Page 1 of 4 1234 LastLast
Results 1 to 10 of 36

Thread: again Malware problems :-(

  1. #1
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default again Malware problems :-(

    Hi
    A month ago I fixed my laptop with your help. http://forums.spybot.info/showthread.php?t=67898 At first things were running quite ok - though a bit slow, especially after rebooting it took more time than before to have my OS ready to use. Now, however I experienced more problems, especially occasional bluescreens and incredibly slow performance (also only occasionally) after booting. After a while it usually gets better and runs quite normal. However I thought this needs fixing...

    I hope you can help me!

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2
    Run by Chris Novak at 10:29:33 on 2013-04-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2438 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: SwissAcademic.Citavi.Picker.IEPicker: {609D670F-B735-4da7-AC6D-F3BD358E325E} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\Users\CHRISN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
    IE: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} -
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
    TCP: NameServer = 158.223.1.2 158.223.1.1
    TCP: Interfaces\{632DD7E9-34B8-460E-80C0-5646C13BBD4B} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C} : DHCPNameServer = 158.223.1.2 158.223.1.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\5416379724F687D2838354835383 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\75C414E4D2030313144364431383640333 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\76F6C64637D696478637F547563747 : DHCPNameServer = 158.223.0.122 158.223.0.123
    TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\84E46424640275C414E4 : DHCPNameServer = 192.168.178.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= c:\progra~1\agnitum\outpos~1\wl_hook.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
    x64-Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-14 65336]
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-17 14456]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-25 55856]
    R1 afw;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [2013-3-23 39528]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-5-30 28504]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-22 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-22 377920]
    R1 SandBox;SandBox;C:\Windows\System32\drivers\SandBox64.sys [2013-3-23 1097672]
    R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2013-3-23 3501696]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-25 203264]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-22 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-22 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-14 45248]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-21 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-21 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-21 168384]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-25 1692480]
    R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [2013-3-23 424040]
    R3 CryptOSD;Phoenix CryptOSD Device Driver;C:\Windows\System32\drivers\CryptOSD.sys [2009-6-25 431488]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-10-25 172704]
    R3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-10-25 5435904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 ASWFilt;ASWFilt;C:\Windows\System32\Filt\ASWFilt64.dll [2013-3-23 49168]
    S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-14 178624]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-10-25 35104]
    S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-17 38096]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-21 19456]
    S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-21 57856]
    S3 VBEngNT;VBEngNT;C:\Windows\System32\drivers\VBEngNT.sys [2013-3-23 293048]
    S3 VBFilt;VBFilt;C:\Windows\System32\Filt\VBFilt64.dll [2013-3-23 42976]
    S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-26 1255736]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    .
    =============== Created Last 30 ================
    .
    2013-04-05 14:28:20 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC6527FC-1198-4020-9A2A-CFDED8A396D4}\mpengine.dll
    2013-03-23 22:54:11 -------- d-----w- C:\ProgramData\PopCap Games
    2013-03-23 22:54:11 -------- d-----w- C:\Program Files (x86)\PopCap Games
    2013-03-23 16:25:15 -------- d-----w- C:\Program Files\WinDjView
    2013-03-23 09:05:27 293048 ----a-w- C:\Windows\System32\drivers\VBEngNT.sys
    2013-03-23 09:05:25 1097672 ----a-w- C:\Windows\System32\drivers\SandBox64.sys
    2013-03-23 09:05:17 424040 ----a-w- C:\Windows\System32\drivers\afwcore.sys
    2013-03-23 09:04:10 39528 ----a-w- C:\Windows\System32\drivers\afw.sys
    2013-03-23 09:03:37 -------- d-----w- C:\Windows\System32\Filt
    2013-03-23 09:03:37 -------- d-----w- C:\Users\Chris Novak\AppData\Roaming\Agnitum
    2013-03-23 09:03:35 -------- d-----w- C:\Program Files\Agnitum
    2013-03-23 09:01:37 -------- d-----w- C:\ProgramData\Agnitum
    2013-03-17 18:44:24 -------- d-----w- C:\ProgramData\YTD Video Downloader
    2013-03-17 18:44:19 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
    2013-03-15 17:53:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-14 11:41:54 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-03-14 11:41:54 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-03-14 10:05:18 249712 ----a-w- C:\Windows\SysWow64\~.tmp
    2013-03-13 16:44:32 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2013-03-13 16:44:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    .
    ==================== Find3M ====================
    .
    2013-03-15 08:50:24 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-15 08:50:24 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
    2013-03-08 23:41:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-08 23:41:40 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-03-08 23:41:40 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-07 21:53:36 544688 ----a-w- C:\Windows\System32\npdeployJava1.dll
    2013-03-07 21:53:36 526256 ----a-w- C:\Windows\System32\deployJava1.dll
    2013-03-06 23:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr
    2013-02-17 19:44:20 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    .
    ============= FINISH: 10:30:44,72 ===============

    --------------------------

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-04-08 10:31:37
    -----------------------------
    10:31:37.406 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:31:37.406 Number of processors: 2 586 0x170A
    10:31:37.408 ComputerName: CHRISNOVAK-PC UserName: Chris Novak
    10:31:46.585 Initialize success
    10:31:46.728 AVAST engine defs: 13040801
    10:32:12.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    10:32:12.571 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 11
    10:32:12.622 Disk 0 MBR read successfully
    10:32:12.627 Disk 0 MBR scan
    10:32:12.633 Disk 0 Windows VISTA default MBR code
    10:32:12.638 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    10:32:12.669 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
    10:32:12.685 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30800325
    10:32:12.705 Disk 0 scanning C:\Windows\system32\drivers
    10:32:23.341 Service scanning
    10:32:39.589 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    10:32:44.891 Modules scanning
    10:32:44.905 Disk 0 trace - called modules:
    10:32:44.972 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003ca72c0]<<spyi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    10:32:44.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cdc060]
    10:32:44.985 3 CLASSPNP.SYS[fffff880013c143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b23060]
    10:32:44.991 \Driver\atapi[0xfffffa8004b08320] -> IRP_MJ_CREATE -> 0xfffffa8003ca72c0
    10:32:46.469 AVAST engine scan C:\Windows
    10:32:49.504 AVAST engine scan C:\Windows\system32
    10:36:39.390 AVAST engine scan C:\Windows\system32\drivers
    10:36:53.277 AVAST engine scan C:\Users\Chris Novak
    11:35:36.832 AVAST engine scan C:\ProgramData
    11:41:14.365 Scan finished successfully
    11:44:50.097 Disk 0 MBR has been saved successfully to "C:\Users\Chris Novak\Desktop\MBR.dat"
    11:44:50.108 The log file has been saved successfully to "C:\Users\Chris Novak\Desktop\aswMBR.txt"


    ---------------------

    Search results from Spybot - Search & Destroy

    08.04.2013 12:34:01
    Scan took 00:34:16.
    19 items found.

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Chris Novak\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BFRC3K9A\s.ytimg.com\videostats.sol
    Properties.size=275
    Properties.md5=5D691C72E157C7148B14FF62D63DF717
    Properties.filedate=1365258103
    Properties.filedatetext=2013-04-06 15:21:43

    Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
    C:\Windows\setupact.log
    Properties.size=5936
    Properties.md5=EB776A3D407E1A5B3C8E100560B3BDE2
    Properties.filedate=1365419637
    Properties.filedatetext=2013-04-08 12:13:57

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Id

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Id

    MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Office\12.0\Word\File MRU

    Windows.OpenWith: [SBI $48691F6C] Open with list - .ASD extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASD\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (5) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (33) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


    History: [SBI $49804B54] Browser: History (118) (Browser: History, nothing done)



    --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

    2012-11-13 blindman.exe (2.0.12.151)
    2012-11-13 explorer.exe (2.0.12.173)
    2012-11-13 SDBootCD.exe (2.0.12.109)
    2012-11-13 SDCleaner.exe (2.0.12.110)
    2012-11-13 SDDelFile.exe (2.0.12.94)
    2012-11-13 SDFiles.exe (2.0.12.135)
    2012-11-13 SDFileScanHelper.exe (2.0.12.1)
    2012-11-13 SDFSSvc.exe (2.0.12.205)
    2012-11-13 SDImmunize.exe (2.0.12.130)
    2012-11-13 SDLogReport.exe (2.0.12.107)
    2012-11-13 SDPESetup.exe (2.0.12.3)
    2012-11-13 SDPEStart.exe (2.0.12.86)
    2012-11-13 SDPhoneScan.exe (2.0.12.27)
    2012-11-13 SDPRE.exe (2.0.12.13)
    2012-11-13 SDPrepPos.exe (2.0.12.10)
    2012-11-13 SDQuarantine.exe (2.0.12.103)
    2012-11-13 SDRootAlyzer.exe (2.0.12.116)
    2012-11-13 SDSBIEdit.exe (2.0.12.39)
    2012-11-13 SDScan.exe (2.0.12.173)
    2012-11-13 SDScript.exe (2.0.12.53)
    2012-11-13 SDSettings.exe (2.0.12.130)
    2012-11-13 SDShred.exe (2.0.12.105)
    2012-11-13 SDSysRepair.exe (2.0.12.101)
    2012-11-13 SDTools.exe (2.0.12.150)
    2012-11-13 SDTray.exe (2.0.12.127)
    2012-11-13 SDUpdate.exe (2.0.12.89)
    2012-11-13 SDUpdSvc.exe (2.0.12.76)
    2012-11-13 SDWelcome.exe (2.0.12.126)
    2012-11-13 SDWSCSvc.exe (2.0.12.2)
    2013-02-21 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
    2012-11-13 SDECon32.dll (2.0.12.113)
    2012-11-13 SDECon64.dll (2.0.12.113)
    2012-11-13 SDEvents.dll (2.0.12.2)
    2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
    2012-11-13 SDHelper.dll (2.0.12.88)
    2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
    2012-11-13 SDLists.dll (2.0.12.4)
    2012-11-13 SDResources.dll (2.0.12.7)
    2012-11-13 SDScanLibrary.dll (2.0.12.131)
    2012-11-13 SDTasks.dll (2.0.12.15)
    2012-11-13 SDWinLogon.dll (2.0.12.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2012-11-13 Tools.dll (2.0.12.36)
    2012-11-13 UninsSrv.dll (2.0.12.52)
    2012-12-18 Includes\Adware.sbi (*)
    2013-03-27 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2012-11-14 Includes\DialerC.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2012-11-14 Includes\HijackersC.sbi (*)
    2012-11-14 Includes\iPhone.sbi (*)
    2012-11-14 Includes\Keyloggers.sbi (*)
    2012-12-18 Includes\KeyloggersC.sbi (*)
    2012-11-21 Includes\Malware.sbi (*)
    2013-03-26 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-03-26 Includes\PUPSC.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2012-11-14 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2012-11-14 Includes\Spyware.sbi (*)
    2012-11-14 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2013-01-16 Includes\Trojans.sbi (*)
    2013-03-19 Includes\TrojansC-02.sbi (*)
    2013-03-26 Includes\TrojansC-03.sbi (*)
    2013-03-14 Includes\TrojansC-04.sbi (*)
    2012-11-14 Includes\TrojansC-05.sbi (*)
    2013-03-01 Includes\TrojansC.sbi (*)
    Last edited by tashi; 2013-04-08 at 16:30. Reason: Added link

  2. #2
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi novfan welcome back

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!

    ========================================


    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




    • If an infected file is detected, the default action will be Cure, click on Continue.




    • If a suspicious file is detected, the default action will be Skip, click on Continue.




    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  3. #3
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default

    Hi! ;-)

    no reboot was required

    17:09:21.0057 6716 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    17:09:21.0430 6716 ============================================================
    17:09:21.0431 6716 Current date / time: 2013/04/08 17:09:21.0430
    17:09:21.0431 6716 SystemInfo:
    17:09:21.0431 6716
    17:09:21.0431 6716 OS Version: 6.1.7601 ServicePack: 1.0
    17:09:21.0431 6716 Product type: Workstation
    17:09:21.0431 6716 ComputerName: CHRISNOVAK-PC
    17:09:21.0431 6716 UserName: Chris Novak
    17:09:21.0431 6716 Windows directory: C:\Windows
    17:09:21.0431 6716 System windows directory: C:\Windows
    17:09:21.0431 6716 Running under WOW64
    17:09:21.0431 6716 Processor architecture: Intel x64
    17:09:21.0431 6716 Number of processors: 2
    17:09:21.0431 6716 Page size: 0x1000
    17:09:21.0432 6716 Boot type: Normal boot
    17:09:21.0432 6716 ============================================================
    17:09:23.0481 6716 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:09:23.0653 6716 ============================================================
    17:09:23.0653 6716 \Device\Harddisk0\DR0:
    17:09:23.0653 6716 MBR partitions:
    17:09:23.0653 6716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
    17:09:23.0654 6716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
    17:09:23.0654 6716 ============================================================
    17:09:23.0677 6716 C: <-> \Device\Harddisk0\DR0\Partition2
    17:09:23.0678 6716 ============================================================
    17:09:23.0678 6716 Initialize success
    17:09:23.0678 6716 ============================================================
    17:09:45.0562 5936 ============================================================
    17:09:45.0562 5936 Scan started
    17:09:45.0562 5936 Mode: Manual;
    17:09:45.0562 5936 ============================================================
    17:09:46.0479 5936 ================ Scan system memory ========================
    17:09:46.0479 5936 System memory - ok
    17:09:46.0480 5936 ================ Scan services =============================
    17:09:46.0654 5936 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    17:09:46.0660 5936 1394ohci - ok
    17:09:46.0725 5936 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:09:46.0732 5936 ACPI - ok
    17:09:46.0735 5936 Scan interrupted by user!
    17:09:46.0735 5936 ================ Scan global ===============================
    17:09:46.0735 5936 Scan interrupted by user!
    17:09:46.0735 5936 ================ Scan MBR ==================================
    17:09:46.0735 5936 Scan interrupted by user!
    17:09:46.0735 5936 ================ Scan VBR ==================================
    17:09:46.0735 5936 Scan interrupted by user!
    17:09:46.0735 5936 ============================================================
    17:09:46.0735 5936 Scan finished
    17:09:46.0735 5936 ============================================================
    17:09:46.0752 5032 Detected object count: 0
    17:09:46.0752 5032 Actual detected object count: 0
    17:10:11.0535 5712 ============================================================
    17:10:11.0535 5712 Scan started
    17:10:11.0535 5712 Mode: Manual;
    17:10:11.0535 5712 ============================================================
    17:10:11.0979 5712 ================ Scan system memory ========================
    17:10:11.0980 5712 System memory - ok
    17:10:11.0980 5712 ================ Scan services =============================
    17:10:12.0093 5712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    17:10:12.0096 5712 1394ohci - ok
    17:10:12.0110 5712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:10:12.0115 5712 ACPI - ok
    17:10:12.0157 5712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    17:10:12.0160 5712 AcpiPmi - ok
    17:10:12.0405 5712 [ FE5DCF9F6F8EA5F1F3ED2C20B1C6023E ] acssrv C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    17:10:12.0493 5712 acssrv - ok
    17:10:12.0579 5712 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:10:12.0583 5712 AdobeARMservice - ok
    17:10:12.0699 5712 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:10:12.0705 5712 AdobeFlashPlayerUpdateSvc - ok
    17:10:12.0766 5712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    17:10:12.0784 5712 adp94xx - ok
    17:10:12.0822 5712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    17:10:12.0830 5712 adpahci - ok
    17:10:12.0846 5712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    17:10:12.0850 5712 adpu320 - ok
    17:10:12.0886 5712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:10:12.0887 5712 AeLookupSvc - ok
    17:10:12.0959 5712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    17:10:12.0981 5712 AFD - ok
    17:10:13.0045 5712 [ CBDD7EB1431086A6D56C6F700D98B644 ] afw C:\Windows\system32\DRIVERS\afw.sys
    17:10:13.0048 5712 afw - ok
    17:10:13.0122 5712 [ C8C34A00C98322B06BED456B13EE4497 ] afwcore C:\Windows\system32\drivers\afwcore.sys
    17:10:13.0131 5712 afwcore - ok
    17:10:13.0192 5712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    17:10:13.0195 5712 agp440 - ok
    17:10:13.0206 5712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    17:10:13.0216 5712 ALG - ok
    17:10:13.0243 5712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    17:10:13.0245 5712 aliide - ok
    17:10:13.0293 5712 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    17:10:13.0298 5712 AMD External Events Utility - ok
    17:10:13.0321 5712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    17:10:13.0323 5712 amdide - ok
    17:10:13.0382 5712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    17:10:13.0385 5712 AmdK8 - ok
    17:10:13.0410 5712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    17:10:13.0413 5712 AmdPPM - ok
    17:10:13.0469 5712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    17:10:13.0473 5712 amdsata - ok
    17:10:13.0497 5712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    17:10:13.0503 5712 amdsbs - ok
    17:10:13.0525 5712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    17:10:13.0527 5712 amdxata - ok
    17:10:13.0580 5712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    17:10:13.0583 5712 AppID - ok
    17:10:13.0605 5712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:10:13.0608 5712 AppIDSvc - ok
    17:10:13.0646 5712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    17:10:13.0649 5712 Appinfo - ok
    17:10:13.0689 5712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    17:10:13.0692 5712 arc - ok
    17:10:13.0710 5712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    17:10:13.0713 5712 arcsas - ok
    17:10:13.0833 5712 [ F9ADE16B57293E3DD55D84879CAD2A20 ] ASWFilt C:\Windows\system32\Filt\ASWFilt64.dll
    17:10:13.0855 5712 ASWFilt - ok
    17:10:13.0918 5712 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    17:10:13.0921 5712 aswFsBlk - ok
    17:10:13.0986 5712 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
    17:10:13.0989 5712 aswKbd - ok
    17:10:14.0039 5712 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    17:10:14.0042 5712 aswMonFlt - ok
    17:10:14.0100 5712 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    17:10:14.0103 5712 aswRdr - ok
    17:10:14.0162 5712 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
    17:10:14.0165 5712 aswRvrt - ok
    17:10:14.0245 5712 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    17:10:14.0275 5712 aswSnx - ok
    17:10:14.0357 5712 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    17:10:14.0365 5712 aswSP - ok
    17:10:14.0406 5712 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    17:10:14.0410 5712 aswTdi - ok
    17:10:14.0468 5712 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
    17:10:14.0473 5712 aswVmm - ok
    17:10:14.0526 5712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:10:14.0528 5712 AsyncMac - ok
    17:10:14.0570 5712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    17:10:14.0573 5712 atapi - ok
    17:10:14.0624 5712 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    17:10:14.0628 5712 AtiHdmiService - ok
    17:10:14.0987 5712 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    17:10:15.0120 5712 atikmdag - ok
    17:10:15.0193 5712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:10:15.0215 5712 AudioEndpointBuilder - ok
    17:10:15.0232 5712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:10:15.0241 5712 AudioSrv - ok
    17:10:15.0338 5712 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    17:10:15.0341 5712 avast! Antivirus - ok
    17:10:15.0419 5712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:10:15.0423 5712 AxInstSV - ok
    17:10:15.0480 5712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    17:10:15.0500 5712 b06bdrv - ok
    17:10:15.0579 5712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:10:15.0585 5712 b57nd60a - ok
    17:10:15.0657 5712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:10:15.0661 5712 BDESVC - ok
    17:10:15.0691 5712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:10:15.0694 5712 Beep - ok
    17:10:15.0758 5712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    17:10:15.0781 5712 BFE - ok
    17:10:15.0853 5712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    17:10:15.0888 5712 BITS - ok
    17:10:15.0950 5712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    17:10:15.0953 5712 blbdrive - ok
    17:10:15.0992 5712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:10:15.0995 5712 bowser - ok
    17:10:16.0045 5712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:10:16.0047 5712 BrFiltLo - ok
    17:10:16.0063 5712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:10:16.0065 5712 BrFiltUp - ok
    17:10:16.0100 5712 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    17:10:16.0104 5712 BridgeMP - ok
    17:10:16.0151 5712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    17:10:16.0154 5712 Browser - ok
    17:10:16.0179 5712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:10:16.0185 5712 Brserid - ok
    17:10:16.0204 5712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:10:16.0206 5712 BrSerWdm - ok
    17:10:16.0226 5712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:10:16.0228 5712 BrUsbMdm - ok
    17:10:16.0243 5712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:10:16.0245 5712 BrUsbSer - ok
    17:10:16.0297 5712 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    17:10:16.0300 5712 BthEnum - ok
    17:10:16.0329 5712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    17:10:16.0332 5712 BTHMODEM - ok
    17:10:16.0371 5712 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    17:10:16.0375 5712 BthPan - ok
    17:10:16.0467 5712 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    17:10:16.0485 5712 BTHPORT - ok
    17:10:16.0542 5712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    17:10:16.0546 5712 bthserv - ok
    17:10:16.0571 5712 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    17:10:16.0573 5712 BTHUSB - ok
    17:10:16.0616 5712 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    17:10:16.0619 5712 btwaudio - ok
    17:10:16.0666 5712 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
    17:10:16.0671 5712 btwavdt - ok
    17:10:16.0728 5712 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    17:10:16.0762 5712 btwdins - ok
    17:10:16.0788 5712 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    17:10:16.0791 5712 btwl2cap - ok
    17:10:16.0811 5712 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    17:10:16.0814 5712 btwrchid - ok
    17:10:16.0863 5712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:10:16.0866 5712 cdfs - ok
    17:10:16.0925 5712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    17:10:16.0930 5712 cdrom - ok
    17:10:16.0979 5712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    17:10:16.0983 5712 CertPropSvc - ok
    17:10:17.0005 5712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    17:10:17.0008 5712 circlass - ok
    17:10:17.0040 5712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    17:10:17.0049 5712 CLFS - ok
    17:10:17.0156 5712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:10:17.0160 5712 clr_optimization_v2.0.50727_32 - ok
    17:10:17.0205 5712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:10:17.0209 5712 clr_optimization_v2.0.50727_64 - ok
    17:10:17.0451 5712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:10:17.0487 5712 clr_optimization_v4.0.30319_32 - ok
    17:10:17.0676 5712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:10:17.0680 5712 clr_optimization_v4.0.30319_64 - ok
    17:10:17.0714 5712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    17:10:17.0716 5712 CmBatt - ok
    17:10:17.0752 5712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    17:10:17.0755 5712 cmdide - ok
    17:10:17.0802 5712 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
    17:10:17.0812 5712 CNG - ok
    17:10:17.0874 5712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    17:10:17.0877 5712 Compbatt - ok
    17:10:17.0921 5712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    17:10:17.0924 5712 CompositeBus - ok
    17:10:17.0945 5712 COMSysApp - ok
    17:10:17.0991 5712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    17:10:17.0993 5712 crcdisk - ok
    17:10:18.0064 5712 [ 0D7F96AF026D7C1AFDE2A83980A65018 ] CryptOSD C:\Windows\system32\DRIVERS\CryptOSD.sys
    17:10:18.0087 5712 CryptOSD - ok
    17:10:18.0132 5712 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:10:18.0138 5712 CryptSvc - ok
    17:10:18.0169 5712 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
    17:10:18.0175 5712 CtClsFlt - ok
    17:10:18.0229 5712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:10:18.0252 5712 DcomLaunch - ok
    17:10:18.0297 5712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    17:10:18.0303 5712 defragsvc - ok
    17:10:18.0360 5712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:10:18.0364 5712 DfsC - ok
    17:10:18.0428 5712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:10:18.0436 5712 Dhcp - ok
    17:10:18.0464 5712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    17:10:18.0466 5712 discache - ok
    17:10:18.0498 5712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    17:10:18.0503 5712 Disk - ok
    17:10:18.0540 5712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:10:18.0542 5712 Dnscache - ok
    17:10:18.0596 5712 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    17:10:18.0600 5712 DockLoginService - ok
    17:10:18.0659 5712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    17:10:18.0665 5712 dot3svc - ok
    17:10:18.0705 5712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    17:10:18.0711 5712 DPS - ok
    17:10:18.0726 5712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:10:18.0729 5712 drmkaud - ok
    17:10:18.0799 5712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:10:18.0832 5712 DXGKrnl - ok
    17:10:18.0868 5712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    17:10:18.0872 5712 EapHost - ok
    17:10:18.0986 5712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    17:10:19.0079 5712 ebdrv - ok
    17:10:19.0125 5712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    17:10:19.0128 5712 EFS - ok
    17:10:19.0186 5712 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    17:10:19.0204 5712 ehRecvr - ok
    17:10:19.0227 5712 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    17:10:19.0230 5712 ehSched - ok
    17:10:19.0268 5712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    17:10:19.0284 5712 elxstor - ok
    17:10:19.0334 5712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    17:10:19.0336 5712 ErrDev - ok
    17:10:19.0379 5712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    17:10:19.0388 5712 EventSystem - ok
    17:10:19.0418 5712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    17:10:19.0423 5712 exfat - ok
    17:10:19.0445 5712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:10:19.0450 5712 fastfat - ok
    17:10:19.0532 5712 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    17:10:19.0554 5712 Fax - ok
    17:10:19.0607 5712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    17:10:19.0610 5712 fdc - ok
    17:10:19.0626 5712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    17:10:19.0629 5712 fdPHost - ok
    17:10:19.0640 5712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:10:19.0643 5712 FDResPub - ok
    17:10:19.0655 5712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:10:19.0657 5712 FileInfo - ok
    17:10:19.0677 5712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:10:19.0679 5712 Filetrace - ok
    17:10:19.0696 5712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    17:10:19.0698 5712 flpydisk - ok
    17:10:19.0742 5712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:10:19.0750 5712 FltMgr - ok
    17:10:19.0825 5712 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
    17:10:19.0872 5712 FontCache - ok
    17:10:19.0965 5712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:10:19.0969 5712 FontCache3.0.0.0 - ok
    17:10:19.0988 5712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:10:19.0991 5712 FsDepends - ok
    17:10:20.0029 5712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:10:20.0031 5712 Fs_Rec - ok
    17:10:20.0078 5712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:10:20.0084 5712 fvevol - ok
    17:10:20.0122 5712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:10:20.0125 5712 gagp30kx - ok
    17:10:20.0189 5712 [ E80C14B9C6E5B57BB7710B356857A964 ] gfiark C:\Windows\system32\drivers\gfiark.sys
    17:10:20.0192 5712 gfiark - ok
    17:10:20.0273 5712 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
    17:10:20.0276 5712 gfibto - ok
    17:10:20.0344 5712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    17:10:20.0378 5712 gpsvc - ok
    17:10:20.0458 5712 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:10:20.0462 5712 gupdate - ok
    17:10:20.0487 5712 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:10:20.0490 5712 gupdatem - ok
    17:10:20.0530 5712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:10:20.0533 5712 hcw85cir - ok
    17:10:20.0603 5712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    17:10:20.0607 5712 HDAudBus - ok
    17:10:20.0628 5712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    17:10:20.0630 5712 HidBatt - ok
    17:10:20.0653 5712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    17:10:20.0655 5712 HidBth - ok
    17:10:20.0684 5712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    17:10:20.0686 5712 HidIr - ok
    17:10:20.0729 5712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    17:10:20.0734 5712 hidserv - ok
    17:10:20.0756 5712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    17:10:20.0758 5712 HidUsb - ok
    17:10:20.0805 5712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:10:20.0811 5712 hkmsvc - ok
    17:10:20.0864 5712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:10:20.0873 5712 HomeGroupListener - ok
    17:10:20.0922 5712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:10:20.0930 5712 HomeGroupProvider - ok
    17:10:21.0038 5712 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    17:10:21.0046 5712 hpqcxs08 - ok
    17:10:21.0102 5712 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    17:10:21.0106 5712 hpqddsvc - ok
    17:10:21.0158 5712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    17:10:21.0162 5712 HpSAMD - ok
    17:10:21.0218 5712 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    17:10:21.0255 5712 HPSLPSVC - ok
    17:10:21.0350 5712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:10:21.0373 5712 HTTP - ok
    17:10:21.0428 5712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:10:21.0432 5712 hwpolicy - ok
    17:10:21.0496 5712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    17:10:21.0500 5712 i8042prt - ok
    17:10:21.0558 5712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    17:10:21.0567 5712 iaStorV - ok
    17:10:21.0651 5712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:10:21.0685 5712 idsvc - ok
    17:10:21.0724 5712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    17:10:21.0726 5712 iirsp - ok
    17:10:21.0816 5712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    17:10:21.0850 5712 IKEEXT - ok
    17:10:21.0913 5712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    17:10:21.0916 5712 intelide - ok
    17:10:21.0943 5712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:10:21.0946 5712 intelppm - ok
    17:10:21.0982 5712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:10:21.0986 5712 IPBusEnum - ok
    17:10:22.0037 5712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:10:22.0041 5712 IpFilterDriver - ok
    17:10:22.0085 5712 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:10:22.0109 5712 iphlpsvc - ok
    17:10:22.0161 5712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    17:10:22.0164 5712 IPMIDRV - ok
    17:10:22.0186 5712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:10:22.0190 5712 IPNAT - ok
    17:10:22.0213 5712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:10:22.0215 5712 IRENUM - ok
    17:10:22.0249 5712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    17:10:22.0251 5712 isapnp - ok
    17:10:22.0298 5712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    17:10:22.0305 5712 iScsiPrt - ok
    17:10:22.0341 5712 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    17:10:22.0346 5712 k57nd60a - ok
    17:10:22.0410 5712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    17:10:22.0413 5712 kbdclass - ok
    17:10:22.0426 5712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    17:10:22.0429 5712 kbdhid - ok
    17:10:22.0449 5712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    17:10:22.0452 5712 KeyIso - ok
    17:10:22.0503 5712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:10:22.0507 5712 KSecDD - ok
    17:10:22.0547 5712 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:10:22.0551 5712 KSecPkg - ok
    17:10:22.0583 5712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:10:22.0585 5712 ksthunk - ok
    17:10:22.0624 5712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:10:22.0644 5712 KtmRm - ok
    17:10:22.0710 5712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    17:10:22.0721 5712 LanmanServer - ok
    17:10:22.0774 5712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:10:22.0784 5712 LanmanWorkstation - ok
    17:10:22.0825 5712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:10:22.0828 5712 lltdio - ok
    17:10:22.0864 5712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:10:22.0874 5712 lltdsvc - ok
    17:10:22.0892 5712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:10:22.0897 5712 lmhosts - ok
    17:10:22.0931 5712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:10:22.0934 5712 LSI_FC - ok
    17:10:22.0968 5712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:10:22.0970 5712 LSI_SAS - ok
    17:10:22.0998 5712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:10:23.0002 5712 LSI_SAS2 - ok
    17:10:23.0024 5712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:10:23.0028 5712 LSI_SCSI - ok
    17:10:23.0065 5712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    17:10:23.0069 5712 luafv - ok
    17:10:23.0106 5712 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:10:23.0113 5712 Mcx2Svc - ok
    17:10:23.0130 5712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    17:10:23.0133 5712 megasas - ok
    17:10:23.0160 5712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    17:10:23.0165 5712 MegaSR - ok
    17:10:23.0251 5712 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    17:10:23.0255 5712 Microsoft Office Groove Audit Service - ok
    17:10:23.0309 5712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    17:10:23.0315 5712 MMCSS - ok
    17:10:23.0360 5712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    17:10:23.0363 5712 Modem - ok
    17:10:23.0388 5712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:10:23.0390 5712 monitor - ok
    17:10:23.0424 5712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:10:23.0428 5712 mouclass - ok
    17:10:23.0462 5712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:10:23.0465 5712 mouhid - ok
    17:10:23.0502 5712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:10:23.0505 5712 mountmgr - ok
    17:10:23.0554 5712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    17:10:23.0559 5712 mpio - ok
    17:10:23.0590 5712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:10:23.0593 5712 mpsdrv - ok
    17:10:23.0655 5712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    17:10:23.0690 5712 MpsSvc - ok
    17:10:23.0731 5712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:10:23.0734 5712 MRxDAV - ok
    17:10:23.0780 5712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:10:23.0785 5712 mrxsmb - ok
    17:10:23.0832 5712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:10:23.0840 5712 mrxsmb10 - ok
    17:10:23.0864 5712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:10:23.0868 5712 mrxsmb20 - ok
    17:10:23.0906 5712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    17:10:23.0909 5712 msahci - ok
    17:10:23.0942 5712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    17:10:23.0946 5712 msdsm - ok
    17:10:23.0979 5712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    17:10:23.0986 5712 MSDTC - ok
    17:10:24.0026 5712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:10:24.0028 5712 Msfs - ok
    17:10:24.0047 5712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:10:24.0049 5712 mshidkmdf - ok
    17:10:24.0090 5712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    17:10:24.0092 5712 msisadrv - ok
    17:10:24.0123 5712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:10:24.0130 5712 MSiSCSI - ok
    17:10:24.0139 5712 msiserver - ok
    17:10:24.0181 5712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:10:24.0184 5712 MSKSSRV - ok
    17:10:24.0216 5712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:10:24.0219 5712 MSPCLOCK - ok
    17:10:24.0245 5712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:10:24.0247 5712 MSPQM - ok
    17:10:24.0292 5712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:10:24.0298 5712 MsRPC - ok
    17:10:24.0324 5712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    17:10:24.0326 5712 mssmbios - ok
    17:10:24.0349 5712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:10:24.0351 5712 MSTEE - ok
    17:10:24.0375 5712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    17:10:24.0378 5712 MTConfig - ok
    17:10:24.0417 5712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    17:10:24.0420 5712 Mup - ok
    17:10:24.0473 5712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    17:10:24.0493 5712 napagent - ok
    17:10:24.0524 5712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:10:24.0530 5712 NativeWifiP - ok
    17:10:24.0599 5712 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:10:24.0631 5712 NDIS - ok
    17:10:24.0651 5712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:10:24.0653 5712 NdisCap - ok
    17:10:24.0681 5712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:10:24.0684 5712 NdisTapi - ok
    17:10:24.0745 5712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:10:24.0748 5712 Ndisuio - ok
    17:10:24.0793 5712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:10:24.0798 5712 NdisWan - ok
    17:10:24.0850 5712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:10:24.0853 5712 NDProxy - ok
    17:10:24.0958 5712 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    17:10:25.0012 5712 Net Driver HPZ12 - ok
    17:10:25.0183 5712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:10:25.0228 5712 NetBIOS - ok
    17:10:25.0282 5712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:10:25.0289 5712 NetBT - ok
    17:10:25.0317 5712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    17:10:25.0322 5712 Netlogon - ok
    17:10:25.0377 5712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    17:10:25.0385 5712 Netman - ok
    17:10:25.0439 5712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    17:10:25.0462 5712 netprofm - ok
    17:10:25.0493 5712 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:10:25.0497 5712 NetTcpPortSharing - ok
    17:10:25.0680 5712 [ 705283C02177809CA9FA7CC58A4F1E77 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
    17:10:25.0820 5712 NETw5v64 - ok
    17:10:25.0869 5712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    17:10:25.0873 5712 nfrd960 - ok
    17:10:25.0931 5712 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:10:25.0941 5712 NlaSvc - ok
    17:10:25.0957 5712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:10:25.0959 5712 Npfs - ok
    17:10:25.0998 5712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    17:10:26.0004 5712 nsi - ok
    17:10:26.0023 5712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:10:26.0026 5712 nsiproxy - ok
    17:10:26.0123 5712 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:10:26.0181 5712 Ntfs - ok
    17:10:26.0213 5712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    17:10:26.0215 5712 Null - ok
    17:10:26.0243 5712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    17:10:26.0247 5712 nvraid - ok
    17:10:26.0300 5712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    17:10:26.0306 5712 nvstor - ok
    17:10:26.0329 5712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    17:10:26.0333 5712 nv_agp - ok
    17:10:26.0423 5712 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:10:26.0431 5712 odserv - ok
    17:10:26.0471 5712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    17:10:26.0474 5712 ohci1394 - ok
    17:10:26.0533 5712 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:10:26.0538 5712 ose - ok
    17:10:26.0589 5712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:10:26.0610 5712 p2pimsvc - ok
    17:10:26.0645 5712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    17:10:26.0665 5712 p2psvc - ok
    17:10:26.0706 5712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    17:10:26.0710 5712 Parport - ok
    17:10:26.0758 5712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:10:26.0762 5712 partmgr - ok
    17:10:26.0786 5712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:10:26.0796 5712 PcaSvc - ok
    17:10:26.0848 5712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    17:10:26.0852 5712 pci - ok
    17:10:26.0880 5712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    17:10:26.0881 5712 pciide - ok
    17:10:26.0904 5712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    17:10:26.0908 5712 pcmcia - ok
    17:10:26.0927 5712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:10:26.0930 5712 pcw - ok
    17:10:26.0955 5712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:10:26.0973 5712 PEAUTH - ok
    17:10:27.0068 5712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:10:27.0074 5712 PerfHost - ok
    17:10:27.0166 5712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    17:10:27.0208 5712 pla - ok
    17:10:27.0283 5712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:10:27.0305 5712 PlugPlay - ok
    17:10:27.0401 5712 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    17:10:27.0407 5712 Pml Driver HPZ12 - ok
    17:10:27.0449 5712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:10:27.0456 5712 PNRPAutoReg - ok
    17:10:27.0490 5712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:10:27.0499 5712 PNRPsvc - ok
    17:10:27.0563 5712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:10:27.0584 5712 PolicyAgent - ok
    17:10:27.0646 5712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    17:10:27.0669 5712 Power - ok
    17:10:27.0720 5712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:10:27.0724 5712 PptpMiniport - ok
    17:10:27.0793 5712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    17:10:27.0797 5712 Processor - ok
    17:10:27.0874 5712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    17:10:27.0883 5712 ProfSvc - ok
    17:10:27.0908 5712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:10:27.0913 5712 ProtectedStorage - ok
    17:10:27.0970 5712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:10:27.0975 5712 Psched - ok
    17:10:28.0025 5712 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
    17:10:28.0028 5712 PSI - ok
    17:10:28.0084 5712 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    17:10:28.0088 5712 PxHlpa64 - ok
    17:10:28.0151 5712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    17:10:28.0197 5712 ql2300 - ok
    17:10:28.0242 5712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    17:10:28.0247 5712 ql40xx - ok
    17:10:28.0288 5712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    17:10:28.0296 5712 QWAVE - ok
    17:10:28.0319 5712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:10:28.0321 5712 QWAVEdrv - ok
    17:10:28.0339 5712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:10:28.0341 5712 RasAcd - ok
    17:10:28.0382 5712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:10:28.0385 5712 RasAgileVpn - ok
    17:10:28.0411 5712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    17:10:28.0419 5712 RasAuto - ok
    17:10:28.0477 5712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:10:28.0481 5712 Rasl2tp - ok
    17:10:28.0536 5712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    17:10:28.0559 5712 RasMan - ok
    17:10:28.0586 5712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:10:28.0590 5712 RasPppoe - ok
    17:10:28.0618 5712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:10:28.0621 5712 RasSstp - ok
    17:10:28.0669 5712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:10:28.0677 5712 rdbss - ok
    17:10:28.0698 5712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    17:10:28.0700 5712 rdpbus - ok
    17:10:28.0722 5712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:10:28.0724 5712 RDPCDD - ok
    17:10:28.0742 5712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:10:28.0744 5712 RDPENCDD - ok
    17:10:28.0765 5712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:10:28.0767 5712 RDPREFMP - ok
    17:10:28.0844 5712 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    17:10:28.0847 5712 RdpVideoMiniport - ok
    17:10:28.0891 5712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:10:28.0896 5712 RDPWD - ok
    17:10:28.0958 5712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:10:28.0963 5712 rdyboost - ok
    17:10:28.0998 5712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:10:29.0002 5712 RemoteAccess - ok
    17:10:29.0033 5712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:10:29.0039 5712 RemoteRegistry - ok
    17:10:29.0074 5712 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    17:10:29.0079 5712 RFCOMM - ok
    17:10:29.0117 5712 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
    17:10:29.0119 5712 rimmptsk - ok
    17:10:29.0139 5712 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
    17:10:29.0141 5712 rimsptsk - ok
    17:10:29.0173 5712 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
    17:10:29.0175 5712 rismxdp - ok
    17:10:29.0189 5712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:10:29.0194 5712 RpcEptMapper - ok
    17:10:29.0215 5712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    17:10:29.0219 5712 RpcLocator - ok
    17:10:29.0267 5712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    17:10:29.0274 5712 RpcSs - ok
    17:10:29.0332 5712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:10:29.0336 5712 rspndr - ok
    17:10:29.0386 5712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    17:10:29.0392 5712 SamSs - ok
    17:10:29.0508 5712 [ 1C20BC6D990A163C88DB015CB5317D7E ] SandBox C:\Windows\system32\drivers\SandBox64.sys
    17:10:29.0550 5712 SandBox - ok
    17:10:29.0599 5712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    17:10:29.0602 5712 sbp2port - ok
    17:10:29.0629 5712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:10:29.0636 5712 SCardSvr - ok
    17:10:29.0677 5712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:10:29.0681 5712 scfilter - ok
    17:10:29.0759 5712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    17:10:29.0793 5712 Schedule - ok
    17:10:29.0842 5712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:10:29.0845 5712 SCPolicySvc - ok
    17:10:29.0908 5712 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    17:10:29.0913 5712 sdbus - ok
    17:10:29.0966 5712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:10:29.0974 5712 SDRSVC - ok
    17:10:30.0088 5712 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    17:10:30.0124 5712 SDScannerService - ok
    17:10:30.0218 5712 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    17:10:30.0265 5712 SDUpdateService - ok
    17:10:30.0402 5712 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    17:10:30.0406 5712 SDWSCService - ok
    17:10:30.0432 5712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:10:30.0434 5712 secdrv - ok
    17:10:30.0456 5712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    17:10:30.0463 5712 seclogon - ok
    17:10:30.0601 5712 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    17:10:30.0626 5712 Secunia PSI Agent - ok
    17:10:30.0760 5712 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
    17:10:30.0772 5712 Secunia Update Agent - ok
    17:10:30.0809 5712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    17:10:30.0814 5712 SENS - ok
    17:10:30.0830 5712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:10:30.0838 5712 SensrSvc - ok
    17:10:30.0865 5712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    17:10:30.0867 5712 Serenum - ok
    17:10:30.0891 5712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    17:10:30.0893 5712 Serial - ok
    17:10:30.0952 5712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    17:10:30.0955 5712 sermouse - ok
    17:10:31.0019 5712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    17:10:31.0025 5712 SessionEnv - ok
    17:10:31.0071 5712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    17:10:31.0074 5712 sffdisk - ok
    17:10:31.0095 5712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    17:10:31.0097 5712 sffp_mmc - ok
    17:10:31.0120 5712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    17:10:31.0123 5712 sffp_sd - ok
    17:10:31.0145 5712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    17:10:31.0147 5712 sfloppy - ok
    17:10:31.0263 5712 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    17:10:31.0309 5712 SftService - ok
    17:10:31.0371 5712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    17:10:31.0391 5712 SharedAccess - ok
    17:10:31.0460 5712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:10:31.0482 5712 ShellHWDetection - ok
    17:10:31.0537 5712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:10:31.0540 5712 SiSRaid2 - ok
    17:10:31.0615 5712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    17:10:31.0618 5712 SiSRaid4 - ok
    17:10:31.0748 5712 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:10:31.0752 5712 SkypeUpdate - ok
    17:10:31.0788 5712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:10:31.0792 5712 Smb - ok
    17:10:31.0837 5712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:10:31.0842 5712 SNMPTRAP - ok
    17:10:31.0865 5712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:10:31.0867 5712 spldr - ok
    17:10:31.0920 5712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    17:10:31.0953 5712 Spooler - ok
    17:10:32.0085 5712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    17:10:32.0190 5712 sppsvc - ok
    17:10:32.0215 5712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:10:32.0221 5712 sppuinotify - ok
    17:10:32.0256 5712 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
    17:10:32.0258 5712 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
    17:10:32.0261 5712 sptd ( LockedFile.Multi.Generic ) - warning
    17:10:32.0261 5712 sptd - detected LockedFile.Multi.Generic (1)
    17:10:32.0314 5712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:10:32.0323 5712 srv - ok
    17:10:32.0354 5712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:10:32.0361 5712 srv2 - ok
    17:10:32.0375 5712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:10:32.0379 5712 srvnet - ok
    17:10:32.0407 5712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:10:32.0414 5712 SSDPSRV - ok
    17:10:32.0435 5712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:10:32.0440 5712 SstpSvc - ok
    17:10:32.0548 5712 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    17:10:32.0554 5712 STacSV - ok
    17:10:32.0595 5712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    17:10:32.0599 5712 stexstor - ok
    17:10:32.0649 5712 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    17:10:32.0672 5712 STHDA - ok
    17:10:32.0720 5712 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    17:10:32.0744 5712 StillCam - ok
    17:10:32.0837 5712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc

  4. #4
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default

    C:\Windows\System32\wiaservc.dll
    17:10:32.0860 5712 stisvc - ok
    17:10:32.0896 5712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    17:10:32.0898 5712 swenum - ok
    17:10:32.0949 5712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    17:10:32.0973 5712 swprv - ok
    17:10:33.0018 5712 [ 1657B7442D5CE30533F5C4317716B468 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    17:10:33.0023 5712 SynTP - ok
    17:10:33.0108 5712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    17:10:33.0166 5712 SysMain - ok
    17:10:33.0214 5712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:10:33.0222 5712 TabletInputService - ok
    17:10:33.0267 5712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:10:33.0275 5712 TapiSrv - ok
    17:10:33.0314 5712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    17:10:33.0320 5712 TBS - ok
    17:10:33.0402 5712 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:10:33.0462 5712 Tcpip - ok
    17:10:33.0538 5712 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:10:33.0552 5712 TCPIP6 - ok
    17:10:33.0593 5712 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:10:33.0595 5712 tcpipreg - ok
    17:10:33.0639 5712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:10:33.0685 5712 TDPIPE - ok
    17:10:33.0743 5712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:10:33.0746 5712 TDTCP - ok
    17:10:33.0796 5712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:10:33.0801 5712 tdx - ok
    17:10:33.0849 5712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    17:10:33.0852 5712 TermDD - ok
    17:10:33.0913 5712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    17:10:33.0947 5712 TermService - ok
    17:10:33.0990 5712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    17:10:33.0999 5712 Themes - ok
    17:10:34.0038 5712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    17:10:34.0044 5712 THREADORDER - ok
    17:10:34.0069 5712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    17:10:34.0075 5712 TrkWks - ok
    17:10:34.0135 5712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:10:34.0140 5712 TrustedInstaller - ok
    17:10:34.0188 5712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:10:34.0191 5712 tssecsrv - ok
    17:10:34.0255 5712 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    17:10:34.0259 5712 TsUsbFlt - ok
    17:10:34.0330 5712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:10:34.0334 5712 tunnel - ok
    17:10:34.0377 5712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    17:10:34.0383 5712 uagp35 - ok
    17:10:34.0442 5712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:10:34.0450 5712 udfs - ok
    17:10:34.0500 5712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:10:34.0506 5712 UI0Detect - ok
    17:10:34.0526 5712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    17:10:34.0530 5712 uliagpkx - ok
    17:10:34.0591 5712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    17:10:34.0594 5712 umbus - ok
    17:10:34.0624 5712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    17:10:34.0626 5712 UmPass - ok
    17:10:34.0668 5712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    17:10:34.0678 5712 upnphost - ok
    17:10:34.0752 5712 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    17:10:34.0756 5712 usbaudio - ok
    17:10:34.0796 5712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:10:34.0801 5712 usbccgp - ok
    17:10:34.0860 5712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    17:10:34.0864 5712 usbcir - ok
    17:10:34.0898 5712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    17:10:34.0902 5712 usbehci - ok
    17:10:34.0952 5712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:10:34.0959 5712 usbhub - ok
    17:10:34.0982 5712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    17:10:34.0985 5712 usbohci - ok
    17:10:35.0013 5712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    17:10:35.0015 5712 usbprint - ok
    17:10:35.0047 5712 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    17:10:35.0051 5712 usbscan - ok
    17:10:35.0105 5712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:10:35.0109 5712 USBSTOR - ok
    17:10:35.0149 5712 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    17:10:35.0152 5712 usbuhci - ok
    17:10:35.0220 5712 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    17:10:35.0226 5712 usbvideo - ok
    17:10:35.0288 5712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    17:10:35.0297 5712 UxSms - ok
    17:10:35.0335 5712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    17:10:35.0338 5712 VaultSvc - ok
    17:10:35.0437 5712 [ FDDF916A3E1E98C5E1DBEE380F7FDE52 ] VBEngNT C:\Windows\system32\drivers\VBEngNT.sys
    17:10:35.0444 5712 VBEngNT - ok
    17:10:35.0578 5712 [ AF6370F45BA18DBA70461DBE8731A24E ] VBFilt C:\Windows\system32\Filt\VBFilt64.dll
    17:10:35.0582 5712 VBFilt - ok
    17:10:35.0630 5712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    17:10:35.0634 5712 vdrvroot - ok
    17:10:35.0694 5712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    17:10:35.0717 5712 vds - ok
    17:10:35.0772 5712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:10:35.0776 5712 vga - ok
    17:10:35.0794 5712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:10:35.0798 5712 VgaSave - ok
    17:10:35.0851 5712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    17:10:35.0858 5712 vhdmp - ok
    17:10:35.0888 5712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    17:10:35.0891 5712 viaide - ok
    17:10:35.0918 5712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    17:10:35.0921 5712 volmgr - ok
    17:10:35.0969 5712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:10:35.0976 5712 volmgrx - ok
    17:10:36.0000 5712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    17:10:36.0007 5712 volsnap - ok
    17:10:36.0036 5712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    17:10:36.0040 5712 vsmraid - ok
    17:10:36.0130 5712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    17:10:36.0187 5712 VSS - ok
    17:10:36.0232 5712 vvdsvc - ok
    17:10:36.0260 5712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    17:10:36.0264 5712 vwifibus - ok
    17:10:36.0315 5712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    17:10:36.0338 5712 W32Time - ok
    17:10:36.0389 5712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    17:10:36.0392 5712 WacomPen - ok
    17:10:36.0459 5712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:10:36.0463 5712 WANARP - ok
    17:10:36.0484 5712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:10:36.0488 5712 Wanarpv6 - ok
    17:10:36.0564 5712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:10:36.0600 5712 WatAdminSvc - ok
    17:10:36.0682 5712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    17:10:36.0784 5712 wbengine - ok
    17:10:36.0825 5712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:10:36.0847 5712 WbioSrvc - ok
    17:10:36.0905 5712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:10:36.0928 5712 wcncsvc - ok
    17:10:36.0948 5712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:10:36.0957 5712 WcsPlugInService - ok
    17:10:36.0987 5712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    17:10:36.0989 5712 Wd - ok
    17:10:37.0064 5712 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:10:37.0085 5712 Wdf01000 - ok
    17:10:37.0121 5712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:10:37.0126 5712 WdiServiceHost - ok
    17:10:37.0135 5712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:10:37.0141 5712 WdiSystemHost - ok
    17:10:37.0188 5712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    17:10:37.0209 5712 WebClient - ok
    17:10:37.0236 5712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:10:37.0259 5712 Wecsvc - ok
    17:10:37.0304 5712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:10:37.0313 5712 wercplsupport - ok
    17:10:37.0365 5712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:10:37.0374 5712 WerSvc - ok
    17:10:37.0469 5712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:10:37.0472 5712 WfpLwf - ok
    17:10:37.0505 5712 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    17:10:37.0510 5712 WimFltr - ok
    17:10:37.0546 5712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:10:37.0549 5712 WIMMount - ok
    17:10:37.0584 5712 WinDefend - ok
    17:10:37.0615 5712 WinHttpAutoProxySvc - ok
    17:10:37.0751 5712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:10:37.0757 5712 Winmgmt - ok
    17:10:37.0851 5712 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    17:10:37.0920 5712 WinRM - ok
    17:10:38.0014 5712 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    17:10:38.0017 5712 WinUsb - ok
    17:10:38.0083 5712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:10:38.0118 5712 Wlansvc - ok
    17:10:38.0167 5712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    17:10:38.0169 5712 WmiAcpi - ok
    17:10:38.0206 5712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:10:38.0211 5712 wmiApSrv - ok
    17:10:38.0251 5712 WMPNetworkSvc - ok
    17:10:38.0272 5712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:10:38.0281 5712 WPCSvc - ok
    17:10:38.0335 5712 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:10:38.0343 5712 WPDBusEnum - ok
    17:10:38.0374 5712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:10:38.0377 5712 ws2ifsl - ok
    17:10:38.0404 5712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    17:10:38.0410 5712 wscsvc - ok
    17:10:38.0450 5712 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    17:10:38.0453 5712 WSDPrintDevice - ok
    17:10:38.0465 5712 WSearch - ok
    17:10:38.0588 5712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    17:10:38.0658 5712 wuauserv - ok
    17:10:38.0733 5712 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:10:38.0737 5712 WudfPf - ok
    17:10:38.0780 5712 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:10:38.0786 5712 WUDFRd - ok
    17:10:38.0839 5712 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:10:38.0849 5712 wudfsvc - ok
    17:10:38.0891 5712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:10:38.0914 5712 WwanSvc - ok
    17:10:38.0962 5712 ================ Scan global ===============================
    17:10:38.0983 5712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    17:10:39.0029 5712 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    17:10:39.0060 5712 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    17:10:39.0108 5712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    17:10:39.0146 5712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    17:10:39.0168 5712 [Global] - ok
    17:10:39.0169 5712 ================ Scan MBR ==================================
    17:10:39.0186 5712 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    17:10:39.0425 5712 \Device\Harddisk0\DR0 - ok
    17:10:39.0426 5712 ================ Scan VBR ==================================
    17:10:39.0432 5712 [ 97BFFEA9E60EE6D0689B8AEF9C382220 ] \Device\Harddisk0\DR0\Partition1
    17:10:39.0434 5712 \Device\Harddisk0\DR0\Partition1 - ok
    17:10:39.0464 5712 [ 5EB031E8C5A90978D5EAA811F25417CF ] \Device\Harddisk0\DR0\Partition2
    17:10:39.0466 5712 \Device\Harddisk0\DR0\Partition2 - ok
    17:10:39.0466 5712 ============================================================
    17:10:39.0466 5712 Scan finished
    17:10:39.0466 5712 ============================================================
    17:10:39.0484 6696 Detected object count: 1
    17:10:39.0484 6696 Actual detected object count: 1
    17:10:46.0193 6696 sptd ( LockedFile.Multi.Generic ) - skipped by user
    17:10:46.0193 6696 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

  5. #5
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default

    hey, I haven't heard from you in a while, everything all right?

  6. #6
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi novfan

    Sorry for delay

    Ok, go ahead

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Next

    AdwCleaner

    • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    Next


    • Download RogueKiller and save it to your desktop.
    • Quit all other programs
    • Start RogueKiller.exe
    • Wait until the Prescan has finished ...
    • Click on Scan
    • Wait for the end of the scan
    • A report will be created on your desktop.
    • Click on the Delete button
    • Next click on the ShortcutsFix
    • another report will be created on your desktop.


    Please post: All RKreport.txt text files located on your desktop.

    On your next reply please post :
    • checkup.txt
    • AdwCleaner[S1].txt
    • All RKreport.txt

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  7. #7
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default

    ok, so here is checkup
    adwcleaner[S1]
    RKreport[1]_S_04132013_02d1107
    RKreport[2]_D_04132013_02d1109
    RKreport[3]_SC_04132013_02d1118

    Results of screen317's Security Check version 0.99.62
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Antivirus
    Outpost Security Suite
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Secunia PSI (3.0.0.6001)
    Java(TM) 6 Update 43
    Java 7 Update 17
    Adobe Flash Player 11.6.602.180
    Adobe Reader XI
    Mozilla Thunderbird (17.0.5)
    Google Chrome 26.0.1410.43
    Google Chrome 26.0.1410.64
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````


    -------------

    # AdwCleaner v2.200 - Datei am 13/04/2013 um 10:53:33 erstellt
    # Aktualisiert am 02/04/2013 von Xplode
    # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Benutzer : Chris Novak - CHRISNOVAK-PC
    # Bootmodus : Normal
    # Ausgeführt unter : C:\Users\Chris Novak\Desktop\adwcleaner (1).exe
    # Option [Löschen]


    **** [Dienste] ****


    ***** [Dateien / Ordner] *****


    ***** [Registrierungsdatenbank] *****

    Schlüssel Gelöscht : HKCU\Software\APN PIP
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Schlüssel Gelöscht : HKLM\Software\PIP
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

    ***** [Internet Browser] *****

    -\\ Internet Explorer v10.0.9200.16537

    [OK] Die Registrierungsdatenbank ist sauber.

    -\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

    Datei : C:\Users\Chris Novak\AppData\Roaming\Mozilla\Firefox\Profiles\lvhxxpoq.default\prefs.js

    [OK] Die Datei ist sauber.

    -\\ Google Chrome v26.0.1410.64

    Datei : C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] Die Datei ist sauber.

    *************************

    AdwCleaner[S1].txt - [1510 octets] - [13/04/2013 10:53:33]

    ########## EOF - C:\AdwCleaner[S1].txt - [1570 octets] ##########


    -----------------

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] durch Tigzy
    mail: tigzyRK<at>gmail<dot>com

    mail : tigzyRK<at>gmail<dot>com
    Kommentare : http://www.geekstogo.com/forum/files...3-roguekiller/
    Webseite : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : Chris Novak [Admin Rechte]
    Funktion : Scannen -- Datum : 04/13/2013 11:07:36
    | ARK || FAK || MBR |

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry-Einträge : 13 ¤¤¤
    [TASK][SUSP PATH] {FA13FDC4-1877-4A9A-86D7-54D814D3008E} : C:\Users\Chris Novak\Desktop\aswMBR.exe [-] -> GEFUNDEN
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F} : NameServer (131.130.1.11 131.130.1.12) -> GEFUNDEN
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F} : NameServer (131.130.1.11 131.130.1.12) -> GEFUNDEN
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
    [HJ] HKLM\[...]\System : EnableLUA (0) -> GEFUNDEN
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> GEFUNDEN
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> GEFUNDEN
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> GEFUNDEN
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

    ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

    ¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

    ¤¤¤ Hosts-Datei: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ÿþ1

    ¤¤¤ MBR überprüfen: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 ATA Device +++++
    --- User ---
    [MBR] 08da7e3885739458f57c34833937d51c
    [BSP] 14bcac042826537c3a61a020c44f412c : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 223434 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Abgeschlossen : << RKreport[1]_S_04132013_02d1107.txt >>
    RKreport[1]_S_04132013_02d1107.txt



    -------------

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] durch Tigzy
    mail: tigzyRK<at>gmail<dot>com

    mail : tigzyRK<at>gmail<dot>com
    Kommentare : http://www.geekstogo.com/forum/files...3-roguekiller/
    Webseite : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : Chris Novak [Admin Rechte]
    Funktion : Entfernen -- Datum : 04/13/2013 11:09:45
    | ARK || FAK || MBR |

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry-Einträge : 11 ¤¤¤
    [TASK][SUSP PATH] {FA13FDC4-1877-4A9A-86D7-54D814D3008E} : C:\Users\Chris Novak\Desktop\aswMBR.exe [-] -> GELÖSCHT
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F} : NameServer (131.130.1.11 131.130.1.12) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F} : NameServer (131.130.1.11 131.130.1.12) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ERSETZT (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> ERSETZT (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> ERSETZT (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> ERSETZT (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)

    ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

    ¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

    ¤¤¤ Hosts-Datei: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ÿþ1

    ¤¤¤ MBR überprüfen: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 ATA Device +++++
    --- User ---
    [MBR] 08da7e3885739458f57c34833937d51c
    [BSP] 14bcac042826537c3a61a020c44f412c : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 223434 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Abgeschlossen : << RKreport[2]_D_04132013_02d1109.txt >>
    RKreport[1]_S_04132013_02d1107.txt ; RKreport[2]_D_04132013_02d1109.txt



    -------------------


    RogueKiller V8.5.4 _x64_ [Mar 18 2013] durch Tigzy
    mail: tigzyRK<at>gmail<dot>com

    mail : tigzyRK<at>gmail<dot>com
    Kommentare : http://www.geekstogo.com/forum/files...3-roguekiller/
    Webseite : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : Chris Novak [Admin Rechte]
    Funktion : Reparierte Verknüpfungen -- Datum : 04/13/2013 11:18:06
    | ARK || FAK || MBR |

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

    ¤¤¤ Dateiattribute wiederhergestellt: ¤¤¤
    Desktop: Success 1 / Fail 0
    Schnellstart: Success 1 / Fail 0
    Programme: Success 11 / Fail 0
    Startmenü: Success 1 / Fail 0
    Benutzer-Ordner: Success 187 / Fail 0
    Eigene Dateien: Success 8 / Fail 8
    Meine Favoriten: Success 0 / Fail 0
    Meine Bilder: Success 4 / Fail 0
    Meine Musik: Success 38 / Fail 0
    Meine Videos: Success 2 / Fail 0
    Lokale Laufwerke: Success 89 / Fail 0
    Sicherungskopie: [NOT FOUND]

    Laufwerke:
    [C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped

    Abgeschlossen : << RKreport[3]_SC_04132013_02d1118.txt >>
    RKreport[1]_S_04132013_02d1107.txt ; RKreport[2]_D_04132013_02d1109.txt ; RKreport[3]_SC_04132013_02d1118.txt

  8. #8
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default

    I received a message that I should reboot my laptop to reactivate the user-account control; I guess I will do that anyway in a few hours or should I rather do it right away?

  9. #9
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi novfan

    You can reactivate your UAC now

    Next

    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide


    Download ComboFix from one of these locations:

    Link 1
    Link 2



    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  10. #10
    Member
    Join Date
    Feb 2013
    Posts
    55

    Default

    ComboFix 13-04-12.02 - Chris Novak 13.04.2013 18:43:28.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2768 [GMT 1:00]
    ausgeführt von:: c:\users\Chris Novak\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
    FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2013-03-13 bis 2013-04-13 ))))))))))))))))))))))))))))))
    .
    .
    2013-04-13 18:00 . 2013-04-13 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-04-13 18:00 . 2013-04-13 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-04-12 08:57 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A374A80D-D6C8-4888-A3E6-67ACADE9A4AD}\mpengine.dll
    2013-04-10 08:23 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-04-10 08:23 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-10 08:21 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2013-04-10 08:20 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-04-10 08:20 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-04-10 08:20 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-04-10 08:20 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-04-10 08:20 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-04-10 08:20 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
    2013-04-05 10:06 . 2013-04-05 10:06 -------- d-----w- c:\program files (x86)\ERUNT
    2013-04-04 11:30 . 2013-04-04 16:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
    2013-03-23 22:54 . 2013-03-23 22:55 -------- d-----w- c:\programdata\PopCap Games
    2013-03-23 22:54 . 2013-03-23 22:54 -------- d-----w- c:\program files (x86)\PopCap Games
    2013-03-23 16:25 . 2013-03-23 16:25 -------- d-----w- c:\program files\WinDjView
    2013-03-23 09:05 . 2011-02-02 17:04 293048 ----a-w- c:\windows\system32\drivers\VBEngNT.sys
    2013-03-23 09:05 . 2011-03-21 16:29 1097672 ----a-w- c:\windows\system32\drivers\SandBox64.sys
    2013-03-23 09:05 . 2010-09-27 15:38 424040 ----a-w- c:\windows\system32\drivers\afwcore.sys
    2013-03-23 09:04 . 2010-04-20 16:02 39528 ----a-w- c:\windows\system32\drivers\afw.sys
    2013-03-23 09:03 . 2013-04-13 09:42 -------- d-----w- c:\windows\system32\Filt
    2013-03-23 09:03 . 2013-03-23 09:03 -------- d-----w- c:\users\Chris Novak\AppData\Roaming\Agnitum
    2013-03-23 09:03 . 2013-03-23 09:03 -------- d-----w- c:\program files\Agnitum
    2013-03-23 09:01 . 2013-03-23 09:01 -------- d-----w- c:\programdata\Agnitum
    2013-03-17 18:44 . 2013-03-19 09:36 -------- d-----w- c:\programdata\YTD Video Downloader
    2013-03-17 18:44 . 2013-03-17 18:44 -------- d-----w- c:\program files (x86)\GreenTree Applications
    2013-03-15 17:53 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-12 09:04 . 2013-02-19 11:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-12 09:04 . 2013-02-19 11:04 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-04-10 17:07 . 2009-10-31 03:22 72702784 ----a-w- c:\windows\system32\MRT.exe
    2013-03-14 10:07 . 2013-03-14 10:05 249712 ----a-w- c:\windows\SysWow64\~.tmp
    2013-03-12 00:10 . 2009-11-30 12:17 282744 ------w- c:\windows\system32\MpSigStub.exe
    2013-03-08 23:41 . 2013-03-08 23:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-08 23:41 . 2012-06-16 20:46 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2013-03-08 23:41 . 2011-05-08 00:43 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-03-07 21:53 . 2013-03-07 21:53 193968 ----a-w- c:\windows\system32\javaws.exe
    2013-03-07 21:53 . 2013-03-07 21:53 172976 ----a-w- c:\windows\system32\javaw.exe
    2013-03-07 21:53 . 2013-03-07 21:53 172976 ----a-w- c:\windows\system32\java.exe
    2013-03-07 21:53 . 2013-02-22 10:33 544688 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-03-07 21:53 . 2013-02-22 10:33 526256 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-06 23:33 . 2013-03-14 11:41 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-03-06 23:33 . 2013-03-14 11:41 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-03-06 23:33 . 2013-02-22 09:12 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-03-06 23:33 . 2013-02-22 09:12 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-03-06 23:33 . 2013-02-22 09:12 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-03-06 23:33 . 2013-02-22 09:12 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-03-06 23:33 . 2013-02-22 09:12 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-03-06 23:33 . 2013-02-22 09:12 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-06 23:32 . 2013-02-22 09:11 41664 ----a-w- c:\windows\avastSS.scr
    2013-03-06 23:32 . 2011-05-08 15:44 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-02-17 19:44 . 2013-02-17 19:44 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-02-12 05:45 . 2013-03-13 10:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-13 10:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-13 10:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 05:45 . 2013-03-13 10:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 04:48 . 2013-03-13 10:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 10:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-01-13 21:17 . 2013-02-27 16:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17 . 2013-02-27 16:58 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16 . 2013-02-27 16:58 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12 . 2013-02-27 16:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11 . 2013-02-27 16:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11 . 2013-02-27 16:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11 . 2013-02-27 16:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11 . 2013-02-27 16:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 21:11 . 2013-02-27 16:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:35 . 2013-02-27 16:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35 . 2013-02-27 16:58 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35 . 2013-02-27 16:58 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32 . 2013-02-27 16:58 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31 . 2013-02-27 16:58 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31 . 2013-02-27 16:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31 . 2013-02-27 16:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31 . 2013-02-27 16:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31 . 2013-02-27 16:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31 . 2013-02-27 16:58 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
    2013-01-13 20:22 . 2013-02-27 16:58 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20 . 2013-02-27 16:58 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
    2013-01-13 20:09 . 2013-02-27 16:58 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08 . 2013-02-27 16:58 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
    2013-01-13 20:08 . 2013-02-27 16:58 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-01-13 19:59 . 2013-02-27 16:58 1643520 ----a-w- c:\windows\system32\DWrite.dll
    2013-01-13 19:58 . 2013-02-27 16:58 1175552 ----a-w- c:\windows\system32\FntCache.dll
    2013-01-13 19:54 . 2013-02-27 16:58 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53 . 2013-02-27 16:58 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53 . 2013-02-27 16:58 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51 . 2013-02-27 16:58 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-01-13 19:49 . 2013-02-27 16:58 363008 ----a-w- c:\windows\system32\dxgi.dll
    2013-01-13 19:48 . 2013-02-27 16:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46 . 2013-02-27 16:58 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
    2013-01-13 19:43 . 2013-02-27 16:58 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38 . 2013-02-27 16:58 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-01-13 19:38 . 2013-02-27 16:58 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-01-13 19:38 . 2013-02-27 16:58 296960 ----a-w- c:\windows\system32\d3d10core.dll
    2013-01-13 19:37 . 2013-02-27 16:58 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
    2013-01-13 19:25 . 2013-02-27 16:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2013-01-13 19:24 . 2013-02-27 16:58 648192 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-01-13 19:24 . 2013-02-27 16:58 221184 ----a-w- c:\windows\system32\UIAnimation.dll
    2013-01-13 19:20 . 2013-02-27 16:58 194560 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-01-13 19:20 . 2013-02-27 16:58 1238528 ----a-w- c:\windows\system32\d3d10.dll
    2013-01-13 19:15 . 2013-02-27 16:58 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-01-13 19:10 . 2013-02-27 16:58 3928064 ----a-w- c:\windows\system32\d2d1.dll
    2013-01-13 19:02 . 2013-02-27 16:58 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34 . 2013-02-27 16:58 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32 . 2013-02-27 16:58 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-01-13 18:09 . 2013-02-27 16:58 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
    "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
    .
    c:\users\Chris Novak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt64.dll [2011-03-21 49168]
    R3 aswVmm;aswVmm; [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-02-02 293048]
    R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt64.dll [2011-03-21 42976]
    R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1255736]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    S0 aswRvrt;aswRvrt; [x]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-17 14456]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-15 834544]
    S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-04-20 39528]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox64.sys [2011-03-21 1097672]
    S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2011-04-04 3501696]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-09-27 424040]
    S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-06-25 431488]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-11 14:08 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 09:04]
    .
    2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-11 09:19]
    .
    2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-11 09:19]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
    @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
    [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
    2011-03-30 19:02 601528 ----a-w- c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 4510072]
    "OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-30 808064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook64.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
    IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 193.61.19.200 193.61.22.171 193.61.22.227
    TCP: Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F}: NameServer = 131.130.1.11 131.130.1.12
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
    .
    .
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2013-04-13 19:12:26 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt 2013-04-13 18:12
    .
    Vor Suchlauf: 18 Verzeichnis(se), 57.329.078.272 Bytes frei
    Nach Suchlauf: 20 Verzeichnis(se), 58.153.009.152 Bytes frei
    .
    - - End Of File - - 80D54AB5E17F6299544BEAD67FB7D501

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •