Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows wurde blockiert - Avira - 50 Euro Virus (https://www.trojaner-board.de/112473-windows-wurde-blockiert-avira-50-euro-virus.html)

Stepi85 28.03.2012 08:29
Windows wurde blockiert - Avira - 50 Euro Virus
 
Hallo,

mir ist klar, dass dieses Thema schon oft durchgesprochen wurde, ich wollte auch auf einen bestehenden Thread posten, ging aber leider nicht.

Ich habe seit vorhin scheinbar einen Virus oder Malware drauf, welcher mein Windows blockiert.

Von welchen Programmen braucht Ihr ein Log-File?
Werde diese dann heute abend einstellen.

Wenn ich bei den Porgrammen bestimmte Einstellungen vornehmen muss, lasst mich dies bitte wissen, damit wir schnell zum Ziel kommen.

Vielen Dank

MfG

Frank

markusg 28.03.2012 11:45
hi,
kein problem, du wirst auch nicht der letzte sein nehme ich an :-)
neustart, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden, inet verbindung herstellen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Stepi85 28.03.2012 19:18
Hallo,

erstmal die OTL.txt:

Code:
OTL logfile created on: 28.03.2012 19:57:39 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Stepi\Desktop\OTL
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 80,39% Memory free
5,99 Gb Paging File | 5,48 Gb Available in Paging File | 91,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 158,68 Gb Free Space | 53,25% Space Free | Partition Type: NTFS
 
Computer Name: HANGOVERPC | User Name: Stepi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stepi\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe (IDT, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 D5 A3 53 56 86 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?ref=hp"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\HighPerformance Client\addon\ [2010.11.07 15:18:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 09:39:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.24 08:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.01 07:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.24 08:29:45 | 000,000,000 | ---D | M]
 
[2010.12.26 13:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stepi\AppData\Roaming\mozilla\Extensions
[2010.12.26 13:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stepi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.10 11:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stepi\AppData\Roaming\mozilla\Firefox\Profiles\s99fhapg.default\extensions
[2012.02.10 11:11:39 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Stepi\AppData\Roaming\mozilla\Firefox\Profiles\s99fhapg.default\extensions\piclens@cooliris.com
[2009.12.27 20:21:18 | 000,002,055 | ---- | M] () -- C:\Users\Stepi\AppData\Roaming\Mozilla\Firefox\Profiles\s99fhapg.default\searchplugins\daemon-search.xml
[2012.03.21 20:25:43 | 000,001,056 | ---- | M] () -- C:\Users\Stepi\AppData\Roaming\Mozilla\Firefox\Profiles\s99fhapg.default\searchplugins\icqplugin.xml
[2011.11.10 09:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.07 15:18:49 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\VODAFONE\HIGHPERFORMANCE CLIENT\ADDON
() (No name found) -- C:\USERS\STEPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S99FHAPG.DEFAULT\EXTENSIONS\{5FF60652-3079-4D1A-8328-3126890EAE58}.XPI
[2012.02.17 09:39:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.04 09:01:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 09:01:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 09:01:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 09:01:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 09:01:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 09:01:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.25 20:11:18 | 000,438,080 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 15065 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\Stepi\M-1-52-5782-8752-5245\winsvc.exe File not found
O4 - HKCU..\Run: [SkypePM] C:\Users\Stepi\AppData\Local\Skype\SkypePM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F2D1EC-287B-4028-878B-EB182BA62129}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8647D11A-86D8-411D-9CD2-4D6E4D596001}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97BC4B9E-574B-485B-8535-09BFCD79F0CD}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C097D8A3-297D-4733-9FEA-C43D0C194E58}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF2AE491-AD3C-4F33-BF32-2537E9D6F83B}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02c2d451-9b39-11df-8cc8-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{02c2d451-9b39-11df-8cc8-00238b1327d9}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\{02c2d458-9b39-11df-8cc8-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{02c2d458-9b39-11df-8cc8-00238b1327d9}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\{21efc0bc-2c81-11df-8c87-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{21efc0bc-2c81-11df-8c87-00238b1327d9}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{21efc0be-2c81-11df-8c87-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{21efc0be-2c81-11df-8c87-00238b1327d9}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{2600c923-3ac6-11e0-bcd9-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2600c923-3ac6-11e0-bcd9-00238b1327d9}\Shell\AutoRun\command - "" = I:\NPSAI.exe
O33 - MountPoints2\{6ca6c560-68de-11e0-bacd-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{6ca6c560-68de-11e0-bacd-00238b1327d9}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{86aff880-eb04-11df-b836-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{86aff880-eb04-11df-b836-00238b1327d9}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8e2eaec3-0303-11e0-93f4-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{8e2eaec3-0303-11e0-93f4-00238b1327d9}\Shell\AutoRun\command - "" = H:\Setup.EXE
O33 - MountPoints2\{a1a6f2be-e092-11df-8f20-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{a1a6f2be-e092-11df-8f20-001e101f2500}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b6bad2a3-27de-11df-91fd-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b6bad2a3-27de-11df-91fd-00238b1327d9}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{b6bad2ec-27de-11df-91fd-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b6bad2ec-27de-11df-91fd-00238b1327d9}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{c15053fe-f314-11de-8f04-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{c15053fe-f314-11de-8f04-00238b1327d9}\Shell\AutoRun\command - "" = E:\Setup.EXE
O33 - MountPoints2\{e4fe62b1-e08c-11df-911e-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{e4fe62b1-e08c-11df-911e-00238b1327d9}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e4fe62be-e08c-11df-911e-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{e4fe62be-e08c-11df-911e-00238b1327d9}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FF1F3E98-5F69-43D1-CA47-EB306110F3A4} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: {2136E952-826A-440D-A56F-BF568930D5EA} - hkey= - key= - C:\Program Files\Vodafone\HighPerformance Client\bmoc.exe (Bytemobile, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\Stepi\Desktop\OTL
[2012.03.28 09:03:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.03.28 09:00:41 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Stepi\Desktop\TDSSKiller.exe
[2012.03.19 22:57:57 | 000,000,000 | ---D | C] -- C:\Users\Stepi\Desktop\Adobe
[2012.03.19 08:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.03.05 22:08:05 | 000,000,000 | ---D | C] -- C:\Users\Stepi\Desktop\Forum Tiffy
[2012.03.05 19:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
[2012.03.05 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann Fotowelt Software
[2012.03.04 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Stepi\Desktop\Hochzeit von Rene und Sandra
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 19:52:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.28 19:52:19 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.28 09:30:24 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 09:30:23 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 09:22:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.28 08:32:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.28 07:07:41 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.28 07:07:41 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.28 07:07:41 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.28 07:07:41 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stepi\Desktop\TDSSKiller.exe
[2012.03.22 12:01:27 | 043,036,933 | ---- | M] () -- C:\Users\Stepi\Desktop\test1.psd
[2012.03.21 23:09:42 | 003,501,622 | ---- | M] () -- C:\Users\Stepi\Desktop\test1.jpg
[2012.03.19 14:41:11 | 002,339,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.03 12:00:56 | 003,344,384 | ---- | M] () -- C:\Users\Stepi\Desktop\IMG_4191.JPG
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.22 12:01:20 | 043,036,933 | ---- | C] () -- C:\Users\Stepi\Desktop\test1.psd
[2012.03.21 23:07:27 | 003,501,622 | ---- | C] () -- C:\Users\Stepi\Desktop\test1.jpg
[2012.03.21 13:30:54 | 003,344,384 | ---- | C] () -- C:\Users\Stepi\Desktop\IMG_4191.JPG
[2012.03.19 09:01:46 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2012.03.19 09:00:59 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2012.03.19 09:00:25 | 000,001,394 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2012.03.19 08:58:52 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2012.03.19 08:56:18 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2012.03.19 08:55:47 | 000,001,365 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011.10.25 20:48:41 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2011.07.19 21:45:14 | 000,000,000 | ---- | C] () -- C:\Users\Stepi\AppData\Local\{6A09781F-FEB0-414F-A5DC-DE160E30D380}
[2011.06.09 08:59:02 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.09 08:58:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2011.12.29 19:05:58 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\AquaCalculator
[2011.06.25 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Azureus
[2010.10.26 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Bytemobile
[2010.11.07 00:35:59 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\DAEMON Tools Lite
[2010.04.13 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Desktopicon
[2010.11.27 00:00:48 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Friday's games
[2011.01.08 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Hotel-Manager
[2009.12.26 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\IrfanView
[2010.11.26 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Plan It Green Files
[2011.02.17 22:30:38 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Samsung
[2010.11.27 22:50:26 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Settlement. Colossus
[2010.12.26 13:17:14 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Thunderbird
[2010.04.15 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Toolbars
[2010.04.21 23:43:04 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Tropico 3
[2010.11.07 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Vodafone
[2010.11.03 09:32:40 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Vodafone Mobile Connect
[2010.11.26 00:52:24 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\World-Loom
[2010.11.27 22:50:10 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Zylom
[2012.02.07 10:40:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.01.20 09:54:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.12.26 19:37:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.08 23:47:55 | 000,000,000 | ---D | M] -- C:\emanager
[2010.12.05 23:23:40 | 000,000,000 | ---D | M] -- C:\Games
[2009.12.26 20:43:54 | 000,000,000 | ---D | M] -- C:\HP
[2009.12.26 20:28:39 | 000,000,000 | ---D | M] -- C:\Intel
[2010.01.06 22:10:52 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.27 05:27:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.28 09:22:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.26 19:37:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.26 19:37:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.27 19:54:28 | 000,000,000 | ---D | M] -- C:\Spiele
[2011.02.13 14:47:02 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.03.27 09:14:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.28 09:18:58 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2009.12.26 19:39:26 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.28 19:52:20 | 000,000,000 | ---D | M] -- C:\Windows
[2010.01.08 02:27:52 | 000,000,000 | -H-D | M] -- C:\WindowsLiveSyncTemp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.11.09 11:38:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.11.09 11:38:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.03.28 20:05:40 | 008,126,464 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT
[2012.03.28 20:05:40 | 000,262,144 | -HS- | M] () -- C:\Users\Stepi\ntuser.dat.LOG1
[2009.12.26 19:39:27 | 000,000,000 | -HS- | M] () -- C:\Users\Stepi\ntuser.dat.LOG2
[2009.12.26 19:45:06 | 000,065,536 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.12.26 19:45:06 | 000,524,288 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.12.26 19:45:06 | 000,524,288 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.02.17 00:33:36 | 000,065,536 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{e0783f23-3a0f-11e0-a66c-00238b1327d9}.TM.blf
[2011.02.17 00:33:36 | 000,524,288 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{e0783f23-3a0f-11e0-a66c-00238b1327d9}.TMContainer00000000000000000001.regtrans-ms
[2011.02.17 00:33:36 | 000,524,288 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{e0783f23-3a0f-11e0-a66c-00238b1327d9}.TMContainer00000000000000000002.regtrans-ms
[2009.12.26 19:39:27 | 000,000,020 | -HS- | M] () -- C:\Users\Stepi\ntuser.ini
[2010.11.20 14:17:47 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Users\Stepi\taskmgr.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
Leider hat er mir keine Extra.txt ausgegeben!?

MfG

Frank

markusg 28.03.2012 19:27
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\Stepi\AppData\Local\Skype\SkypePM.exe ()
 :Files
C:\Users\Stepi\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Stepi85 28.03.2012 19:42
Hallo,

anbei die Antwort vom OTL:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
C:\Users\Stepi\AppData\Local\Skype\SkypePM.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56475 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stepi
->Flash cache emptied: 3410121 bytes
 
Total Flash Files Cleaned = 3,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stepi
->Temp folder emptied: 301378381 bytes
->Temporary Internet Files folder emptied: 2481999193 bytes
->Java cache emptied: 8209845 bytes
->FireFox cache emptied: 57796002 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 102352 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 976896 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 137845849 bytes
RecycleBin emptied: 44649727 bytes
 
Total Files Cleaned = 2.892,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 03282012_203447

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Der Upload hat auch geklappt.

MfG

Frank

markusg 29.03.2012 12:08
danke dir
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Stepi85 29.03.2012 19:36
Hallo,

das kam raus:

Code:
ComboFix 12-03-29.02 - Stepi 29.03.2012  20:26:15.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3069.1938 [GMT 2:00]
ausgeführt von:: c:\users\Stepi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stepi\AppData\Roaming\Desktopicon
c:\users\Stepi\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Stepi\Taskmgr.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-29 18:31 . 2012-03-29 18:32        --------        d-----w-        c:\users\Stepi\AppData\Local\temp
2012-03-29 18:31 . 2012-03-29 18:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-28 18:34 . 2012-03-28 18:40        --------        d-----w-        C:\_OTL
2012-03-28 07:03 . 2012-03-28 07:18        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-03-27 14:20 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C033E238-752B-4E39-B515-78A88CFE5067}\mpengine.dll
2012-03-19 06:54 . 2012-03-19 06:54        --------        d-----w-        c:\program files\Common Files\Macrovision Shared
2012-03-14 21:56 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-14 21:56 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 09:05 . 2012-02-03 03:54        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 09:05 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 09:04 . 2012-01-25 05:32        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 09:04 . 2012-01-25 05:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:04 . 2012-01-25 05:27        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:04 . 2012-02-17 05:34        919040        ----a-w-        c:\windows\system32\rdpcorets.dll
2012-03-14 09:04 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 09:04 . 2012-02-17 04:14        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:04 . 2012-02-17 04:13        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-05 17:11 . 2012-03-05 17:13        --------        d-----w-        c:\program files\Rossmann Fotowelt Software
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-11-09 10:03        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-16 03:30 . 2011-10-27 19:11        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-01-04 08:58 . 2012-02-16 14:59        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-17 07:39 . 2011-04-30 22:38        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2136E952-826A-440D-A56F-BF568930D5EA}]
c:\program files\Vodafone\HighPerformance Client\bmoc -d [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59        937920        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16        203928        ----a-w-        c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-03-30 07:37        116056        ----a-w-        c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41        222128        ----a-w-        c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 12:25        2363392        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-10-03 10:40        13826664        ----a-w-        c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-06-21 06:06        199488        ----a-w-        c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-03 13:56        198160        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2012-01-31 51632]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-11-04 112640]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-11-04 101120]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Asyatmoe_net;Asyatmoe_net; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-02-02 3025112]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-08 40448]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:26]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Stepi\AppData\Roaming\Mozilla\Firefox\Profiles\s99fhapg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Microsoft® Windows Update - c:\users\Stepi\M-1-52-5782-8752-5245\winsvc.exe
HKLM-Run-NPSStartup - (no file)
SafeBoot-41290999.sys
SafeBoot-93950131.sys
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-29  20:34:43
ComboFix-quarantined-files.txt  2012-03-29 18:34
.
Vor Suchlauf: 13 Verzeichnis(se), 175.441.797.120 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 174.948.720.640 Bytes frei
.
- - End Of File - - 853B191EE8A7122C5659531A5B300EBF
MfG

Frank

markusg 29.03.2012 19:37
wieso wurde der tdss killer eingesetzt und wo ist der bericht?
liegt auf c:

Stepi85 29.03.2012 19:42
Hi,

hatte da irgendwo etwas drüber gelesen, bevor ich auf diese Forum traf.
Bericht finde ich leider nicht mehr. soll ich den nochmal durchlaufen lassen?

MfG

Frank

markusg 29.03.2012 19:43
der bericht liegt auf c: tdsskiller-datum-version.txt

Stepi85 29.03.2012 19:44
Hi,

woher weißt du da?

Code:
09:00:48.0405 0736        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
09:00:48.0896 0736        ============================================================
09:00:48.0896 0736        Current date / time: 2012/03/28 09:00:48.0896
09:00:48.0896 0736        SystemInfo:
09:00:48.0896 0736       
09:00:48.0896 0736        OS Version: 6.1.7601 ServicePack: 1.0
09:00:48.0896 0736        Product type: Workstation
09:00:48.0896 0736        ComputerName: HANGOVERPC
09:00:48.0896 0736        UserName: Stepi
09:00:48.0897 0736        Windows directory: C:\Windows
09:00:48.0897 0736        System windows directory: C:\Windows
09:00:48.0897 0736        Processor architecture: Intel x86
09:00:48.0897 0736        Number of processors: 2
09:00:48.0897 0736        Page size: 0x1000
09:00:48.0897 0736        Boot type: Normal boot
09:00:48.0897 0736        ============================================================
09:00:50.0592 0736        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:00:50.0596 0736        \Device\Harddisk0\DR0:
09:00:50.0597 0736        MBR used
09:00:50.0597 0736        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:00:50.0597 0736        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
09:00:50.0652 0736        Initialize success
09:00:50.0652 0736        ============================================================
09:00:59.0112 2388        ============================================================
09:00:59.0112 2388        Scan started
09:00:59.0112 2388        Mode: Manual; SigCheck; TDLFS;
09:00:59.0112 2388        ============================================================
09:01:00.0926 2388        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:01:01.0127 2388        1394ohci - ok
09:01:01.0420 2388        a2acc          (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
09:01:01.0480 2388        a2acc - ok
09:01:01.0717 2388        a2AntiMalware  (5a65a77f7a4a091e896c21db4ef18e1f) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
09:01:01.0779 2388        a2AntiMalware - ok
09:01:01.0947 2388        A2DDA          (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
09:01:01.0967 2388        A2DDA - ok
09:01:02.0390 2388        Accelerometer  (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:01:02.0412 2388        Accelerometer - ok
09:01:02.0578 2388        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:01:02.0606 2388        ACPI - ok
09:01:02.0779 2388        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:01:02.0875 2388        AcpiPmi - ok
09:01:03.0037 2388        adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
09:01:03.0047 2388        adfs - ok
09:01:03.0263 2388        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:01:03.0286 2388        adp94xx - ok
09:01:03.0488 2388        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:01:03.0507 2388        adpahci - ok
09:01:03.0692 2388        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:01:03.0707 2388        adpu320 - ok
09:01:03.0882 2388        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:01:03.0962 2388        AeLookupSvc - ok
09:01:04.0276 2388        AESTFilters    (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
09:01:04.0401 2388        AESTFilters - ok
09:01:04.0563 2388        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:01:04.0649 2388        AFD - ok
09:01:04.0784 2388        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:01:04.0797 2388        agp440 - ok
09:01:05.0071 2388        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:01:05.0084 2388        aic78xx - ok
09:01:05.0313 2388        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:01:05.0376 2388        ALG - ok
09:01:05.0522 2388        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:01:05.0534 2388        aliide - ok
09:01:05.0621 2388        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:01:05.0634 2388        amdagp - ok
09:01:05.0678 2388        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:01:05.0690 2388        amdide - ok
09:01:05.0819 2388        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:01:05.0894 2388        AmdK8 - ok
09:01:05.0920 2388        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:01:06.0015 2388        AmdPPM - ok
09:01:06.0263 2388        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:01:06.0280 2388        amdsata - ok
09:01:06.0516 2388        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:01:06.0552 2388        amdsbs - ok
09:01:06.0666 2388        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:01:06.0685 2388        amdxata - ok
09:01:06.0825 2388        AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:01:06.0853 2388        AntiVirSchedulerService - ok
09:01:06.0934 2388        AntiVirService  (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:01:06.0952 2388        AntiVirService - ok
09:01:07.0123 2388        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:01:07.0378 2388        AppID - ok
09:01:07.0791 2388        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:01:07.0972 2388        AppIDSvc - ok
09:01:08.0160 2388        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:01:08.0274 2388        Appinfo - ok
09:01:08.0477 2388        Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:01:08.0500 2388        Apple Mobile Device - ok
09:01:08.0700 2388        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:01:08.0784 2388        AppMgmt - ok
09:01:08.0895 2388        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:01:08.0926 2388        arc - ok
09:01:09.0116 2388        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:01:09.0141 2388        arcsas - ok
09:01:09.0349 2388        Asyatmoe_net - ok
09:01:09.0459 2388        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:01:09.0687 2388        AsyncMac - ok
09:01:09.0991 2388        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:01:10.0020 2388        atapi - ok
09:01:10.0349 2388        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:01:10.0459 2388        AudioEndpointBuilder - ok
09:01:10.0582 2388        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:01:10.0614 2388        Audiosrv - ok
09:01:10.0768 2388        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
09:01:10.0789 2388        avgntflt - ok
09:01:10.0890 2388        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
09:01:10.0912 2388        avipbb - ok
09:01:11.0090 2388        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
09:01:11.0115 2388        avkmgr - ok
09:01:11.0235 2388        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:01:11.0354 2388        AxInstSV - ok
09:01:11.0607 2388        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:01:11.0679 2388        b06bdrv - ok
09:01:11.0821 2388        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:01:11.0862 2388        b57nd60x - ok
09:01:11.0980 2388        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:01:12.0216 2388        BDESVC - ok
09:01:12.0325 2388        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:01:12.0531 2388        Beep - ok
09:01:12.0813 2388        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
09:01:12.0982 2388        BFE - ok
09:01:13.0201 2388        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
09:01:13.0347 2388        BITS - ok
09:01:13.0586 2388        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:01:13.0877 2388        blbdrive - ok
09:01:14.0171 2388        BMLoad          (a6d35ff84e024d6d3f12aaf6c9814314) C:\Windows\system32\drivers\BMLoad.sys
09:01:14.0219 2388        BMLoad ( UnsignedFile.Multi.Generic ) - warning
09:01:14.0219 2388        BMLoad - detected UnsignedFile.Multi.Generic (1)
09:01:14.0430 2388        Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
09:01:14.0461 2388        Bonjour Service - ok
09:01:14.0748 2388        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:01:14.0896 2388        bowser - ok
09:01:15.0235 2388        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:01:15.0392 2388        BrFiltLo - ok
09:01:15.0652 2388        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:01:15.0710 2388        BrFiltUp - ok
09:01:15.0968 2388        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:01:16.0135 2388        Browser - ok
09:01:16.0349 2388        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:01:16.0478 2388        Brserid - ok
09:01:16.0595 2388        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:01:16.0636 2388        BrSerWdm - ok
09:01:16.0709 2388        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:01:16.0813 2388        BrUsbMdm - ok
09:01:16.0965 2388        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:01:17.0028 2388        BrUsbSer - ok
09:01:17.0103 2388        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:01:17.0189 2388        BTHMODEM - ok
09:01:17.0345 2388        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:01:17.0457 2388        bthserv - ok
09:01:17.0560 2388        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:01:17.0666 2388        cdfs - ok
09:01:18.0238 2388        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:01:18.0315 2388        cdrom - ok
09:01:18.0656 2388        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:01:18.0834 2388        CertPropSvc - ok
09:01:19.0204 2388        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:01:19.0358 2388        circlass - ok
09:01:19.0697 2388        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:01:19.0730 2388        CLFS - ok
09:01:19.0945 2388        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:01:19.0974 2388        clr_optimization_v2.0.50727_32 - ok
09:01:20.0455 2388        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:01:20.0491 2388        clr_optimization_v4.0.30319_32 - ok
09:01:20.0632 2388        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:01:20.0668 2388        CmBatt - ok
09:01:20.0775 2388        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:01:20.0788 2388        cmdide - ok
09:01:20.0870 2388        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
09:01:20.0939 2388        CNG - ok
09:01:21.0068 2388        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:01:21.0099 2388        Compbatt - ok
09:01:21.0271 2388        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:01:21.0319 2388        CompositeBus - ok
09:01:21.0403 2388        COMSysApp - ok
09:01:21.0467 2388        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:01:21.0496 2388        crcdisk - ok
09:01:21.0645 2388        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
09:01:21.0829 2388        CryptSvc - ok
09:01:22.0030 2388        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:01:22.0107 2388        CSC - ok
09:01:22.0232 2388        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
09:01:22.0331 2388        CscService - ok
09:01:22.0600 2388        dc3d            (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys
09:01:22.0671 2388        dc3d - ok
09:01:22.0785 2388        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:01:22.0945 2388        DcomLaunch - ok
09:01:23.0211 2388        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:01:23.0261 2388        defragsvc - ok
09:01:23.0353 2388        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:01:23.0402 2388        DfsC - ok
09:01:23.0479 2388        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:01:23.0535 2388        Dhcp - ok
09:01:23.0571 2388        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:01:23.0620 2388        discache - ok
09:01:23.0712 2388        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:01:23.0725 2388        Disk - ok
09:01:23.0786 2388        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:01:23.0876 2388        Dnscache - ok
09:01:23.0965 2388        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:01:24.0013 2388        dot3svc - ok
09:01:24.0094 2388        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:01:24.0156 2388        DPS - ok
09:01:24.0265 2388        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:01:24.0440 2388        drmkaud - ok
09:01:24.0662 2388        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:01:24.0686 2388        DXGKrnl - ok
09:01:24.0735 2388        E1G60          (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:01:24.0777 2388        E1G60 - ok
09:01:24.0831 2388        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:01:24.0862 2388        EapHost - ok
09:01:25.0047 2388        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:01:25.0199 2388        ebdrv - ok
09:01:25.0291 2388        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
09:01:25.0377 2388        EFS - ok
09:01:25.0598 2388        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:01:25.0698 2388        ehRecvr - ok
09:01:25.0886 2388        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:01:25.0925 2388        ehSched - ok
09:01:26.0307 2388        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:01:26.0359 2388        elxstor - ok
09:01:26.0528 2388        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:01:26.0611 2388        ErrDev - ok
09:01:26.0721 2388        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:01:26.0820 2388        EventSystem - ok
09:01:27.0079 2388        ewusbnet        (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys
09:01:27.0110 2388        ewusbnet - ok
09:01:27.0169 2388        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:01:27.0298 2388        exfat - ok
09:01:27.0560 2388        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:01:27.0657 2388        fastfat - ok
09:01:27.0790 2388        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:01:27.0956 2388        Fax - ok
09:01:28.0150 2388        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:01:28.0186 2388        fdc - ok
09:01:28.0273 2388        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:01:28.0345 2388        fdPHost - ok
09:01:28.0391 2388        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:01:28.0478 2388        FDResPub - ok
09:01:28.0575 2388        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:01:28.0606 2388        FileInfo - ok
09:01:28.0645 2388        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:01:28.0734 2388        Filetrace - ok
09:01:29.0260 2388        FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:01:29.0306 2388        FLEXnet Licensing Service - ok
09:01:29.0570 2388        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:01:29.0789 2388        flpydisk - ok
09:01:29.0966 2388        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:01:29.0994 2388        FltMgr - ok
09:01:30.0166 2388        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
09:01:30.0287 2388        FontCache - ok
09:01:30.0650 2388        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:01:30.0674 2388        FontCache3.0.0.0 - ok
09:01:30.0868 2388        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:01:30.0899 2388        FsDepends - ok
09:01:30.0960 2388        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:01:30.0990 2388        Fs_Rec - ok
09:01:31.0167 2388        FTDIBUS        (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
09:01:31.0256 2388        FTDIBUS - ok
09:01:31.0308 2388        FTSER2K        (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
09:01:31.0332 2388        FTSER2K - ok
09:01:31.0463 2388        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:01:31.0497 2388        fvevol - ok
09:01:31.0669 2388        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:01:31.0697 2388        gagp30kx - ok
09:01:31.0987 2388        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:01:32.0008 2388        GEARAspiWDM - ok
09:01:32.0225 2388        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:01:32.0434 2388        gpsvc - ok
09:01:33.0054 2388        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:01:33.0078 2388        gupdate - ok
09:01:33.0164 2388        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:01:33.0187 2388        gupdatem - ok
09:01:33.0321 2388        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:01:33.0444 2388        hcw85cir - ok
09:01:33.0707 2388        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:01:33.0744 2388        HdAudAddService - ok
09:01:34.0019 2388        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:01:34.0091 2388        HDAudBus - ok
09:01:34.0192 2388        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:01:34.0245 2388        HidBatt - ok
09:01:34.0272 2388        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:01:34.0335 2388        HidBth - ok
09:01:34.0437 2388        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:01:34.0458 2388        HidIr - ok
09:01:34.0515 2388        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
09:01:34.0617 2388        hidserv - ok
09:01:34.0917 2388        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:01:34.0953 2388        HidUsb - ok
09:01:35.0175 2388        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:01:35.0253 2388        hkmsvc - ok
09:01:35.0513 2388        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:01:35.0574 2388        HomeGroupListener - ok
09:01:35.0739 2388        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:01:35.0882 2388        HomeGroupProvider - ok
09:01:36.0149 2388        hpdskflt        (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:01:36.0170 2388        hpdskflt - ok
09:01:36.0271 2388        HpqKbFiltr      (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:01:36.0350 2388        HpqKbFiltr - ok
09:01:36.0492 2388        hpqwmiex        (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:01:36.0509 2388        hpqwmiex - ok
09:01:36.0722 2388        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:01:36.0754 2388        HpSAMD - ok
09:01:37.0005 2388        hpsrv          (d1f817e61d52816996b8f1eba9a38276) C:\Windows\system32\Hpservice.exe
09:01:37.0028 2388        hpsrv - ok
09:01:37.0238 2388        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:01:37.0275 2388        HTTP - ok
09:01:37.0409 2388        hwdatacard      (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:01:37.0448 2388        hwdatacard - ok
09:01:37.0533 2388        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:01:37.0564 2388        hwpolicy - ok
09:01:37.0697 2388        hwusbfake      (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbfake.sys
09:01:37.0764 2388        hwusbfake - ok
09:01:37.0953 2388        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:01:38.0035 2388        i8042prt - ok
09:01:38.0367 2388        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:01:38.0390 2388        iaStorV - ok
09:01:38.0676 2388        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:01:38.0747 2388        idsvc - ok
09:01:38.0922 2388        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:01:38.0953 2388        iirsp - ok
09:01:39.0078 2388        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:01:39.0245 2388        IKEEXT - ok
09:01:39.0486 2388        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:01:39.0515 2388        intelide - ok
09:01:39.0841 2388        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:01:39.0878 2388        intelppm - ok
09:01:40.0001 2388        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:01:40.0084 2388        IPBusEnum - ok
09:01:40.0146 2388        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:01:40.0229 2388        IpFilterDriver - ok
09:01:40.0375 2388        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
09:01:40.0483 2388        iphlpsvc - ok
09:01:40.0661 2388        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:01:40.0725 2388        IPMIDRV - ok
09:01:40.0761 2388        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:01:41.0004 2388        IPNAT - ok
09:01:41.0388 2388        iPod Service    (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
09:01:41.0451 2388        iPod Service - ok
09:01:41.0740 2388        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:01:41.0778 2388        IRENUM - ok
09:01:41.0958 2388        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:01:41.0987 2388        isapnp - ok
09:01:42.0184 2388        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:01:42.0273 2388        iScsiPrt - ok
09:01:42.0507 2388        JMCR            (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
09:01:42.0677 2388        JMCR - ok
09:01:42.0998 2388        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
09:01:43.0028 2388        kbdclass - ok
09:01:43.0345 2388        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:01:43.0518 2388        kbdhid - ok
09:01:43.0781 2388        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:01:43.0816 2388        KeyIso - ok
09:01:43.0894 2388        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
09:01:43.0926 2388        KSecDD - ok
09:01:44.0025 2388        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
09:01:44.0057 2388        KSecPkg - ok
09:01:44.0110 2388        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:01:44.0196 2388        KtmRm - ok
09:01:44.0427 2388        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
09:01:44.0474 2388        LanmanServer - ok
09:01:44.0625 2388        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:01:44.0725 2388        LanmanWorkstation - ok
09:01:45.0048 2388        LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:01:45.0060 2388        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
09:01:45.0061 2388        LightScribeService - detected UnsignedFile.Multi.Generic (1)
09:01:45.0360 2388        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:01:45.0477 2388        lltdio - ok
09:01:45.0638 2388        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:01:45.0693 2388        lltdsvc - ok
09:01:45.0732 2388        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:01:45.0761 2388        lmhosts - ok
09:01:45.0935 2388        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:01:45.0969 2388        LSI_FC - ok
09:01:46.0053 2388        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:01:46.0076 2388        LSI_SAS - ok
09:01:46.0119 2388        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:01:46.0135 2388        LSI_SAS2 - ok
09:01:46.0174 2388        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:01:46.0191 2388        LSI_SCSI - ok
09:01:46.0239 2388        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:01:46.0277 2388        luafv - ok
09:01:46.0455 2388        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:01:46.0490 2388        Mcx2Svc - ok
09:01:46.0539 2388        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:01:46.0551 2388        megasas - ok
09:01:46.0692 2388        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:01:46.0728 2388        MegaSR - ok
09:01:47.0221 2388        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:01:47.0246 2388        Microsoft Office Groove Audit Service - ok
09:01:47.0545 2388        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:01:47.0668 2388        MMCSS - ok
09:01:47.0777 2388        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:01:47.0871 2388        Modem - ok
09:01:48.0230 2388        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:01:48.0467 2388        monitor - ok
09:01:48.0656 2388        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:01:48.0668 2388        mouclass - ok
09:01:48.0773 2388        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:01:48.0827 2388        mouhid - ok
09:01:49.0080 2388        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:01:49.0113 2388        mountmgr - ok
09:01:49.0210 2388        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:01:49.0229 2388        mpio - ok
09:01:49.0297 2388        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:01:49.0465 2388        mpsdrv - ok
09:01:49.0688 2388        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
09:01:49.0812 2388        MpsSvc - ok
09:01:50.0045 2388        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:01:50.0069 2388        MRxDAV - ok
09:01:50.0238 2388        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:01:50.0379 2388        mrxsmb - ok
09:01:50.0601 2388        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:01:50.0778 2388        mrxsmb10 - ok
09:01:51.0154 2388        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:01:51.0211 2388        mrxsmb20 - ok
09:01:51.0471 2388        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:01:51.0498 2388        msahci - ok
09:01:51.0592 2388        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:01:51.0621 2388        msdsm - ok
09:01:51.0673 2388        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:01:51.0728 2388        MSDTC - ok
09:01:51.0959 2388        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:01:52.0079 2388        Msfs - ok
09:01:52.0248 2388        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:01:52.0370 2388        mshidkmdf - ok
09:01:52.0726 2388        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:01:52.0755 2388        msisadrv - ok
09:01:52.0896 2388        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:01:52.0980 2388        MSiSCSI - ok
09:01:53.0054 2388        msiserver - ok
09:01:53.0333 2388        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:01:53.0514 2388        MSKSSRV - ok
09:01:53.0677 2388        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:01:53.0856 2388        MSPCLOCK - ok
09:01:54.0477 2388        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:01:54.0634 2388        MSPQM - ok
09:01:54.0923 2388        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:01:54.0952 2388        MsRPC - ok
09:01:55.0341 2388        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:01:55.0367 2388        mssmbios - ok
09:01:55.0674 2388        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:01:55.0720 2388        MSTEE - ok
09:01:55.0826 2388        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:01:55.0949 2388        MTConfig - ok
09:01:56.0003 2388        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:01:56.0019 2388        Mup - ok
09:01:56.0092 2388        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:01:56.0144 2388        napagent - ok
09:01:56.0264 2388        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:01:56.0303 2388        NativeWifiP - ok
09:01:56.0624 2388        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:01:56.0672 2388        NDIS - ok
09:01:56.0860 2388        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:01:57.0028 2388        NdisCap - ok
09:01:57.0192 2388        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:01:57.0292 2388        NdisTapi - ok
09:01:57.0456 2388        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:01:57.0507 2388        Ndisuio - ok
09:01:57.0593 2388        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:01:57.0741 2388        NdisWan - ok
09:01:57.0886 2388        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:01:58.0345 2388        NDProxy - ok
09:01:58.0940 2388        Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
09:01:59.0027 2388        Nero BackItUp Scheduler 4.0 - ok
09:01:59.0211 2388        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:01:59.0334 2388        NetBIOS - ok
09:01:59.0524 2388        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:01:59.0763 2388        NetBT - ok
09:02:00.0092 2388        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:02:00.0129 2388        Netlogon - ok
09:02:00.0285 2388        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:02:00.0569 2388        Netman - ok
09:02:00.0786 2388        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:02:00.0906 2388        netprofm - ok
09:02:01.0354 2388        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:02:01.0380 2388        NetTcpPortSharing - ok
09:02:02.0008 2388        NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
09:02:02.0390 2388        NETw5s32 - ok
09:02:02.0748 2388        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
09:02:03.0280 2388        netw5v32 - ok
09:02:03.0508 2388        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:02:03.0539 2388        nfrd960 - ok
09:02:03.0845 2388        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:02:04.0142 2388        NlaSvc - ok
09:02:04.0325 2388        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:02:04.0433 2388        Npfs - ok
09:02:04.0560 2388        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:02:04.0617 2388        nsi - ok
09:02:04.0830 2388        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:02:04.0943 2388        nsiproxy - ok
09:02:05.0334 2388        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:02:05.0429 2388        Ntfs - ok
09:02:05.0785 2388        NuidFltr        (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:02:05.0809 2388        NuidFltr - ok
09:02:05.0986 2388        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:02:06.0113 2388        Null - ok
09:02:06.0676 2388        nvlddmkm        (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:02:06.0844 2388        nvlddmkm - ok
09:02:07.0029 2388        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:02:07.0064 2388        nvraid - ok
09:02:07.0242 2388        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:02:07.0276 2388        nvstor - ok
09:02:07.0476 2388        nvsvc          (c4d17f11526f87bc762f31da5bd2580b) C:\Windows\system32\nvvsvc.exe
09:02:07.0510 2388        nvsvc - ok
09:02:07.0872 2388        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:02:07.0906 2388        nv_agp - ok
09:02:08.0208 2388        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:02:08.0247 2388        odserv - ok
09:02:08.0484 2388        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:02:08.0598 2388        ohci1394 - ok
09:02:08.0811 2388        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:02:08.0827 2388        ose - ok
09:02:09.0067 2388        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:02:09.0137 2388        p2pimsvc - ok
09:02:09.0248 2388        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:02:09.0307 2388        p2psvc - ok
09:02:09.0485 2388        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:02:09.0557 2388        Parport - ok
09:02:09.0670 2388        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:02:09.0702 2388        partmgr - ok
09:02:09.0778 2388        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:02:09.0875 2388        Parvdm - ok
09:02:09.0922 2388        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:02:09.0958 2388        PcaSvc - ok
09:02:10.0124 2388        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:02:10.0156 2388        pci - ok
09:02:10.0213 2388        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:02:10.0225 2388        pciide - ok
09:02:10.0291 2388        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:02:10.0307 2388        pcmcia - ok
09:02:10.0345 2388        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:02:10.0358 2388        pcw - ok
09:02:10.0438 2388        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:02:10.0507 2388        PEAUTH - ok
09:02:10.0619 2388        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:02:10.0672 2388        PeerDistSvc - ok
09:02:10.0792 2388        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:02:10.0917 2388        pla - ok
09:02:11.0321 2388        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
09:02:11.0401 2388        PlugPlay - ok
09:02:11.0696 2388        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:02:11.0826 2388        PNRPAutoReg - ok
09:02:11.0947 2388        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:02:11.0973 2388        PNRPsvc - ok
09:02:12.0218 2388        Point32        (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
09:02:12.0241 2388        Point32 - ok
09:02:12.0361 2388        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:02:12.0453 2388        PolicyAgent - ok
09:02:12.0577 2388        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:02:12.0630 2388        Power - ok
09:02:12.0788 2388        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:02:12.0957 2388        PptpMiniport - ok
09:02:13.0109 2388        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:02:13.0209 2388        Processor - ok
09:02:13.0457 2388        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
09:02:13.0527 2388        ProfSvc - ok
09:02:13.0834 2388        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:02:13.0871 2388        ProtectedStorage - ok
09:02:14.0163 2388        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:02:14.0346 2388        Psched - ok
09:02:14.0569 2388        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:02:14.0668 2388        ql2300 - ok
09:02:14.0728 2388        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:02:14.0753 2388        ql40xx - ok
09:02:14.0990 2388        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:02:15.0054 2388        QWAVE - ok
09:02:15.0218 2388        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:02:15.0257 2388        QWAVEdrv - ok
09:02:15.0286 2388        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:02:15.0331 2388        RasAcd - ok
09:02:15.0390 2388        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:02:15.0439 2388        RasAgileVpn - ok
09:02:15.0484 2388        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:02:15.0517 2388        RasAuto - ok
09:02:15.0549 2388        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:02:15.0580 2388        Rasl2tp - ok
09:02:15.0663 2388        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:02:15.0804 2388        RasMan - ok
09:02:15.0990 2388        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:02:16.0344 2388        RasPppoe - ok
09:02:16.0646 2388        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:02:16.0970 2388        RasSstp - ok
09:02:17.0180 2388        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:02:17.0253 2388        rdbss - ok
09:02:17.0331 2388        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:02:17.0537 2388        rdpbus - ok
09:02:17.0699 2388        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:02:17.0791 2388        RDPCDD - ok
09:02:17.0969 2388        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:02:18.0007 2388        RDPDR - ok
09:02:18.0141 2388        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:02:18.0319 2388        RDPENCDD - ok
09:02:18.0544 2388        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:02:18.0595 2388        RDPREFMP - ok
09:02:18.0891 2388        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
09:02:19.0126 2388        RdpVideoMiniport - ok
09:02:19.0384 2388        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
09:02:19.0462 2388        RDPWD - ok
09:02:19.0625 2388        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:02:19.0662 2388        rdyboost - ok
09:02:19.0931 2388        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:02:20.0011 2388        RemoteAccess - ok
09:02:20.0134 2388        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:02:20.0191 2388        RemoteRegistry - ok
09:02:20.0219 2388        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:02:20.0250 2388        RpcEptMapper - ok
09:02:20.0329 2388        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:02:20.0407 2388        RpcLocator - ok
09:02:20.0502 2388        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:02:20.0554 2388        RpcSs - ok
09:02:20.0676 2388        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:02:20.0766 2388        rspndr - ok
09:02:21.0035 2388        RTL8167        (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:02:21.0121 2388        RTL8167 - ok
09:02:21.0319 2388        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:02:21.0419 2388        s3cap - ok
09:02:21.0516 2388        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:02:21.0535 2388        SamSs - ok
09:02:21.0744 2388        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:02:21.0771 2388        sbp2port - ok
09:02:21.0973 2388        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:02:22.0012 2388        SCardSvr - ok
09:02:22.0226 2388        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:02:22.0323 2388        scfilter - ok
09:02:22.0504 2388        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:02:22.0651 2388        Schedule - ok
09:02:22.0741 2388        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:02:22.0776 2388        SCPolicySvc - ok
09:02:22.0934 2388        sdbus          (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
09:02:23.0177 2388        sdbus - ok
09:02:23.0393 2388        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:02:23.0465 2388        SDRSVC - ok
09:02:23.0597 2388        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:02:23.0661 2388        secdrv - ok
09:02:23.0715 2388        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:02:23.0797 2388        seclogon - ok
09:02:23.0874 2388        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
09:02:23.0957 2388        SENS - ok
09:02:23.0982 2388        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:02:24.0065 2388        SensrSvc - ok
09:02:24.0236 2388        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:02:24.0255 2388        Serenum - ok
09:02:24.0283 2388        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:02:24.0344 2388        Serial - ok
09:02:24.0432 2388        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:02:24.0447 2388        sermouse - ok
09:02:24.0517 2388        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:02:24.0600 2388        SessionEnv - ok
09:02:24.0700 2388        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:02:24.0747 2388        sffdisk - ok
09:02:24.0782 2388        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:02:24.0830 2388        sffp_mmc - ok
09:02:24.0877 2388        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:02:24.0895 2388        sffp_sd - ok
09:02:24.0923 2388        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:02:24.0938 2388        sfloppy - ok
09:02:24.0988 2388        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:02:25.0051 2388        SharedAccess - ok
09:02:25.0163 2388        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:02:25.0221 2388        ShellHWDetection - ok
09:02:25.0356 2388        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:02:25.0369 2388        sisagp - ok
09:02:25.0446 2388        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:02:25.0460 2388        SiSRaid2 - ok
09:02:25.0485 2388        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:02:25.0499 2388        SiSRaid4 - ok
09:02:25.0563 2388        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:02:25.0594 2388        Smb - ok
09:02:25.0681 2388        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:02:25.0698 2388        SNMPTRAP - ok
09:02:25.0765 2388        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:02:25.0791 2388        spldr - ok
09:02:25.0886 2388        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:02:25.0919 2388        Spooler - ok
09:02:26.0087 2388        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:02:26.0227 2388        sppsvc - ok
09:02:26.0323 2388        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:02:26.0353 2388        sppuinotify - ok
09:02:26.0496 2388        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
09:02:26.0497 2388        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
09:02:26.0500 2388        sptd ( LockedFile.Multi.Generic ) - warning
09:02:26.0500 2388        sptd - detected LockedFile.Multi.Generic (1)
09:02:26.0576 2388        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:02:26.0650 2388        srv - ok
09:02:26.0729 2388        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:02:26.0785 2388        srv2 - ok
09:02:26.0852 2388        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:02:26.0867 2388        srvnet - ok
09:02:26.0960 2388        sscdbus        (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
09:02:26.0972 2388        sscdbus - ok
09:02:27.0063 2388        sscdmdfl        (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:02:27.0075 2388        sscdmdfl - ok
09:02:27.0135 2388        sscdmdm        (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
09:02:27.0147 2388        sscdmdm - ok
09:02:27.0221 2388        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:02:27.0284 2388        SSDPSRV - ok
09:02:27.0423 2388        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
09:02:27.0434 2388        ssmdrv - ok
09:02:27.0513 2388        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:02:27.0595 2388        SstpSvc - ok
09:02:27.0771 2388        STacSV          (05ae358cd777bf8857f512a18e1de7aa) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
09:02:27.0833 2388        STacSV - ok
09:02:28.0061 2388        StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
09:02:28.0109 2388        StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
09:02:28.0109 2388        StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
09:02:28.0271 2388        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:02:28.0288 2388        stexstor - ok
09:02:28.0616 2388        STHDA          (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
09:02:28.0668 2388        STHDA - ok
09:02:28.0918 2388        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:02:28.0993 2388        StiSvc - ok
09:02:29.0214 2388        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:02:29.0239 2388        storflt - ok
09:02:29.0433 2388        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:02:29.0454 2388        storvsc - ok
09:02:29.0602 2388        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:02:29.0627 2388        swenum - ok
09:02:29.0691 2388        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:02:29.0762 2388        swprv - ok
09:02:29.0823 2388        Synth3dVsc - ok
09:02:30.0027 2388        SynTP          (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
09:02:30.0052 2388        SynTP - ok
09:02:30.0239 2388        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:02:30.0296 2388        SysMain - ok
09:02:30.0448 2388        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:02:30.0561 2388        TabletInputService - ok
09:02:30.0727 2388        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:02:30.0774 2388        TapiSrv - ok
09:02:30.0805 2388        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:02:30.0837 2388        TBS - ok
09:02:31.0114 2388        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
09:02:31.0214 2388        Tcpip - ok
09:02:31.0558 2388        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
09:02:31.0600 2388        TCPIP6 - ok
09:02:31.0893 2388        tcpipBM        (fbf08035b75e52d99d81ea8eddba5f9c) C:\Windows\system32\drivers\tcpipBM.sys
09:02:32.0076 2388        tcpipBM ( UnsignedFile.Multi.Generic ) - warning
09:02:32.0076 2388        tcpipBM - detected UnsignedFile.Multi.Generic (1)
09:02:32.0415 2388        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:02:32.0542 2388        tcpipreg - ok
09:02:32.0882 2388        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:02:33.0045 2388        TDPIPE - ok
09:02:33.0590 2388        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
09:02:33.0764 2388        TDTCP - ok
09:02:34.0210 2388        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:02:34.0550 2388        tdx - ok
09:02:34.0733 2388        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:02:34.0759 2388        TermDD - ok
09:02:34.0905 2388        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:02:35.0017 2388        TermService - ok
09:02:35.0156 2388        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:02:35.0204 2388        Themes - ok
09:02:35.0309 2388        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:02:35.0347 2388        THREADORDER - ok
09:02:35.0456 2388        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:02:35.0579 2388        TrkWks - ok
09:02:35.0752 2388        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:02:35.0824 2388        TrustedInstaller - ok
09:02:35.0989 2388        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:02:36.0036 2388        tssecsrv - ok
09:02:36.0209 2388        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:02:36.0317 2388        TsUsbFlt - ok
09:02:36.0516 2388        tsusbhub - ok
09:02:36.0681 2388        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:02:36.0926 2388        tunnel - ok
09:02:37.0053 2388        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:02:37.0085 2388        uagp35 - ok
09:02:37.0309 2388        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:02:37.0412 2388        udfs - ok
09:02:37.0540 2388        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:02:37.0616 2388        UI0Detect - ok
09:02:37.0836 2388        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:02:37.0857 2388        uliagpkx - ok
09:02:38.0001 2388        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:02:38.0218 2388        umbus - ok
09:02:38.0391 2388        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:02:38.0421 2388        UmPass - ok
09:02:38.0578 2388        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
09:02:38.0681 2388        UmRdpService - ok
09:02:38.0925 2388        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:02:38.0982 2388        upnphost - ok
09:02:39.0088 2388        USBAAPL        (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
09:02:39.0165 2388        USBAAPL - ok
09:02:39.0357 2388        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:02:39.0402 2388        usbccgp - ok
09:02:39.0634 2388        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:02:39.0737 2388        usbcir - ok
09:02:39.0846 2388        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
09:02:39.0870 2388        usbehci - ok
09:02:39.0974 2388        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:02:40.0031 2388        usbhub - ok
09:02:40.0105 2388        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
09:02:40.0231 2388        usbohci - ok
09:02:40.0291 2388        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:02:40.0311 2388        usbprint - ok
09:02:40.0366 2388        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:02:40.0411 2388        usbscan - ok
09:02:40.0531 2388        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:02:40.0556 2388        USBSTOR - ok
09:02:40.0683 2388        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
09:02:40.0718 2388        usbuhci - ok
09:02:40.0910 2388        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
09:02:41.0053 2388        usbvideo - ok
09:02:41.0236 2388        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:02:41.0288 2388        UxSms - ok
09:02:41.0441 2388        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:02:41.0456 2388        VaultSvc - ok
09:02:41.0731 2388        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:02:41.0766 2388        vdrvroot - ok
09:02:41.0972 2388        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:02:42.0136 2388        vds - ok
09:02:42.0403 2388        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:02:42.0690 2388        vga - ok
09:02:42.0818 2388        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:02:42.0869 2388        VgaSave - ok
09:02:42.0919 2388        VGPU - ok
09:02:43.0044 2388        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:02:43.0073 2388        vhdmp - ok
09:02:43.0367 2388        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:02:43.0398 2388        viaagp - ok
09:02:43.0536 2388        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:02:43.0619 2388        ViaC7 - ok
09:02:43.0815 2388        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:02:43.0845 2388        viaide - ok
09:02:43.0969 2388        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:02:44.0001 2388        vmbus - ok
09:02:44.0122 2388        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:02:44.0157 2388        VMBusHID - ok
09:02:44.0241 2388        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:02:44.0257 2388        volmgr - ok
09:02:44.0322 2388        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:02:44.0346 2388        volmgrx - ok
09:02:44.0471 2388        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:02:44.0508 2388        volsnap - ok
09:02:44.0767 2388        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:02:44.0804 2388        vsmraid - ok
09:02:44.0956 2388        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:02:45.0199 2388        VSS - ok
09:02:45.0393 2388        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:02:45.0512 2388        vwifibus - ok
09:02:45.0624 2388        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:02:45.0668 2388        vwififlt - ok
09:02:45.0761 2388        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:02:45.0842 2388        W32Time - ok
09:02:45.0939 2388        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:02:46.0138 2388        WacomPen - ok
09:02:46.0387 2388        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:02:46.0437 2388        WANARP - ok
09:02:46.0441 2388        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:02:46.0469 2388        Wanarpv6 - ok
09:02:46.0659 2388        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:02:46.0763 2388        wbengine - ok
09:02:46.0846 2388        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:02:46.0937 2388        WbioSrvc - ok
09:02:46.0997 2388        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:02:47.0177 2388        wcncsvc - ok
09:02:47.0317 2388        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:02:47.0403 2388        WcsPlugInService - ok
09:02:47.0524 2388        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:02:47.0556 2388        Wd - ok
09:02:47.0594 2388        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:02:47.0621 2388        Wdf01000 - ok
09:02:47.0720 2388        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:02:47.0831 2388        WdiServiceHost - ok
09:02:47.0837 2388        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:02:47.0857 2388        WdiSystemHost - ok
09:02:47.0932 2388        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:02:47.0961 2388        WebClient - ok
09:02:48.0031 2388        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:02:48.0086 2388        Wecsvc - ok
09:02:48.0128 2388        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:02:48.0178 2388        wercplsupport - ok
09:02:48.0236 2388        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:02:48.0268 2388        WerSvc - ok
09:02:48.0422 2388        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:02:48.0476 2388        WfpLwf - ok
09:02:48.0499 2388        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:02:48.0512 2388        WIMMount - ok
09:02:48.0696 2388        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:02:48.0764 2388        WinDefend - ok
09:02:48.0769 2388        WinHttpAutoProxySvc - ok
09:02:49.0336 2388        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:02:49.0526 2388        Winmgmt - ok
09:02:49.0783 2388        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:02:49.0919 2388        WinRM - ok
09:02:50.0052 2388        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:02:50.0089 2388        WinUsb - ok
09:02:50.0163 2388        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:02:50.0236 2388        Wlansvc - ok
09:02:50.0373 2388        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:02:50.0387 2388        WmiAcpi - ok
09:02:50.0541 2388        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:02:50.0626 2388        wmiApSrv - ok
09:02:50.0894 2388        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:02:51.0044 2388        WMPNetworkSvc - ok
09:02:51.0263 2388        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:02:51.0294 2388        WPCSvc - ok
09:02:51.0390 2388        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:02:51.0498 2388        WPDBusEnum - ok
09:02:51.0577 2388        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:02:51.0707 2388        ws2ifsl - ok
09:02:51.0807 2388        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
09:02:51.0886 2388        wscsvc - ok
09:02:51.0897 2388        WSearch - ok
09:02:52.0099 2388        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
09:02:52.0207 2388        wuauserv - ok
09:02:52.0544 2388        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:02:52.0591 2388        WudfPf - ok
09:02:52.0713 2388        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:02:52.0743 2388        WUDFRd - ok
09:02:52.0809 2388        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:02:52.0892 2388        wudfsvc - ok
09:02:52.0948 2388        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:02:53.0137 2388        WwanSvc - ok
09:02:53.0205 2388        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:02:56.0219 2388        \Device\Harddisk0\DR0 - ok
09:02:56.0245 2388        Boot (0x1200)  (226aea7f0afbbf7d90d02c9272f22594) \Device\Harddisk0\DR0\Partition0
09:02:56.0300 2388        \Device\Harddisk0\DR0\Partition0 - ok
09:02:56.0387 2388        Boot (0x1200)  (e06c94c6534cf080d5a412d5dd7ca123) \Device\Harddisk0\DR0\Partition1
09:02:56.0474 2388        \Device\Harddisk0\DR0\Partition1 - ok
09:02:56.0475 2388        ============================================================
09:02:56.0476 2388        Scan finished
09:02:56.0476 2388        ============================================================
09:02:56.0505 2128        Detected object count: 5
09:02:56.0505 2128        Actual detected object count: 5
09:03:20.0148 2128        C:\Windows\system32\drivers\BMLoad.sys - copied to quarantine
09:03:20.0149 2128        HKLM\SYSTEM\ControlSet001\services\BMLoad - will be deleted on reboot
09:03:20.0202 2128        HKLM\SYSTEM\ControlSet002\services\BMLoad - will be deleted on reboot
09:03:20.0366 2128        C:\Windows\system32\drivers\BMLoad.sys - will be deleted on reboot
09:03:20.0366 2128        BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Delete
09:03:20.0366 2128        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
09:03:20.0366 2128        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:03:20.0528 2128        C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
09:03:20.0529 2128        HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
09:03:20.0529 2128        HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
09:03:20.0534 2128        C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
09:03:20.0534 2128        sptd ( LockedFile.Multi.Generic ) - User select action: Delete
09:03:20.0655 2128        C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - copied to quarantine
09:03:20.0655 2128        HKLM\SYSTEM\ControlSet001\services\StarWindServiceAE - will be deleted on reboot
09:03:20.0666 2128        HKLM\SYSTEM\ControlSet002\services\StarWindServiceAE - will be deleted on reboot
09:03:20.0671 2128        C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - will be deleted on reboot
09:03:20.0671 2128        StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Delete
09:03:20.0784 2128        C:\Windows\system32\drivers\tcpipBM.sys - copied to quarantine
09:03:20.0784 2128        HKLM\SYSTEM\ControlSet001\services\tcpipBM - will be deleted on reboot
09:03:20.0785 2128        HKLM\SYSTEM\ControlSet002\services\tcpipBM - will be deleted on reboot
09:03:20.0789 2128        C:\Windows\system32\drivers\tcpipBM.sys - will be deleted on reboot
09:03:20.0789 2128        tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Delete
MfG

Frank

markusg 29.03.2012 19:47
das kommt davon wenn man einfach drauf los löscht.
alle dateien waren sauber.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Stepi85 29.03.2012 19:52
Ist dabei.

Wie ist das eigentlich? Ich arbeite bezüglich Viren mit Antivir - reicht der aus?
Sollte ich nebenbei irgendwelche Antimalware Systeme laufen haben?
Muss ich meinen Rechner nun neu aufspielen?

MfG

Frank

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stepi :: HANGOVERPC [Administrator]

Schutz: Aktiviert

29.03.2012 20:50:45
mbam-log-2012-03-29 (20-50-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 356252
Laufzeit: 1 Stunde(n), 7 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Stepi\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Stepi\AppData\Roaming\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stepi\Desktop\Adobe\Adobe Photoshop\Adobe.Photoshop.Elements.v7.0.German.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stepi\Desktop\Bilder Laptop Franzi\RIMG0404.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\03282012_203447\C_Users\Stepi\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 30.03.2012 12:20
C:\Users\Stepi\Desktop\Adobe\Adobe Photoshop\Adobe.Photoshop.Elements.v7.0.German.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich
gelöscht und in Quarantäne gestellt.
da diese software illegal ist, ist hiermit der suport beendet, und es gibt nur hilfe beim daten sichern, formatieren, neu aufsetzen und absichern des geräts

Stepi85 30.03.2012 12:31
Hi,

aber der Virus ist nun runter?

MfG

Frank


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:23 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130