - ok
19:17:52.0412 2152 ================ Scan MBR ==================================
19:17:52.0428 2152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:17:52.0615 2152 \Device\Harddisk0\DR0 - ok
19:17:52.0615 2152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:17:52.0662 2152 \Device\Harddisk1\DR1 - ok
19:17:52.0662 2152 ================ Scan VBR ==================================
19:17:52.0677 2152 [ BACA81D0230C6E82AA481971D339B887 ] \Device\Harddisk0\DR0\Partition1
19:17:52.0677 2152 \Device\Harddisk0\DR0\Partition1 - ok
19:17:52.0677 2152 [ 9845EE601832994A614542A813A149FE ] \Device\Harddisk0\DR0\Partition2
19:17:52.0677 2152 \Device\Harddisk0\DR0\Partition2 - ok
19:17:52.0677 2152 [ 12A12E0745C00C26FC0774722069AECD ] \Device\Harddisk1\DR1\Partition1
19:17:52.0677 2152 \Device\Harddisk1\DR1\Partition1 - ok
19:17:52.0677 2152 ============================================================
19:17:52.0677 2152 Scan finished
19:17:52.0677 2152 ============================================================
19:17:52.0693 4428 Detected object count: 2
19:17:52.0693 4428 Actual detected object count: 2
19:18:32.0037 4428 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:32.0037 4428 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:32.0053 4428 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:32.0053 4428 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.06.2013, 18:20
| #4 |
| /// Malware-holic | Win32/Small.CA-Virus lässt sich nicht entfernen Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.06.2013, 18:32
| #5 |
| | Win32/Small.CA-Virus lässt sich nicht entfernen bitte schön Code:
ATTFilter ComboFix 13-06-15.01 - Sa 16.06.2013 19:25:39.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.12286.9065 [GMT 2:00]
ausgeführt von:: c:\users\Sa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-16 bis 2013-06-16 ))))))))))))))))))))))))))))))
.
.
2013-06-16 17:28 . 2013-06-16 17:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-16 17:28 . 2013-06-16 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-16 16:47 . 2013-05-12 21:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01F52F7C-57D9-46ED-BAD5-E1ABB354D035}\mpengine.dll
2013-06-14 19:14 . 2013-06-12 15:20 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 19:14 . 2013-06-12 15:20 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{352CC57E-2247-472D-9DB3-4FC4BB9080F4}\gapaengine.dll
2013-06-14 19:14 . 2013-05-12 21:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-12 18:48 . 2004-02-26 22:00 962612 ----a-w- c:\windows\SysWow64\mfc42d.dll
2013-06-12 18:48 . 2004-02-16 22:00 434252 ----a-w- c:\windows\SysWow64\MSVCRTD.DLL
2013-06-12 18:48 . 2009-04-06 13:24 13368 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2013-06-12 18:48 . 2006-01-10 14:50 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
2013-06-12 18:48 . 2013-06-12 18:48 -------- d-----w- c:\program files (x86)\ASUS
2013-06-12 18:48 . 2008-01-04 11:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-06-12 18:48 . 2008-01-04 11:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-06-12 18:17 . 2013-06-12 18:17 -------- d-----w- c:\users\Sa\AppData\Roaming\Malwarebytes
2013-06-12 18:17 . 2013-06-12 18:17 -------- d-----w- c:\programdata\Malwarebytes
2013-06-12 18:17 . 2013-06-12 18:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-12 18:17 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-12 15:13 . 2013-06-12 15:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-06-12 15:13 . 2013-06-12 15:13 -------- d-----w- c:\program files\Microsoft Security Client
2013-06-12 15:07 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 13:04 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 09:43 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6276DCD-2124-48EF-A38F-E3889DF144E8}\mpengine.dll
2013-06-06 18:09 . 2013-06-06 18:09 -------- d-----w- c:\program files\iPod
2013-06-06 18:09 . 2013-06-06 18:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 18:09 . 2013-06-06 18:09 -------- d-----w- c:\program files\iTunes
2013-06-05 21:18 . 2013-06-05 21:18 -------- d-----w- c:\users\Sa\AppData\Roaming\thriXXX
2013-06-04 09:10 . 2013-06-04 09:10 -------- d-----w- c:\program files (x86)\Samsung SSD Magician
2013-05-29 12:25 . 2013-06-12 13:39 -------- d-----w- c:\users\Sa\AppData\Roaming\dvdcss
2013-05-28 10:15 . 2013-06-16 16:53 -------- d-----w- c:\users\Sa\AppData\Roaming\vlc
2013-05-24 08:48 . 2013-05-24 08:48 -------- d-----w- c:\users\Sa\AppData\Local\NVIDIA
2013-05-22 18:21 . 2013-05-24 10:47 -------- d-----w- c:\users\Sa\AppData\Roaming\LumacDaemon
2013-05-22 18:21 . 2013-05-22 18:21 -------- d-----w- c:\users\Sa\AppData\Local\Firstload
2013-05-22 18:21 . 2013-05-22 18:21 -------- d-----w- c:\program files (x86)\VideoLAN
2013-05-21 17:58 . 2013-05-21 17:58 -------- d-----w- c:\users\Sa\Cyberlink
2013-05-18 10:32 . 2013-05-18 10:32 -------- d-----w- c:\users\Sa\fontconfig
2013-05-18 10:32 . 2013-05-18 10:44 -------- d-----w- c:\program files (x86)\PS3 Media Server
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:09 . 2013-05-11 17:23 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-21 12:26 . 2013-05-12 00:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 12:26 . 2013-05-12 00:23 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 18:33 . 2013-05-13 18:33 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2013-05-13 12:24 . 2013-05-12 18:16 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-05-13 12:24 . 2013-05-12 18:16 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-05-13 12:24 . 2013-05-12 18:16 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-05-12 21:42 . 2013-05-11 16:06 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-05-12 21:42 . 2013-05-11 16:06 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-05-12 21:42 . 2013-02-25 22:32 2597344 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-05-12 21:42 . 2013-02-25 22:32 2935696 ----a-w- c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2013-02-25 22:32 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2013-02-25 22:32 15910736 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-05-12 20:34 . 2013-05-11 16:06 6491936 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2013-05-11 16:06 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2013-05-11 16:06 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2013-05-11 16:06 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2013-05-11 16:06 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2013-05-11 16:06 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-12 18:21 . 2013-05-12 18:19 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2013-05-12 18:00 . 2013-05-12 18:00 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-12 18:00 . 2013-05-12 18:00 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-12 18:00 . 2013-05-12 18:00 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-12 18:00 . 2013-05-12 18:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-12 18:00 . 2013-05-12 18:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-12 18:00 . 2013-05-12 18:00 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-12 18:00 . 2013-05-12 18:00 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-12 18:00 . 2013-05-12 18:00 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-12 18:00 . 2013-05-12 18:00 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-12 18:00 . 2013-05-12 18:00 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-12 18:00 . 2013-05-12 18:00 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-12 18:00 . 2013-05-12 18:00 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-12 18:00 . 2013-05-12 18:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-12 18:00 . 2013-05-12 18:00 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-12 18:00 . 2013-05-12 18:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-12 18:00 . 2013-05-12 18:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-12 18:00 . 2013-05-12 18:00 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-12 18:00 . 2013-05-12 18:00 441856 ----a-w- c:\windows\system32\html.iec
2013-05-12 18:00 . 2013-05-12 18:00 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-12 18:00 . 2013-05-12 18:00 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-12 18:00 . 2013-05-12 18:00 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-12 18:00 . 2013-05-12 18:00 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-12 18:00 . 2013-05-12 18:00 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-12 18:00 . 2013-05-12 18:00 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-12 18:00 . 2013-05-12 18:00 235008 ----a-w- c:\windows\system32\url.dll
2013-05-12 18:00 . 2013-05-12 18:00 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-12 18:00 . 2013-05-12 18:00 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-12 18:00 . 2013-05-12 18:00 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-12 18:00 . 2013-05-12 18:00 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-12 18:00 . 2013-05-12 18:00 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-12 18:00 . 2013-05-12 18:00 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-12 18:00 . 2013-05-12 18:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-12 18:00 . 2013-05-12 18:00 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-12 18:00 . 2013-05-12 18:00 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-12 18:00 . 2013-05-12 18:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-12 18:00 . 2013-05-12 18:00 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-12 18:00 . 2013-05-12 18:00 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-12 18:00 . 2013-05-12 18:00 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-12 18:00 . 2013-05-12 18:00 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-12 18:00 . 2013-05-12 18:00 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-12 18:00 . 2013-05-12 18:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-12 18:00 . 2013-05-12 18:00 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-12 18:00 . 2013-05-12 18:00 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-12 18:00 . 2013-05-12 18:00 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-12 18:00 . 2013-05-12 18:00 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-12 18:00 . 2013-05-12 18:00 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-12 18:00 . 2013-05-12 18:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-12 18:00 . 2013-05-12 18:00 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-12 18:00 . 2013-05-12 18:00 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-12 13:43 . 2013-05-12 13:43 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-05-12 10:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-05-12 10:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-05-12 00:20 . 2013-05-12 00:20 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-12 00:20 . 2013-05-12 00:20 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-12 00:20 . 2013-05-12 00:20 311200 ----a-w- c:\windows\system32\javaws.exe
2013-05-12 00:20 . 2013-05-12 00:20 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-12 00:20 . 2013-05-12 00:20 188832 ----a-w- c:\windows\system32\javaw.exe
2013-05-12 00:20 . 2013-05-12 00:20 188320 ----a-w- c:\windows\system32\java.exe
2013-05-08 14:13 . 2013-05-11 16:06 3165737 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-02 15:29 . 2013-05-11 16:03 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-29 18:00 . 2013-05-12 10:44 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2013-04-13 05:49 . 2013-05-15 10:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-05-11 16:06 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 10:44 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 10:44 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 10:44 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-03-19 06:04 . 2013-05-11 15:59 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-15 10:44 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-15 10:44 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-05-11 15:59 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-05-11 15:59 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-05-11 15:59 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-05-11 15:59 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-05-11 15:59 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2010-09-02 2181744]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2013-05-12 27760]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-08-27 78352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung Magician.exe /AUTOHIDE [2013-6-4 2952096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/05/13 14:26;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44148450
*NewlyCreated* - PXLDYPOC
*Deregistered* - 44148450
*Deregistered* - CLKMDRV10_38F51D56
*Deregistered* - pxldypoc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-16 19:29:10
ComboFix-quarantined-files.txt 2013-06-16 17:29
.
Vor Suchlauf: 8 Verzeichnis(se), 52.990.156.800 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 52.936.118.272 Bytes frei
.
- - End Of File - - 1FD91A13AC5AD3CFA009902F81964A59
D41D8CD98F00B204E9800998ECF8427E
|
|
16.06.2013, 18:34
| #6 |
| /// Malware-holic | Win32/Small.CA-Virus lässt sich nicht entfernen gibt es Malwarebytes logs mit Funden? dann mal bitte posten: http://www.trojaner-board.de/125889-...en-posten.html
__________________ --> Win32/Small.CA-Virus lässt sich nicht entfernen |
|
16.06.2013, 18:40
| #7 |
| | Win32/Small.CA-Virus lässt sich nicht entfernen Nein, laut Log ist alles frei von Infizierungen. Microsoft Security Essentials hat ebenfalls nichts gemeldet. Habe aber bei dem Programm auch noch keine Log-Dateien gefunden. |
|
16.06.2013, 18:42
| #8 |
| /// Malware-holic | Win32/Small.CA-Virus lässt sich nicht entfernen lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.06.2013, 18:56
| #9 |
| | Win32/Small.CA-Virus lässt sich nicht entfernen und weiter gehts Code:
ATTFilter Adobe Flash Player 11 Plugin Adobe Systems Incorporated 21.05.2013 6,00MB 11.7.700.202 benötigt Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 15.05.2013 134MB 11.0.03 benötigt AIDA64 Extreme Edition v2.85 FinalWire Ltd. 11.05.2013 26,6MB 2.85 unnötig Apple Application Support Apple Inc. 18.05.2013 64,7MB 2.3.4 benötigt Apple Mobile Device Support Apple Inc. 12.05.2013 25,2MB 6.1.0.13 benötigt Apple Software Update Apple Inc. 12.05.2013 2,38MB 2.1.3.127 benötigt ATI Catalyst Install Manager ATI Technologies, Inc. 11.05.2013 22,1MB 3.0.765.0 benötigt Bonjour Apple Inc. 12.05.2013 2,04MB 3.0.0.10 benötigt CCleaner Piriform 23.04.2013 4.01 benötigt Cool & Quiet 12.06.2013 benötigt CyberLink PowerDVD 10 CyberLink Corp. 13.05.2013 246MB 10.0.4508.52 benötigt EXPERTool 7.13 Gainward Co., Ltd 11.05.2013 11,1MB benötigt Free Video Dub version 2.0.18.430 DVDVideoSoft Ltd. 13.05.2013 65,7MB 2.0.18.430 benötigt FUSSBALL MANAGER 11 Electronic Arts 13.05.2013 1.0.0.3 unnötig iTunes Apple Inc. 06.06.2013 187MB 11.0.4.4 benötigt Java 7 Update 21 (64-bit) Oracle 12.05.2013 128MB 7.0.210 benötigt JDownloader 0.9 AppWork GmbH 12.05.2013 0.9 benötigt K-Lite Codec Pack 9.9.0 (64-bit) 12.05.2013 45,6MB 9.9.0 benötigt LG Burning Tool CyberLink Corp. 12.05.2013 121MB 6.2.6009 benötigt LG CyberLink BD Advisor CyberLink Corp. 12.05.2013 2.0.4606 benötigt LG CyberLink LabelPrint CyberLink Corp. 12.05.2013 57,3MB 2.5.3624 benötigt LG CyberLink Media Suite CyberLink Corp. 12.05.2013 37,3MB 8.0.2820 benötigt LG CyberLink MediaEspresso CyberLink Corp. 12.05.2013 175MB 6.5.1622_37397b benötigt LG CyberLink MediaShow CyberLink Corp. 12.05.2013 157MB 4.1.3402 benötigt LG CyberLink PowerProducer CyberLink Corp. 12.05.2013 183MB 5.0.2.2820a benötigt LG CyberLink YouCam CyberLink Corp. 12.05.2013 41,8MB 2.0.3718 benötigt LG Tool Kit 12.05.2013 10.01.0712.01 benötigt LightScribe System Software LightScribe 12.05.2013 25,1MB 1.18.22.2 benötigt Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 12.06.2013 19,2MB 1.75.0.1300 benötigt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.05.2013 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.05.2013 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 24.05.2013 51,9MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 24.05.2013 10,6MB 4.0.30319 Microsoft LifeCam Microsoft Corporation 12.05.2013 33,2MB 3.60.253.0 Microsoft Office Home and Student 2010 Microsoft Corporation 12.05.2013 14.0.6029.1000 Microsoft Security Essentials Microsoft Corporation 12.06.2013 4.2.223.1 Microsoft Silverlight Microsoft Corporation 13.05.2013 100MB 5.1.20125.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.05.2013 298KB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11.05.2013 788KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 12.05.2013 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12.05.2013 594KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 12.05.2013 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.06.2013 13,8MB 10.0.40219 Mozilla Firefox 21.0 (x86 de) Mozilla 24.05.2013 44,5MB 21.0 benötigt Mozilla Maintenance Service Mozilla 24.05.2013 333KB 21.0 benötigt NVIDIA 3D Vision Controller-Treiber 320.18 NVIDIA Corporation 24.05.2013 320.18 unnötig NVIDIA 3D Vision Treiber 320.18 NVIDIA Corporation 24.05.2013 320.18 unnötig NVIDIA GeForce Experience 1.5 NVIDIA Corporation 24.05.2013 1.5 benötigt NVIDIA Grafiktreiber 320.18 NVIDIA Corporation 24.05.2013 320.18 benötigt NVIDIA HD-Audiotreiber 1.3.24.2 NVIDIA Corporation 24.05.2013 1.3.24.2 benötigt NVIDIA PhysX-Systemsoftware 9.12.1031 NVIDIA Corporation 12.05.2013 9.12.1031 benötigt PS3 Media Server 18.05.2013 benötigt Realtek Ethernet Controller Driver For Windows 7 Realtek 11.05.2013 7.21.531.2010 benötigt Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 12.06.2013 1,02MB 2.0.32.0 benötigt Samsung Magician Samsung Electronics 04.06.2013 50,4MB 4.1.0 benötigt Sid Meier's Railroads! Firaxis Games 13.05.2013 1.00 unnötig Skype™ 6.5 Skype Technologies S.A. 12.06.2013 21,9MB 6.5.158 benötigt VLC media player 2.0.6 VideoLAN 12.05.2013 2.0.6 benötigt VoiceOver Kit Apple Inc. 12.05.2013 41,7MB 1.42.128.0 benötigt WinRAR 4.20 (64-Bit) win.rar GmbH 11.05.2013 4.20.0 benötigt Xvid Video Codec Xvid Team 13.05.2013 1.3.2 benötigt µTorrent BitTorrent Inc. 12.05.2013 3.3.0.29609 unnötig |
|
16.06.2013, 19:02
| #10 |
| /// Malware-holic | Win32/Small.CA-Virus lässt sich nicht entfernen deinstaliere: AIDA64 FUSSBALL Sid µTorrent Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.06.2013, 19:13
| #11 |
| | Win32/Small.CA-Virus lässt sich nicht entfernen Hier das Ergebnis: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 16/06/2013 um 20:11:42 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Sa - SA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sa\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [712 octets] - [16/06/2013 20:11:42]
########## EOF - C:\AdwCleaner[S1].txt - [771 octets] ##########
|
|
17.06.2013, 14:20
| #12 |
| /// Malware-holic | Win32/Small.CA-Virus lässt sich nicht entfernen passt. Hitmanpro laden: HitmanPro - Download - Filepony doppelklicken, scan klicken. nichts löschen, weiter klicken. Log speichern und posten, bzw als xml exportieren packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 17:50
| #13 |
| | Win32/Small.CA-Virus lässt sich nicht entfernen Hallo Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : SA-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Sa-PC\Sa
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-06-17 18:49:16
Scan mode . . . . . . : Normal
Scan duration . . . . : 33s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 228
Objects scanned . . . : 1.333.502
Files scanned . . . . : 14.460
Remnants scanned . . : 354.350 files / 964.692 keys
Cookies _____________________________________________________________________
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ad.360yield.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ad.dyntracker.de
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ad.zanox.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ads.medialevel.co
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ads.naughtyreviews.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ads.p161.net
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:adtech.de
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:adultfriendfinder.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:advertising.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:apmebf.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:at.atwola.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:atdmt.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:casalemedia.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:doubleclick.net
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:eas.apm.emediate.eu
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:exoclick.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:fastclick.net
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:fl01.ct2.comclick.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:freelifetimefuckbook.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:invitemedia.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:livejasmin.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:mediaplex.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:new.livejasmin.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:olympiaverlag.122.2o7.net
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:revsci.net
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ru4.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:serving-sys.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:sexad.net
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:smartadserver.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:track.adform.net
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:tradedoubler.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:tribalfusion.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:ww251.smartadserver.com
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:www.etracker.de
C:\Users\Sa\AppData\Roaming\Mozilla\Firefox\Profiles\nsakha9u.default\cookies.sqlite:www.freelifetimefuckbook.com
|
|
18.06.2013, 15:00
| #14 |
| /// Malware-holic | Win32/Small.CA-Virus lässt sich nicht entfernen sieht alles gut aus. Wird noch was angezeigt, neues otl log bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.06.2013, 18:42
| #15 |
| | Win32/Small.CA-Virus lässt sich nicht entfernen Guten Abend Markus, leider wird der Virus im Wartungscenter immer noch angezeigt  hier ist das aktuelle OTL.log Code:
ATTFilter OTL logfile created on: 18.06.2013 19:35:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 10,26 Gb Available Physical Memory | 85,48% Memory free 23,99 Gb Paging File | 22,24 Gb Available in Paging File | 92,69% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 49,06 Gb Free Space | 43,89% Space Free | Partition Type: NTFS Drive D: | 931,41 Gb Total Space | 419,55 Gb Free Space | 45,04% Space Free | Partition Type: NTFS Drive F: | 100,00 Mb Total Space | 71,75 Mb Free Space | 71,75% Space Free | Partition Type: NTFS Computer Name: SA-PC | User Name: Sa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.16 15:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe PRC - [2013.05.24 14:38:46 | 002,952,096 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.05.12 20:20:36 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.27 18:25:30 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2012.07.13 15:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.09.02 10:57:52 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 19:02:42 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe MOD - [1998.10.31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll ========== Services (SafeList) ========== SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.24 11:51:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.27 18:25:30 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 41 A7 B3 60 4E CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.11 18:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sa\AppData\Roaming\mozilla\Extensions [2013.05.24 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 11:51:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.06.16 19:28:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe () O4 - Startup: C:\Users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8AF9D13-C41E-4118-BB70-7512C0AB5B39}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.17 18:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.06.17 18:48:21 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\Sa\Desktop\HitmanPro_x64.exe [2013.06.16 19:31:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.16 19:29:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.16 19:24:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.16 19:24:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.16 19:24:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.16 19:24:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.16 19:24:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.16 19:22:55 | 005,080,151 | R--- | C] (Swearware) -- C:\Users\Sa\Desktop\ComboFix.exe [2013.06.16 19:15:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sa\Desktop\tdsskiller.exe [2013.06.16 15:55:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe [2013.06.12 20:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2013.06.12 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2013.06.12 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\Malwarebytes [2013.06.12 20:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.12 20:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.12 20:17:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.12 20:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.12 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.06.12 17:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.06.11 16:23:38 | 000,000,000 | --SD | C] -- C:\Users\Sa\Documents\Passwords Database [2013.06.06 20:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.06 20:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.06 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.06 20:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.05 23:18:32 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\thriXXX [2013.06.04 11:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician [2013.06.04 11:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician [2013.05.29 14:25:41 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\dvdcss [2013.05.28 12:15:31 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\vlc [2013.05.28 12:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.24 11:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.24 10:48:29 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Local\NVIDIA [2013.05.22 20:21:45 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Roaming\LumacDaemon [2013.05.22 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Sa\AppData\Local\Firstload [2013.05.22 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.05.21 19:58:48 | 000,000,000 | ---D | C] -- C:\Users\Sa\Cyberlink ========== Files - Modified Within 30 Days ========== [2013.06.18 19:34:22 | 001,640,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.18 19:34:22 | 000,711,206 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.18 19:34:22 | 000,656,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.18 19:34:22 | 000,152,478 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.18 19:34:22 | 000,124,974 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.18 19:29:47 | 000,000,344 | ---- | M] () -- C:\Windows\lgfwup.ini [2013.06.18 19:29:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.18 19:29:28 | 1072,295,934 | -HS- | M] () -- C:\hiberfil.sys [2013.06.17 18:53:54 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.17 18:53:54 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.17 18:48:16 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\Sa\Desktop\HitmanPro_x64.exe [2013.06.16 20:04:46 | 000,648,201 | ---- | M] () -- C:\Users\Sa\Desktop\adwcleaner.exe [2013.06.16 19:28:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.16 19:22:43 | 005,080,151 | R--- | M] (Swearware) -- C:\Users\Sa\Desktop\ComboFix.exe [2013.06.16 19:15:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sa\Desktop\tdsskiller.exe [2013.06.16 18:13:20 | 000,000,000 | ---- | M] () -- C:\Users\Sa\defogger_reenable [2013.06.16 15:54:28 | 000,050,477 | ---- | M] () -- C:\Users\Sa\Desktop\Defogger.exe [2013.06.16 15:54:18 | 000,377,856 | ---- | M] () -- C:\Users\Sa\Desktop\gmer_2.1.19163.exe [2013.06.16 15:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sa\Desktop\OTL.exe [2013.06.12 20:17:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.12 17:13:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.06.12 17:08:37 | 001,617,670 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.12 15:30:38 | 000,543,333 | ---- | M] () -- C:\Users\Sa\Desktop\gutschein.pdf [2013.06.06 20:09:32 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.04 11:10:26 | 000,001,193 | ---- | M] () -- C:\Users\Sa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2013.06.04 11:10:26 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Magician.lnk [2013.05.28 12:15:27 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.24 10:46:52 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.05.21 20:13:16 | 000,003,584 | ---- | M] () -- C:\Users\Sa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2013.06.16 20:04:54 | 000,648,201 | ---- | C] () -- C:\Users\Sa\Desktop\adwcleaner.exe [2013.06.16 19:24:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.16 19:24:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.16 19:24:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.16 19:24:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.16 19:24:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.16 18:13:20 | 000,000,000 | ---- | C] () -- C:\Users\Sa\defogger_reenable [2013.06.16 15:54:55 | 000,377,856 | ---- | C] () -- C:\Users\Sa\Desktop\gmer_2.1.19163.exe [2013.06.16 15:54:46 | 000,050,477 | ---- | C] () -- C:\Users\Sa\Desktop\Defogger.exe [2013.06.12 20:48:37 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2013.06.12 20:48:37 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013.06.12 20:48:36 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2013.06.12 20:48:36 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2013.06.12 20:17:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.12 17:13:17 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.06.12 17:13:11 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.06.12 15:30:38 | 000,543,333 | ---- | C] () -- C:\Users\Sa\Desktop\gutschein.pdf [2013.06.06 20:09:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.28 12:15:27 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.24 10:46:52 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.05.24 10:44:30 | 001,617,670 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.21 20:13:16 | 000,003,584 | ---- | C] () -- C:\Users\Sa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.13 13:39:42 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.05.13 13:39:42 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.05.12 20:19:47 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini [2013.05.11 17:43:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.05.11 17:43:52 | 000,029,940 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.13 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\DVDVideoSoft [2013.05.24 12:47:18 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\LumacDaemon [2013.06.05 23:18:32 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\thriXXX [2013.06.16 20:09:26 | 000,000,000 | ---D | M] -- C:\Users\Sa\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > |
|
| Themen zu Win32/Small.CA-Virus lässt sich nicht entfernen |
| adobe reader xi, autorun, bho, bonjour, dllhost.exe, entfernen, error, excel, fehlermeldung, firefox, flash player, format, helper, home, iexplore.exe, install.exe, logfile, lässt sich nicht entfernen, mozilla, plug-in, realtek, registry, rundll, scan, security, svchost.exe, udp, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
