Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware prevents browsers to open google


  • Please log in to reply
44 replies to this topic

#1 userthomas

userthomas

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 12 February 2013 - 03:19 PM

Hi,
 
I have a notebook where it is not possible to open google (any topleveldomain) in any browser. Gmer shows no infection, also other scanner( eset, malwarebytes). After spybot search &destroy and Combofix it works again but after restart of the machine, problem reoccurs:
 
Extract from combofix log:
 
ComboFix 13-02-07.02 - Frank 10.02.2013  20:31:02.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.383.94 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Frank\Desktop\ComboFix.exe
AV: eTrust ITM *Enabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-10 bis 2013-02-10  ))))))))))))))))))))))))))))))
.
.
2013-02-10 18:44 . 2013-02-10 18:44    17304    ----a-w-    c:\programme\Mozilla Firefox\plugin-container.exe
2013-02-10 14:30 . 2013-02-10 14:31    --------    d-----w-    C:\Softslas
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 15:25 . 2012-06-10 20:07    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-10 15:25 . 2011-05-21 03:22    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-02-28 12:00    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-02-28 12:00    1866496    ----a-w-    c:\windows\system32\win32k.sys
2013-02-10 18:44 . 2012-09-07 12:02    262552    ----a-w-    c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\programme\CA\eTrustITM\realmon.exe" [2008-02-08 407368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Frank\Startmenü\Programme\Autostart\
MagicDisc.lnk - c:\programme\MagicDisc\MagicDisc.exe [2011-10-29 565248]
.
c:\dokumente und einstellungen\Frank\Startmenü\Programme\Autostart\AutorunsDisabled
MagicDisc.lnk - c:\programme\MagicDisc\MagicDisc.exe [2011-10-29 565248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2006-03-09 02:04    49152    ----a-w-    c:\windows\system32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-09-05 04:18    81920    ----a-w-    c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-03-18 15:34    688217    ----a-w-    c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-03-18 15:35    98393    ----a-w-    c:\programme\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [15.08.2009 20:49 191092]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13.09.2012 13:54 40776]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [15.08.2009 20:49 6100]
S3 OXB;OXB;c:\dokume~1\Frank\LOKALE~1\Temp\OXB.exe --> c:\dokume~1\Frank\LOKALE~1\Temp\OXB.exe [?]
S3 PORTMON;PORTMON;\??\d:\software\Antivirus\CleanIT\SysinternalsSuite\PORTMSYS.SYS --> d:\software\Antivirus\CleanIT\SysinternalsSuite\PORTMSYS.SYS [?]
S3 VirtualDK;VirtualDK;c:\softslas\usb_prep8\vdk.sys [10.02.2013 15:31 16283]
S4 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [03.05.2012 07:31 158856]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://wf20.myhcl.com/MYPMS/WebPages/frmHome.aspx
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B4E119EE-CDAB-447D-AB11-58BD82E2B1DE}: NameServer = 8.8.8.8
FF - ProfilePath - c:\dokumente und einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\1pk7pot7.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.mg1.mail.yahoo.com/neo/launch?.rand=6lctiuirrkks1
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 20:39
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(404)
c:\programme\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\programme\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\programme\CA\SharedComponents\PPRealtime\bin\CAServer.dll
.
- - - - - - - > 'explorer.exe'(1732)
c:\programme\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\programme\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\programme\CA\SharedComponents\PPRealtime\bin\CAServer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2013-02-10  20:42:33
ComboFix-quarantined-files.txt  2013-02-10 19:42
ComboFix2.txt  2013-02-10 18:20
ComboFix3.txt  2012-09-13 12:08
.
Vor Suchlauf: 2.002.882.560 Bytes frei
Nach Suchlauf: 1.994.293.248 Bytes frei
.
- - End Of File - - 8F1B91D9269D0CF4BB5B8E35D032FD41
 
Thanks for help and beest regards,
thomas

Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:12:56 AM

Posted 15 February 2013 - 04:57 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

=====

 

Also, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

 

=====

 

In your reply please provide the contents of the following (you may need to use multiple posts):

  • AdwCleaner[R1].txt.

  • OTL.txt.

  • Extras.txt.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 16 February 2013 - 06:29 AM

Hi,

 

Thanks for your time and help. I created the logs as mentioned above:

 

====================================================================================================================

# AdwCleaner v2.112 - Datei am 16/02/2013 um 12:27:09 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Frank - MOBILO
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Frank\Desktop\adwcleaner0.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.17114

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\1pk7pot7.default\prefs.js

Gefunden : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");

*************************

AdwCleaner[R1].txt - [1615 octets] - [16/02/2013 12:27:09]

########## EOF - C:\AdwCleaner[R1].txt - [1675 octets] ##########



#4 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 16 February 2013 - 06:32 AM

OTL logfile created on: 16.02.2013 11:55:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Frank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
383,36 Mb Total Physical Memory | 216,84 Mb Available Physical Memory | 56,56% Memory free
1,34 Gb Paging File | 1,13 Gb Available in Paging File | 84,63% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 15,02 Gb Total Space | 1,52 Gb Free Space | 10,11% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 1,56 Gb Free Space | 1,99% Space Free | Partition Type: NTFS
 
Computer Name: MOBILO | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.16 11:52:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Frank\Desktop\OTL.exe
PRC - [2013.02.14 23:00:32 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2001.10.28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\DOKUME~1\Frank\LOKALE~1\Temp\OXB.exe -- (OXB)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.14 23:00:32 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.05.03 07:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.09.05 04:25:10 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006.08.11 02:42:38 | 000,057,344 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.08.11 02:31:18 | 000,057,344 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.08.11 02:20:48 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\LVCM.sys -- (QCMerced)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Software\Antivirus\CleanIT\SysinternalsSuite\PORTMSYS.SYS -- (PORTMON)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\LV561AV.SYS -- (PID_0928)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOKUME~1\Frank\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2013.02.14 23:09:09 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012.05.29 13:15:30 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.13 21:10:44 | 000,101,120 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006.03.09 20:26:14 | 000,245,248 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006.03.09 03:25:30 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005.12.19 17:43:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005.11.25 14:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2004.12.22 01:00:00 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.08.03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004.02.12 03:18:00 | 000,191,092 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2004.01.28 01:00:00 | 000,006,100 | ---- | M] (O2 Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003.11.10 13:48:00 | 000,016,283 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- C:\Softslas\usb_prep8\vdk.sys -- (VirtualDK)
DRV - [2003.03.25 18:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2002.10.17 16:14:46 | 000,049,024 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002.08.20 18:19:08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://wf20.myhcl.com/MYPMS/WebPages/frmHome.aspx
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.24 21:07:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.10 19:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.07 13:02:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.24 21:07:35 | 000,000,000 | ---D | M]
 
[2009.12.21 17:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Extensions
[2009.12.21 17:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.12 22:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\1pk7pot7.default\extensions
[2009.09.18 21:38:59 | 000,001,201 | ---- | M] () -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\1pk7pot7.default\searchplugins\winamp-search.xml
[2009.09.19 07:18:13 | 000,004,153 | ---- | M] () -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\1pk7pot7.default\searchplugins\youtube.xml
[2012.09.07 13:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.10 19:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions
[2013.02.10 19:42:52 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.02.10 19:44:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2013.02.10 19:44:06 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.10 19:44:06 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.02.10 19:44:06 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.10 19:44:06 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.10 19:44:06 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.10 19:44:06 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.02.14 23:13:54 | 000,000,194 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\Frank\Startmenü\Programme\Autostart\AutorunsDisabled [2012.09.21 23:36:13 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Frank\Startmenü\Programme\Autostart\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E119EE-CDAB-447D-AB11-58BD82E2B1DE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.15 17:17:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.16 11:53:00 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Frank\Recent
[2013.02.16 11:53:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.16 11:51:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Frank\Desktop\OTL.exe
[2013.02.15 00:19:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.14 23:08:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Desktop\RK_Quarantine
[2013.02.14 23:01:13 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.02.14 23:01:12 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.14 23:00:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.14 23:00:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.14 22:31:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Startmenü\Programme\Revo Uninstaller
[2013.02.13 17:54:54 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2013.02.13 17:54:54 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2013.02.13 17:48:46 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013.02.12 22:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2013.02.12 22:48:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2013.02.12 22:05:51 | 017,660,960 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Frank\Desktop\Windows-KB890830-V4.16.exe
[2013.02.12 21:57:26 | 011,103,208 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Frank\Desktop\mseinstall.exe
[2013.02.10 21:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Debug
[2013.02.10 18:05:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Desktop\to go to HD
[2013.02.10 16:04:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Startmenü\Programme\MagicDisc
[2013.02.10 15:30:35 | 000,000,000 | ---D | C] -- C:\Softslas
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.16 11:52:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Frank\Desktop\OTL.exe
[2013.02.16 11:43:08 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.16 11:43:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.16 11:43:02 | 402,051,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.15 00:17:57 | 005,032,798 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Frank\Desktop\ComboFix.exe
[2013.02.14 23:14:32 | 000,881,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Frank\Desktop\SecurityCheck.exe
[2013.02.14 23:09:09 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013.02.14 23:08:36 | 000,587,671 | ---- | M] () -- C:\Dokumente und Einstellungen\Frank\Desktop\adwcleaner0.exe
[2013.02.14 23:08:19 | 000,798,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Frank\Desktop\RogueKiller.exe
[2013.02.14 23:00:33 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.14 23:00:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.14 23:00:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.14 23:00:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.14 23:00:31 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.02.14 23:00:30 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013.02.14 23:00:30 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.02.14 20:35:03 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013.02.14 20:16:59 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013.02.12 22:10:07 | 017,660,960 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Frank\Desktop\Windows-KB890830-V4.16.exe
[2013.02.12 22:02:03 | 011,103,208 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Frank\Desktop\mseinstall.exe
[2013.02.10 21:15:42 | 000,320,338 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.10 21:15:42 | 000,314,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.10 21:15:42 | 000,049,372 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.10 21:15:42 | 000,041,034 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.10 16:25:10 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.10 16:25:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.10 16:04:25 | 000,000,639 | ---- | M] () -- C:\Dokumente und Einstellungen\Frank\Startmenü\Programme\Autostart\MagicDisc.lnk
[2013.02.10 15:23:05 | 000,471,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Frank\Desktop\XP_FROM_USB.rar
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.14 23:14:27 | 000,881,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Desktop\SecurityCheck.exe
[2013.02.14 23:09:09 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013.02.14 23:08:35 | 000,587,671 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Desktop\adwcleaner0.exe
[2013.02.14 23:08:12 | 000,798,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Desktop\RogueKiller.exe
[2013.02.12 23:34:26 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013.02.12 22:50:10 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013.02.12 22:49:51 | 000,001,685 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk
[2013.02.10 16:04:25 | 000,000,639 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Startmenü\Programme\Autostart\MagicDisc.lnk
[2013.02.10 15:22:43 | 000,471,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Desktop\XP_FROM_USB.rar
[2012.09.12 23:28:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.12 23:28:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.12 23:28:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.12 23:28:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.12 23:28:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.10 21:10:13 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2012.06.20 00:23:16 | 000,294,598 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2012.06.12 20:30:05 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\PDFSpooler.exe
[2012.06.12 20:30:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012.03.21 22:40:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.30 20:43:05 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.01.30 20:43:05 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.01.30 20:43:05 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011.12.29 03:02:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.08.15 20:13:37 | 000,037,888 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 17:03:13 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013.02.14 23:11:52 | 000,001,624 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2009.08.15 17:17:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009.08.15 17:17:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013.02.16 11:43:02 | 402,051,072 | -HS- | M] () -- C:\hiberfil.sys
[2007.07.06 05:02:42 | 000,091,480 | ---- | M] () -- C:\inoc6.icf
[2009.08.15 17:17:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.08.15 17:17:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.02.16 11:42:58 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-02-14 19:18:26

< End of report >
 


OTL Extras logfile created on: 16.02.2013 11:55:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Frank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
383,36 Mb Total Physical Memory | 216,84 Mb Available Physical Memory | 56,56% Memory free
1,34 Gb Paging File | 1,13 Gb Available in Paging File | 84,63% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 15,02 Gb Total Space | 1,52 Gb Free Space | 10,11% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 1,56 Gb Free Space | 1,99% Space Free | Partition Type: NTFS
 
Computer Name: MOBILO | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype  -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{1B80FEE7-70AB-466B-8124-12570278E98D}" = QWS3270 PLUS
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{253C3A51-A249-470F-A787-5645B289A118}" = Civilization III v1.21f
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.1
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D5654243-0EDC-4BE7-8353-16ECE4019CD1}" = OpenMG Secure Module 4.6.00
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALZip_is1" = ALZip
"CCleaner" = CCleaner (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D5654243-0EDC-4BE7-8353-16ECE4019CD1}" = OpenMG Secure Module 4.6.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"MagicDisc 2.7.101" = MagicDisc 2.7.101
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenMG HotFix4.6-06-09-04-01" = OpenMG Limited Patch 4.6-06-09-04-01
"Revo Uninstaller" = Revo Uninstaller 1.94
"SiS VGA Driver" = SiS M760
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SparVoip_is1" = SparVoip
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltraISO_is1" = UltraISO V7.52 ME
"VLC media player" = VLC media player 1.1.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2013 16:17:48 | Computer Name = MOBILO | Source = MsiInstaller | ID = 11306
Description = Produkt: CA eTrustITM Agent -- Fehler 1306.Eine andere Anwendung verfügt
 über exklusive Zugriffsrechte auf die Datei C:\Programme\CA\eTrustITM\ppcl.log.
  Beenden Sie alle andere Anwendungen, und klicken Sie anschließend auf 'Wiederholen'.
 
Error - 10.02.2013 16:18:05 | Computer Name = MOBILO | Source = MsiInstaller | ID = 11306
Description = Produkt: CA eTrustITM Agent -- Fehler 1306.Eine andere Anwendung verfügt
 über exklusive Zugriffsrechte auf die Datei C:\Programme\CA\eTrustITM\ppcl.log.
  Beenden Sie alle andere Anwendungen, und klicken Sie anschließend auf 'Wiederholen'.
 
Error - 10.02.2013 16:18:05 | Computer Name = MOBILO | Source = MsiInstaller | ID = 11306
Description = Produkt: CA eTrustITM Agent -- Fehler 1306.Eine andere Anwendung verfügt
 über exklusive Zugriffsrechte auf die Datei C:\Programme\CA\eTrustITM\ppcl.log.
  Beenden Sie alle andere Anwendungen, und klicken Sie anschließend auf 'Wiederholen'.
 
Error - 10.02.2013 16:18:14 | Computer Name = MOBILO | Source = MsiInstaller | ID = 11306
Description = Produkt: CA eTrustITM Agent -- Fehler 1306.Eine andere Anwendung verfügt
 über exklusive Zugriffsrechte auf die Datei C:\Programme\CA\eTrustITM\ppcl.log.
  Beenden Sie alle andere Anwendungen, und klicken Sie anschließend auf 'Wiederholen'.
 
Error - 12.02.2013 17:49:45 | Computer Name = MOBILO | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0,
 P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 12.02.2013 17:49:55 | Computer Name = MOBILO | Source = Microsoft Security Client | ID = 5000
Description =
 
Error - 14.02.2013 17:12:49 | Computer Name = MOBILO | Source = MsiInstaller | ID = 11714
Description = Produkt: Java 7 Update 13 -- Fehler 1714. Die ältere Version von Java
 7 Update 13 kann nicht entfernt werden. Setzen Sie sich mit Ihrem technischen Supportpersonal
 in Verbindung. Systemfehler: 1612.
 
Error - 14.02.2013 17:32:10 | Computer Name = MOBILO | Source = MsiInstaller | ID = 11714
Description = Produkt: Java 7 Update 13 -- Fehler 1714. Die ältere Version von Java
 7 Update 13 kann nicht entfernt werden. Setzen Sie sich mit Ihrem technischen Supportpersonal
 in Verbindung. Systemfehler: 1612.
 
Error - 14.02.2013 17:38:20 | Computer Name = MOBILO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
 unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 14.02.2013 17:52:39 | Computer Name = MOBILO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
 unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
[ System Events ]
Error - 14.02.2013 17:56:16 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 14.02.2013 17:56:37 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7034
Description = Dienst "Microsoft Antimalware Service" wurde unerwartet beendet. Dies
 ist bereits 3 Mal passiert.
 
Error - 16.02.2013 04:49:42 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 16.02.2013 04:50:27 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 16.02.2013 04:58:41 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7034
Description = Dienst "Microsoft Antimalware Service" wurde unerwartet beendet. Dies
 ist bereits 3 Mal passiert.
 
Error - 16.02.2013 06:48:56 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.02.2013 06:49:20 | Computer Name = MOBILO | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
Error - 16.02.2013 06:49:23 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 16.02.2013 06:49:44 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 16.02.2013 06:50:05 | Computer Name = MOBILO | Source = Service Control Manager | ID = 7034
Description = Dienst "Microsoft Antimalware Service" wurde unerwartet beendet. Dies
 ist bereits 3 Mal passiert.
 
 
< End of report >
 



#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:12:56 AM

Posted 16 February 2013 - 05:51 PM

Hello userthomas,

 

What is this site: https://wf20.myhcl.com/MYPMS/WebPages/frmHome.aspx

 

=====

 

Please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

 

 

=====

 

Also, please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL

     

    SRV - File not found [Disabled | Stopped] -- C:\DOKUME~1\Frank\LOKALE~1\Temp\OXB.exe -- (OXB)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)

    [2012.06.20 00:23:16 | 000,294,598 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

 

=====

 

Finally, please download Malwarebytes Anti-Rootkit here.
 

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

 

 

=====

 

In your reply I would like to see the contents of the following please:

 

  • OTL fix log.

     

     

  • Both MBAR logs.

 

How is the computer currently running?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 17 February 2013 - 01:39 PM

Hi,

 

so it seemed to have worked, I can open google now again. The behaviour started after I visited a site for songlyrics. Is it really possible to get a rootkit from going on a webpage? Also, can I be sure that the infection did not change any of my other files on the machine, like is it save to use it for my work? i have read that the acpi rootkits can survive a reinstallation? Do you have any info on that?

Also I am surprised that Gmer didnt find anything. https://wf20.myhcl.com/MYPMS/WebPages/frmHome.aspx is a company´s intranet site, should be save.

 

Here are the logs:

 

All processes killed
========== OTL ==========
Service OXB stopped successfully!
Service OXB deleted successfully!
File C:\DOKUME~1\Frank\LOKALE~1\Temp\OXB.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
C:\WINDOWS\system32\shimg.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Frank
->Temp folder emptied: 2047973 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74727410 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 10978 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2168434 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 161992 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 76,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02172013_134907

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Edited by userthomas, 17 February 2013 - 01:44 PM.


#7 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 17 February 2013 - 01:41 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 189030400

------------ Kernel report ------------
     02/17/2013 18:47:51
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\sisgrp.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\o2mmb.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\srvkp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\SiSGRV.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82b299c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82ba04e0
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.17.05
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82b299c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82b295c8, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff82b29798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82b299c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82ba03c8, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff82ba04e0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe1769350, 0xffffffff82b299c0, 0xffffffff81d18040
Lower DeviceData: 0xffffffffe1761e18, 0xffffffff82ba04e0, 0xffffffff81d199e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Infected: C:\WINDOWS\system32\drivers\acpi.sys --> [Rootkit.RLoader]
Replacement file found for a file C:\WINDOWS\system32\drivers\acpi.sys
File C:\WINDOWS\system32\drivers\acpi.sys --> [Forged file]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70ADA904

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 31503465

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31519530  Numsec = 163846935
    Partition file system is NTFS
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-195351568-195371568)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 177926144

Removal queue found; removal started
Removal finished
=======================================
 



Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.17.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Frank :: MOBILO [administrator]

17.02.2013 19:00:01
mbar-log-2013-02-17 (19-00-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 40380
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\drivers\acpi.sys (Rootkit.RLoader) -> Delete on reboot.

(end)
 



#8 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 17 February 2013 - 01:43 PM

.


Edited by userthomas, 17 February 2013 - 01:46 PM.


#9 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:12:56 AM

Posted 17 February 2013 - 03:35 PM

Hello userthomas,

 

The behaviour started after I visited a site for songlyrics. Is it really possible to get a rootkit from going on a webpage? Also, can I be sure that the infection did not change any of my other files on the machine, like is it save to use it for my work? i have read that the nacpi rootkits can survive a reinstallation? Do you have any info on that? Also I am surprised that Gmer didnt find anything.

What I believe happened is this. You went on a dodgy website, and obtained a trojan dropper. This then probably led to your obtainment of the rootkit.

 

As for the rootkit surviving, MBAR should have dealt with it. Please run a fresh scan with MBAR and please post both new logs.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 18 February 2013 - 12:57 PM

Hi,

 

Ok thanks for the info.

Which av rt-scanner or application would you recommend which could prevent infections like this?

Here is the fresh set of logs:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 189030400

------------ Kernel report ------------
     02/17/2013 18:47:51
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\sisgrp.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\o2mmb.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\srvkp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\SiSGRV.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82b299c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82ba04e0
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.17.05
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82b299c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82b295c8, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff82b29798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82b299c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82ba03c8, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff82ba04e0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe1769350, 0xffffffff82b299c0, 0xffffffff81d18040
Lower DeviceData: 0xffffffffe1761e18, 0xffffffff82ba04e0, 0xffffffff81d199e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Infected: C:\WINDOWS\system32\drivers\acpi.sys --> [Rootkit.RLoader]
Replacement file found for a file C:\WINDOWS\system32\drivers\acpi.sys
File C:\WINDOWS\system32\drivers\acpi.sys --> [Forged file]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70ADA904

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 31503465

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31519530  Numsec = 163846935
    Partition file system is NTFS
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-195351568-195371568)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 177926144

Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 65093632

------------ Kernel report ------------
     02/17/2013 22:40:26
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\sisgrp.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\o2mmb.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\srvkp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\SiSGRV.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\hiber_WMILIB.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82ba9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82b8e5d8
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.17.06
Downloaded database version: v2013.02.17.07
Downloaded database version: v2013.02.17.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82ba9030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82ba9c38, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff82ba9e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82ba9030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82b8cf18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff82b8e5d8, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe1d9c4a8, 0xffffffff82ba9030, 0xffffffff81e10898
Lower DeviceData: 0xffffffffe1d9c4c0, 0xffffffff82b8e5d8, 0xffffffff81eaa8a8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70ADA904

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 31503465

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31519530  Numsec = 163846935
    Partition file system is NTFS
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-195351568-195371568)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
=======================================

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Frank :: MOBILO [administrator]

17.02.2013 22:53:12
mbar-log-2013-02-17 (22-53-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 40400
Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 



#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:12:56 AM

Posted 18 February 2013 - 03:28 PM

Good morning userthomas,

 

Which av rt-scanner or application would you recommend which could prevent infections like this?

Once your computer seems clean I will give you some advice for your security. :)

 

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").


>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click Change parameters.
  • Make sure you check the box Loaded modules.
  • A window will popup and say Reboot is required. Please click Reboot now.
  • Then click Change parameters again. Check the box Detect TDLFS file system.
  • Click on the Start Scan button.
     
  • If an infected file is detected, the default action will be Cure.  Instead, choose SKIP, then click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
  • Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.
    Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 18 February 2013 - 04:46 PM

Hi,

 

So this is the log of tdss:

 

 

22:43:08.0828 3912  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:43:10.0328 3912  ============================================================
22:43:10.0328 3912  Current date / time: 2013/02/18 22:43:10.0328
22:43:10.0328 3912  SystemInfo:
22:43:10.0328 3912  
22:43:10.0328 3912  OS Version: 5.1.2600 ServicePack: 3.0
22:43:10.0328 3912  Product type: Workstation
22:43:10.0328 3912  ComputerName: MOBILO
22:43:10.0359 3912  UserName: Frank
22:43:10.0359 3912  Windows directory: C:\WINDOWS
22:43:10.0359 3912  System windows directory: C:\WINDOWS
22:43:10.0359 3912  Processor architecture: Intel x86
22:43:10.0359 3912  Number of processors: 1
22:43:10.0359 3912  Page size: 0x1000
22:43:10.0359 3912  Boot type: Normal boot
22:43:10.0359 3912  ============================================================
22:43:10.0593 3912  BG loaded
22:43:11.0328 3912  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:43:11.0343 3912  ============================================================
22:43:11.0343 3912  \Device\Harddisk0\DR0:
22:43:11.0343 3912  MBR partitions:
22:43:11.0343 3912  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1E0B42A
22:43:11.0343 3912  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E0F32A, BlocksNum 0x9C41B17
22:43:11.0343 3912  ============================================================
22:43:11.0390 3912  C: <-> \Device\Harddisk0\DR0\Partition1
22:43:11.0437 3912  D: <-> \Device\Harddisk0\DR0\Partition2
22:43:11.0437 3912  ============================================================
22:43:11.0437 3912  Initialize success
22:43:11.0437 3912  ============================================================
22:43:37.0984 0264  ============================================================
22:43:37.0984 0264  Scan started
22:43:37.0984 0264  Mode: Manual; TDLFS;
22:43:37.0984 0264  ============================================================
22:43:38.0078 0264  ================ Scan system memory ========================
22:43:38.0078 0264  System memory - ok
22:43:38.0078 0264  ================ Scan services =============================
22:43:38.0171 0264  Abiosdsk - ok
22:43:38.0203 0264  abp480n5 - ok
22:43:38.0250 0264  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:43:38.0265 0264  ACPI - ok
22:43:38.0312 0264  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:43:38.0312 0264  ACPIEC - ok
22:43:38.0328 0264  adpu160m - ok
22:43:38.0390 0264  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:43:38.0390 0264  aec - ok
22:43:38.0453 0264  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:43:38.0453 0264  AFD - ok
22:43:38.0484 0264  Aha154x - ok
22:43:38.0515 0264  aic78u2 - ok
22:43:38.0531 0264  aic78xx - ok
22:43:38.0578 0264  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:43:38.0578 0264  Alerter - ok
22:43:38.0609 0264  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
22:43:38.0609 0264  ALG - ok
22:43:38.0640 0264  AliIde - ok
22:43:38.0656 0264  amsint - ok
22:43:38.0671 0264  AppMgmt - ok
22:43:38.0734 0264  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:43:38.0734 0264  Arp1394 - ok
22:43:38.0750 0264  asc - ok
22:43:38.0765 0264  asc3350p - ok
22:43:38.0796 0264  asc3550 - ok
22:43:38.0828 0264  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:43:38.0828 0264  AsyncMac - ok
22:43:38.0859 0264  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:43:38.0859 0264  atapi - ok
22:43:38.0875 0264  Atdisk - ok
22:43:38.0921 0264  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:43:38.0921 0264  Atmarpc - ok
22:43:38.0953 0264  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:43:38.0968 0264  AudioSrv - ok
22:43:39.0015 0264  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:43:39.0015 0264  audstub - ok
22:43:39.0078 0264  [ 38CA1443660D0F5F06887C6A2E692AEB ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:43:39.0078 0264  BCM43XX - ok
22:43:39.0140 0264  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:43:39.0140 0264  Beep - ok
22:43:39.0203 0264  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
22:43:39.0218 0264  BITS - ok
22:43:39.0296 0264  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
22:43:39.0296 0264  Browser - ok
22:43:39.0406 0264  catchme - ok
22:43:39.0437 0264  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:43:39.0437 0264  cbidf2k - ok
22:43:39.0500 0264  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:43:39.0500 0264  CCDECODE - ok
22:43:39.0515 0264  cd20xrnt - ok
22:43:39.0531 0264  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:43:39.0531 0264  Cdaudio - ok
22:43:39.0593 0264  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:43:39.0593 0264  Cdfs - ok
22:43:39.0609 0264  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:43:39.0609 0264  Cdrom - ok
22:43:39.0640 0264  Changer - ok
22:43:39.0687 0264  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:43:39.0687 0264  CiSvc - ok
22:43:39.0718 0264  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:43:39.0718 0264  ClipSrv - ok
22:43:39.0765 0264  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:43:39.0765 0264  CmBatt - ok
22:43:39.0781 0264  CmdIde - ok
22:43:39.0812 0264  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:43:39.0812 0264  Compbatt - ok
22:43:39.0828 0264  COMSysApp - ok
22:43:39.0906 0264  [ 52A4E2AD9349A837AD602DC97DB305D4 ] CONAN           C:\WINDOWS\system32\drivers\o2mmb.sys
22:43:39.0906 0264  CONAN - ok
22:43:39.0953 0264  Cpqarray - ok
22:43:39.0984 0264  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:43:40.0000 0264  CryptSvc - ok
22:43:40.0015 0264  dac2w2k - ok
22:43:40.0031 0264  dac960nt - ok
22:43:40.0109 0264  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:43:40.0125 0264  DcomLaunch - ok
22:43:40.0187 0264  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:43:40.0187 0264  Dhcp - ok
22:43:40.0218 0264  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:43:40.0218 0264  Disk - ok
22:43:40.0250 0264  dmadmin - ok
22:43:40.0328 0264  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:43:40.0343 0264  dmboot - ok
22:43:40.0390 0264  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:43:40.0390 0264  dmio - ok
22:43:40.0437 0264  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:43:40.0437 0264  dmload - ok
22:43:40.0484 0264  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:43:40.0500 0264  dmserver - ok
22:43:40.0546 0264  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:43:40.0562 0264  DMusic - ok
22:43:40.0593 0264  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:43:40.0593 0264  Dnscache - ok
22:43:40.0640 0264  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:43:40.0640 0264  Dot3svc - ok
22:43:40.0656 0264  dpti2o - ok
22:43:40.0671 0264  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:43:40.0671 0264  drmkaud - ok
22:43:40.0718 0264  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
22:43:40.0718 0264  EapHost - ok
22:43:40.0765 0264  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:43:40.0765 0264  ERSvc - ok
22:43:40.0812 0264  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
22:43:40.0812 0264  Eventlog - ok
22:43:40.0859 0264  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
22:43:40.0875 0264  EventSystem - ok
22:43:40.0921 0264  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:43:40.0937 0264  Fastfat - ok
22:43:40.0984 0264  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:43:40.0984 0264  FastUserSwitchingCompatibility - ok
22:43:41.0015 0264  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
22:43:41.0031 0264  Fdc - ok
22:43:41.0062 0264  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:43:41.0062 0264  Fips - ok
22:43:41.0093 0264  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
22:43:41.0093 0264  Flpydisk - ok
22:43:41.0125 0264  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:43:41.0125 0264  FltMgr - ok
22:43:41.0156 0264  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:43:41.0156 0264  Fs_Rec - ok
22:43:41.0171 0264  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:43:41.0171 0264  Ftdisk - ok
22:43:41.0203 0264  [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx        C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
22:43:41.0203 0264  gagp30kx - ok
22:43:41.0218 0264  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:43:41.0218 0264  Gpc - ok
22:43:41.0296 0264  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:43:41.0296 0264  helpsvc - ok
22:43:41.0312 0264  HidServ - ok
22:43:41.0328 0264  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:43:41.0343 0264  hidusb - ok
22:43:41.0406 0264  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
22:43:41.0406 0264  hkmsvc - ok
22:43:41.0421 0264  hpn - ok
22:43:41.0484 0264  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:43:41.0484 0264  HTTP - ok
22:43:41.0546 0264  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:43:41.0546 0264  HTTPFilter - ok
22:43:41.0562 0264  i2omgmt - ok
22:43:41.0593 0264  i2omp - ok
22:43:41.0640 0264  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:43:41.0640 0264  i8042prt - ok
22:43:41.0765 0264  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:43:41.0765 0264  IDriverT - ok
22:43:41.0796 0264  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:43:41.0812 0264  Imapi - ok
22:43:41.0843 0264  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:43:41.0843 0264  ImapiService - ok
22:43:41.0875 0264  ini910u - ok
22:43:41.0906 0264  IntelIde - ok
22:43:41.0953 0264  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:43:41.0953 0264  Ip6Fw - ok
22:43:42.0000 0264  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:43:42.0000 0264  IpFilterDriver - ok
22:43:42.0046 0264  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:43:42.0046 0264  IpInIp - ok
22:43:42.0078 0264  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:43:42.0078 0264  IpNat - ok
22:43:42.0125 0264  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:43:42.0125 0264  IPSec - ok
22:43:42.0171 0264  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:43:42.0171 0264  IRENUM - ok
22:43:42.0203 0264  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:43:42.0203 0264  isapnp - ok
22:43:42.0359 0264  [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
22:43:42.0359 0264  JavaQuickStarterService - ok
22:43:42.0390 0264  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:43:42.0390 0264  Kbdclass - ok
22:43:42.0437 0264  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:43:42.0437 0264  kmixer - ok
22:43:42.0468 0264  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:43:42.0468 0264  KSecDD - ok
22:43:42.0531 0264  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:43:42.0546 0264  lanmanserver - ok
22:43:42.0609 0264  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:43:42.0609 0264  lanmanworkstation - ok
22:43:42.0640 0264  lbrtfdc - ok
22:43:42.0703 0264  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:43:42.0703 0264  LmHosts - ok
22:43:42.0718 0264  LVUSBSta - ok
22:43:42.0765 0264  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
22:43:42.0765 0264  mbamchameleon - ok
22:43:42.0812 0264  [ 96330F694BD665B3A0F814EF6B1BBFF8 ] MbxStby         C:\WINDOWS\system32\drivers\MbxStby.sys
22:43:42.0812 0264  MbxStby - ok
22:43:42.0859 0264  [ 0AC5A9C4BB94DE55B9D1186E8DA303FE ] mcdbus          C:\WINDOWS\system32\DRIVERS\mcdbus.sys
22:43:42.0859 0264  mcdbus - ok
22:43:42.0906 0264  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:43:42.0906 0264  Messenger - ok
22:43:42.0953 0264  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:43:42.0953 0264  mnmdd - ok
22:43:43.0000 0264  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
22:43:43.0015 0264  mnmsrvc - ok
22:43:43.0046 0264  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:43:43.0046 0264  Modem - ok
22:43:43.0109 0264  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:43:43.0109 0264  MODEMCSA - ok
22:43:43.0125 0264  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:43:43.0125 0264  Mouclass - ok
22:43:43.0140 0264  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:43:43.0140 0264  mouhid - ok
22:43:43.0187 0264  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:43:43.0203 0264  MountMgr - ok
22:43:43.0218 0264  mraid35x - ok
22:43:43.0234 0264  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:43:43.0234 0264  MRxDAV - ok
22:43:43.0296 0264  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:43:43.0312 0264  MRxSmb - ok
22:43:43.0375 0264  [ 4ECB6A5044F29EFED20A53F61E3877EA ] MSCSPTISRV      C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
22:43:43.0375 0264  MSCSPTISRV - ok
22:43:43.0421 0264  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
22:43:43.0421 0264  MSDTC - ok
22:43:43.0453 0264  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:43:43.0453 0264  Msfs - ok
22:43:43.0468 0264  MSIServer - ok
22:43:43.0531 0264  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:43:43.0531 0264  MSKSSRV - ok
22:43:43.0562 0264  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:43:43.0562 0264  MSPCLOCK - ok
22:43:43.0593 0264  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:43:43.0609 0264  MSPQM - ok
22:43:43.0640 0264  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:43:43.0640 0264  mssmbios - ok
22:43:43.0687 0264  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:43:43.0687 0264  MSTEE - ok
22:43:43.0734 0264  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:43:43.0734 0264  Mup - ok
22:43:43.0781 0264  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:43:43.0781 0264  NABTSFEC - ok
22:43:43.0859 0264  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
22:43:43.0859 0264  napagent - ok
22:43:43.0906 0264  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:43:43.0906 0264  NDIS - ok
22:43:43.0937 0264  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:43:43.0953 0264  NdisIP - ok
22:43:44.0000 0264  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:43:44.0000 0264  NdisTapi - ok
22:43:44.0062 0264  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:43:44.0062 0264  Ndisuio - ok
22:43:44.0078 0264  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:43:44.0078 0264  NdisWan - ok
22:43:44.0125 0264  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:43:44.0187 0264  NDProxy - ok
22:43:44.0203 0264  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:43:44.0203 0264  NetBIOS - ok
22:43:44.0250 0264  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:43:44.0250 0264  NetBT - ok
22:43:44.0296 0264  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:43:44.0312 0264  NetDDE - ok
22:43:44.0343 0264  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:43:44.0343 0264  NetDDEdsdm - ok
22:43:44.0406 0264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:43:44.0406 0264  Netlogon - ok
22:43:44.0453 0264  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
22:43:44.0453 0264  Netman - ok
22:43:44.0500 0264  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:43:44.0515 0264  NIC1394 - ok
22:43:44.0578 0264  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:43:44.0578 0264  Nla - ok
22:43:44.0640 0264  [ 48FB907B069524F2DC7BA62A0762850C ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
22:43:44.0640 0264  nmwcd - ok
22:43:44.0671 0264  [ 2914CEB789964141AC6E22C6BC980C42 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:43:44.0671 0264  nmwcdc - ok
22:43:44.0703 0264  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:43:44.0703 0264  Npfs - ok
22:43:44.0781 0264  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:43:44.0796 0264  Ntfs - ok
22:43:44.0812 0264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
22:43:44.0812 0264  NtLmSsp - ok
22:43:44.0890 0264  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:43:44.0906 0264  NtmsSvc - ok
22:43:44.0953 0264  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:43:44.0953 0264  Null - ok
22:43:45.0000 0264  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:43:45.0000 0264  NwlnkFlt - ok
22:43:45.0046 0264  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:43:45.0046 0264  NwlnkFwd - ok
22:43:45.0062 0264  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:43:45.0078 0264  ohci1394 - ok
22:43:45.0140 0264  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:43:45.0140 0264  ose - ok
22:43:45.0203 0264  [ 2985E6285FA906AC72462F29A55D32C0 ] PACSPTISVR      C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
22:43:45.0203 0264  PACSPTISVR - ok
22:43:45.0250 0264  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
22:43:45.0250 0264  Parport - ok
22:43:45.0281 0264  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:43:45.0281 0264  PartMgr - ok
22:43:45.0343 0264  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:43:45.0343 0264  ParVdm - ok
22:43:45.0406 0264  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:43:45.0406 0264  pccsmcfd - ok
22:43:45.0421 0264  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:43:45.0437 0264  PCI - ok
22:43:45.0453 0264  PCIDump - ok
22:43:45.0500 0264  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:43:45.0500 0264  PCIIde - ok
22:43:45.0531 0264  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:43:45.0531 0264  Pcmcia - ok
22:43:45.0562 0264  PDCOMP - ok
22:43:45.0578 0264  PDFRAME - ok
22:43:45.0593 0264  PDRELI - ok
22:43:45.0625 0264  PDRFRAME - ok
22:43:45.0656 0264  perc2 - ok
22:43:45.0671 0264  perc2hib - ok
22:43:45.0734 0264  PID_0928 - ok
22:43:45.0781 0264  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
22:43:45.0781 0264  PlugPlay - ok
22:43:45.0812 0264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:43:45.0812 0264  PolicyAgent - ok
22:43:46.0046 0264  PORTMON - ok
22:43:46.0078 0264  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:43:46.0078 0264  PptpMiniport - ok
22:43:46.0125 0264  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
22:43:46.0125 0264  Processor - ok
22:43:46.0156 0264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:43:46.0156 0264  ProtectedStorage - ok
22:43:46.0187 0264  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:43:46.0187 0264  PSched - ok
22:43:46.0218 0264  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:43:46.0218 0264  Ptilink - ok
22:43:46.0281 0264  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:43:46.0281 0264  PxHelp20 - ok
22:43:46.0296 0264  QCMerced - ok
22:43:46.0328 0264  ql1080 - ok
22:43:46.0343 0264  Ql10wnt - ok
22:43:46.0375 0264  ql12160 - ok
22:43:46.0390 0264  ql1240 - ok
22:43:46.0421 0264  ql1280 - ok
22:43:46.0468 0264  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:43:46.0468 0264  RasAcd - ok
22:43:46.0515 0264  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:43:46.0515 0264  RasAuto - ok
22:43:46.0546 0264  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:43:46.0546 0264  Rasl2tp - ok
22:43:46.0609 0264  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:43:46.0609 0264  RasMan - ok
22:43:46.0640 0264  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:43:46.0656 0264  RasPppoe - ok
22:43:46.0671 0264  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:43:46.0671 0264  Raspti - ok
22:43:46.0718 0264  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:43:46.0718 0264  Rdbss - ok
22:43:46.0734 0264  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:43:46.0734 0264  RDPCDD - ok
22:43:46.0812 0264  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:43:46.0828 0264  RDPWD - ok
22:43:46.0859 0264  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:43:46.0875 0264  RDSessMgr - ok
22:43:46.0906 0264  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:43:46.0921 0264  redbook - ok
22:43:46.0968 0264  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:43:46.0968 0264  RemoteAccess - ok
22:43:47.0000 0264  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:43:47.0000 0264  RpcLocator - ok
22:43:47.0062 0264  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
22:43:47.0062 0264  RpcSs - ok
22:43:47.0125 0264  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
22:43:47.0140 0264  RSVP - ok
22:43:47.0171 0264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:43:47.0171 0264  SamSs - ok
22:43:47.0203 0264  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:43:47.0218 0264  SCardSvr - ok
22:43:47.0281 0264  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:43:47.0296 0264  Schedule - ok
22:43:47.0328 0264  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:43:47.0328 0264  Secdrv - ok
22:43:47.0390 0264  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:43:47.0390 0264  seclogon - ok
22:43:47.0484 0264  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
22:43:47.0484 0264  SENS - ok
22:43:47.0796 0264  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
22:43:47.0796 0264  Serial - ok
22:43:47.0953 0264  [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer    C:\Programme\PC Connectivity Solution\ServiceLayer.exe
22:43:47.0968 0264  ServiceLayer - ok
22:43:48.0000 0264  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:43:48.0015 0264  Sfloppy - ok
22:43:48.0046 0264  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:43:48.0062 0264  SharedAccess - ok
22:43:48.0093 0264  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:43:48.0093 0264  ShellHWDetection - ok
22:43:48.0109 0264  Simbad - ok
22:43:48.0156 0264  [ F1BF6158AC79912BBDF71A0382FEFA65 ] SiS315          C:\WINDOWS\system32\DRIVERS\sisgrp.sys
22:43:48.0156 0264  SiS315 - ok
22:43:48.0171 0264  [ B4485881BD8AED9B157A2E6CF43C2D51 ] SiSide          C:\WINDOWS\system32\DRIVERS\siside.sys
22:43:48.0171 0264  SiSide - ok
22:43:48.0203 0264  [ 6225224B8E846AC230F8D9B343635910 ] sisidex         C:\WINDOWS\system32\drivers\sisidex.sys
22:43:48.0203 0264  sisidex - ok
22:43:48.0234 0264  [ 224EF1530777D62B65E8C2D5E9CFA511 ] SiSkp           C:\WINDOWS\system32\DRIVERS\srvkp.sys
22:43:48.0234 0264  SiSkp - ok
22:43:48.0265 0264  [ 3FBB6EF8B5A71A2FA11F5F461BB73219 ] SISNIC          C:\WINDOWS\system32\DRIVERS\sisnic.sys
22:43:48.0281 0264  SISNIC - ok
22:43:48.0312 0264  [ 161811814F04CEB57A51561808888831 ] SISNICXP        C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
22:43:48.0312 0264  SISNICXP - ok
22:43:48.0312 0264  [ 596D4A7052002D2BD344D8937DA6F66D ] sisperf         C:\WINDOWS\system32\drivers\sisperf.sys
22:43:48.0328 0264  sisperf - ok
22:43:48.0375 0264  [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
22:43:48.0390 0264  SkypeUpdate - ok
22:43:48.0421 0264  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:43:48.0421 0264  SLIP - ok
22:43:48.0453 0264  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:43:48.0453 0264  SONYPVU1 - ok
22:43:48.0468 0264  Sparrow - ok
22:43:48.0500 0264  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:43:48.0500 0264  splitter - ok
22:43:48.0546 0264  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:43:48.0546 0264  Spooler - ok
22:43:48.0578 0264  [ CB64A769A81AFCDEBE6C9DA9928D2460 ] SPTISRV         C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
22:43:48.0578 0264  SPTISRV - ok
22:43:48.0593 0264  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:43:48.0593 0264  sr - ok
22:43:48.0656 0264  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:43:48.0656 0264  srservice - ok
22:43:48.0718 0264  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:43:48.0718 0264  Srv - ok
22:43:48.0750 0264  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:43:48.0750 0264  SSDPSRV - ok
22:43:48.0796 0264  [ 1358240C61602EDAEFC518C7869A9FF0 ] SSScsiSV        C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
22:43:48.0796 0264  SSScsiSV - ok
22:43:48.0828 0264  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:43:48.0828 0264  stisvc - ok
22:43:48.0859 0264  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:43:48.0859 0264  streamip - ok
22:43:48.0906 0264  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:43:48.0906 0264  swenum - ok
22:43:48.0906 0264  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:43:48.0921 0264  swmidi - ok
22:43:48.0921 0264  SwPrv - ok
22:43:48.0937 0264  symc810 - ok
22:43:48.0953 0264  symc8xx - ok
22:43:48.0968 0264  sym_hi - ok
22:43:48.0984 0264  sym_u3 - ok
22:43:49.0015 0264  [ 59E9D90D6373F8AD4E3EBD0ECDEDD35E ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:43:49.0031 0264  SynTP - ok
22:43:49.0031 0264  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:43:49.0031 0264  sysaudio - ok
22:43:49.0078 0264  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:43:49.0078 0264  SysmonLog - ok
22:43:49.0109 0264  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:43:49.0125 0264  TapiSrv - ok
22:43:49.0187 0264  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:43:49.0203 0264  Tcpip - ok
22:43:49.0218 0264  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:43:49.0218 0264  TDPIPE - ok
22:43:49.0250 0264  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:43:49.0250 0264  TDTCP - ok
22:43:49.0265 0264  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:43:49.0265 0264  TermDD - ok
22:43:49.0312 0264  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:43:49.0328 0264  TermService - ok
22:43:49.0359 0264  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:43:49.0375 0264  Themes - ok
22:43:49.0375 0264  TosIde - ok
22:43:49.0421 0264  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:43:49.0421 0264  TrkWks - ok
22:43:49.0453 0264  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:43:49.0453 0264  Udfs - ok
22:43:49.0468 0264  ultra - ok
22:43:49.0515 0264  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:43:49.0531 0264  Update - ok
22:43:49.0578 0264  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:43:49.0593 0264  upnphost - ok
22:43:49.0640 0264  [ E526A166E6ACAFD0A9B3841D3941669E ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:43:49.0640 0264  upperdev - ok
22:43:49.0656 0264  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
22:43:49.0671 0264  UPS - ok
22:43:49.0718 0264  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
22:43:49.0718 0264  usbaudio - ok
22:43:49.0734 0264  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:43:49.0734 0264  usbccgp - ok
22:43:49.0765 0264  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:43:49.0765 0264  usbehci - ok
22:43:49.0781 0264  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:43:49.0781 0264  usbhub - ok
22:43:49.0796 0264  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:43:49.0796 0264  usbohci - ok
22:43:49.0843 0264  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:43:49.0843 0264  usbscan - ok
22:43:49.0875 0264  [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser          C:\WINDOWS\system32\drivers\usbser.sys
22:43:49.0875 0264  usbser - ok
22:43:49.0906 0264  [ 6F3E3C6811B930D2414552A2E4A40F36 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:43:49.0906 0264  UsbserFilt - ok
22:43:49.0937 0264  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:43:49.0937 0264  USBSTOR - ok
22:43:49.0953 0264  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:43:49.0953 0264  VgaSave - ok
22:43:49.0953 0264  ViaIde - ok
22:43:50.0015 0264  [ A6FCCA426660D3FC5A5CB7C0623A257B ] VIAudio         C:\WINDOWS\system32\drivers\vinyl97.sys
22:43:50.0015 0264  VIAudio - ok
22:43:50.0093 0264  [ 1FF6617B4887D384741BF856581AA19D ] VirtualDK       C:\Softslas\usb_prep8\vdk.sys
22:43:50.0093 0264  VirtualDK - ok
22:43:50.0125 0264  [ 3B8F222B23917C041E4DA29CCC57E7D0 ] vncmirror       C:\WINDOWS\system32\DRIVERS\vncmirror.sys
22:43:50.0125 0264  vncmirror - ok
22:43:50.0156 0264  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:43:50.0156 0264  VolSnap - ok
22:43:50.0203 0264  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
22:43:50.0218 0264  VSS - ok
22:43:50.0250 0264  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
22:43:50.0250 0264  W32Time - ok
22:43:50.0281 0264  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:43:50.0281 0264  Wanarp - ok
22:43:50.0343 0264  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
22:43:50.0359 0264  Wdf01000 - ok
22:43:50.0359 0264  WDICA - ok
22:43:50.0390 0264  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:43:50.0406 0264  wdmaud - ok
22:43:50.0421 0264  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:43:50.0421 0264  WebClient - ok
22:43:50.0500 0264  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:43:50.0515 0264  winmgmt - ok
22:43:50.0578 0264  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:43:50.0578 0264  WmdmPmSN - ok
22:43:50.0609 0264  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:43:50.0625 0264  WmiApSrv - ok
22:43:50.0640 0264  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:43:50.0640 0264  WpdUsb - ok
22:43:50.0687 0264  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:43:50.0687 0264  WS2IFSL - ok
22:43:50.0718 0264  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:43:50.0718 0264  wscsvc - ok
22:43:50.0765 0264  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:43:50.0765 0264  WSTCODEC - ok
22:43:50.0796 0264  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:43:50.0796 0264  wuauserv - ok
22:43:50.0843 0264  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:43:50.0843 0264  WudfPf - ok
22:43:50.0875 0264  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:43:50.0875 0264  WudfRd - ok
22:43:50.0890 0264  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:43:50.0906 0264  WudfSvc - ok
22:43:50.0968 0264  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:43:50.0968 0264  WZCSVC - ok
22:43:51.0000 0264  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:43:51.0015 0264  xmlprov - ok
22:43:51.0031 0264  ================ Scan global ===============================
22:43:51.0078 0264  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:43:51.0109 0264  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:43:51.0156 0264  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:43:51.0171 0264  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:43:51.0187 0264  [Global] - ok
22:43:51.0187 0264  ================ Scan MBR ==================================
22:43:51.0218 0264  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
22:43:51.0578 0264  \Device\Harddisk0\DR0 - ok
22:43:51.0578 0264  ================ Scan VBR ==================================
22:43:51.0593 0264  [ C939CA6C52D2D3F118C479D022F2FC8E ] \Device\Harddisk0\DR0\Partition1
22:43:51.0593 0264  \Device\Harddisk0\DR0\Partition1 - ok
22:43:51.0593 0264  [ 64DC5D56C4AA06526C036A9498B525BF ] \Device\Harddisk0\DR0\Partition2
22:43:51.0593 0264  \Device\Harddisk0\DR0\Partition2 - ok
22:43:51.0609 0264  ================ Scan active images ========================
22:43:51.0609 0264  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
22:43:51.0609 0264  C:\WINDOWS\system32\drivers\videoprt.sys - ok
22:43:51.0609 0264  [ E283B97CFBEB86C1D86BAED5F7846A92 ] C:\WINDOWS\system32\drivers\i8042prt.sys
22:43:51.0609 0264  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
22:43:51.0625 0264  [ F1BF6158AC79912BBDF71A0382FEFA65 ] C:\WINDOWS\system32\drivers\sisgrp.sys
22:43:51.0625 0264  C:\WINDOWS\system32\drivers\sisgrp.sys - ok
22:43:51.0625 0264  [ 1704D8C4C8807B889E43C649B478A452 ] C:\WINDOWS\system32\drivers\kbdclass.sys
22:43:51.0625 0264  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
22:43:51.0640 0264  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
22:43:51.0640 0264  C:\WINDOWS\system32\drivers\usbd.sys - ok
22:43:51.0640 0264  [ 59E9D90D6373F8AD4E3EBD0ECDEDD35E ] C:\WINDOWS\system32\drivers\SynTP.sys
22:43:51.0640 0264  C:\WINDOWS\system32\drivers\SynTP.sys - ok
22:43:51.0656 0264  [ B24CE8005DEAB254C0251E15CB71D802 ] C:\WINDOWS\system32\drivers\mouclass.sys
22:43:51.0656 0264  C:\WINDOWS\system32\drivers\mouclass.sys - ok
22:43:51.0656 0264  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
22:43:51.0656 0264  C:\WINDOWS\system32\drivers\usbport.sys - ok
22:43:51.0687 0264  [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
22:43:51.0687 0264  C:\WINDOWS\system32\drivers\usbohci.sys - ok
22:43:51.0687 0264  [ 52A4E2AD9349A837AD602DC97DB305D4 ] C:\WINDOWS\system32\drivers\o2mmb.sys
22:43:51.0687 0264  C:\WINDOWS\system32\drivers\o2mmb.sys - ok
22:43:51.0703 0264  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
22:43:51.0703 0264  C:\WINDOWS\system32\drivers\usbehci.sys - ok
22:43:51.0703 0264  [ 38CA1443660D0F5F06887C6A2E692AEB ] C:\WINDOWS\system32\drivers\BCMWL5.SYS
22:43:51.0703 0264  C:\WINDOWS\system32\drivers\BCMWL5.SYS - ok
22:43:51.0718 0264  [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys
22:43:51.0718 0264  C:\WINDOWS\system32\drivers\cmbatt.sys - ok
22:43:51.0718 0264  [ 2CB55427C58679F49AD600FCCBA76360 ] C:\WINDOWS\system32\drivers\processr.sys
22:43:51.0718 0264  C:\WINDOWS\system32\drivers\processr.sys - ok
22:43:51.0734 0264  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
22:43:51.0734 0264  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
22:43:51.0734 0264  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
22:43:51.0734 0264  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
22:43:51.0750 0264  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
22:43:51.0750 0264  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
22:43:51.0750 0264  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
22:43:51.0750 0264  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
22:43:51.0765 0264  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
22:43:51.0765 0264  C:\WINDOWS\system32\drivers\raspptp.sys - ok
22:43:51.0781 0264  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
22:43:51.0781 0264  C:\WINDOWS\system32\drivers\tdi.sys - ok
22:43:51.0781 0264  [ 76C465F570E90C28942D52CCB2580A10 ] C:\WINDOWS\system32\drivers\scsiport.sys
22:43:51.0781 0264  C:\WINDOWS\system32\drivers\scsiport.sys - ok
22:43:51.0796 0264  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
22:43:51.0796 0264  C:\WINDOWS\system32\drivers\termdd.sys - ok
22:43:51.0796 0264  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
22:43:51.0796 0264  C:\WINDOWS\system32\drivers\ks.sys - ok
22:43:51.0812 0264  [ 0AC5A9C4BB94DE55B9D1186E8DA303FE ] C:\WINDOWS\system32\drivers\mcdbus.sys
22:43:51.0812 0264  C:\WINDOWS\system32\drivers\mcdbus.sys - ok
22:43:51.0812 0264  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
22:43:51.0812 0264  C:\WINDOWS\system32\drivers\swenum.sys - ok
22:43:51.0828 0264  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
22:43:51.0828 0264  C:\WINDOWS\system32\drivers\update.sys - ok
22:43:51.0828 0264  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
22:43:51.0828 0264  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
22:43:51.0843 0264  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
22:43:51.0843 0264  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
22:43:51.0843 0264  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
22:43:51.0843 0264  C:\WINDOWS\system32\drivers\cdrom.sys - ok
22:43:51.0859 0264  [ ED761D453856F795A7FE056E42C36365 ] C:\WINDOWS\system32\drivers\redbook.sys
22:43:51.0859 0264  C:\WINDOWS\system32\drivers\redbook.sys - ok
22:43:51.0875 0264  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
22:43:51.0875 0264  C:\WINDOWS\system32\drivers\usbhub.sys - ok
22:43:51.0875 0264  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
22:43:51.0875 0264  C:\WINDOWS\system32\drivers\fdc.sys - ok
22:43:51.0890 0264  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
22:43:51.0890 0264  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
22:43:51.0890 0264  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
22:43:51.0890 0264  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
22:43:51.0906 0264  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
22:43:51.0906 0264  C:\WINDOWS\system32\drivers\beep.sys - ok
22:43:51.0906 0264  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
22:43:51.0906 0264  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
22:43:51.0921 0264  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
22:43:51.0921 0264  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
22:43:51.0921 0264  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
22:43:51.0921 0264  C:\WINDOWS\system32\drivers\null.sys - ok
22:43:51.0937 0264  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
22:43:51.0937 0264  C:\WINDOWS\system32\drivers\vga.sys - ok
22:43:51.0937 0264  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
22:43:51.0937 0264  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
22:43:51.0953 0264  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
22:43:51.0953 0264  C:\WINDOWS\system32\drivers\msfs.sys - ok
22:43:51.0953 0264  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
22:43:51.0953 0264  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
22:43:51.0968 0264  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
22:43:51.0968 0264  C:\WINDOWS\system32\drivers\ipsec.sys - ok
22:43:51.0984 0264  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
22:43:51.0984 0264  C:\WINDOWS\system32\drivers\npfs.sys - ok
22:43:51.0984 0264  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
22:43:51.0984 0264  C:\WINDOWS\system32\drivers\rasacd.sys - ok
22:43:51.0984 0264  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
22:43:51.0984 0264  C:\WINDOWS\system32\drivers\msgpc.sys - ok
22:43:52.0000 0264  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
22:43:52.0000 0264  C:\WINDOWS\system32\drivers\tcpip.sys - ok
22:43:52.0015 0264  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
22:43:52.0015 0264  C:\WINDOWS\system32\drivers\netbt.sys - ok
22:43:52.0015 0264  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
22:43:52.0015 0264  C:\WINDOWS\system32\drivers\ipnat.sys - ok
22:43:52.0031 0264  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
22:43:52.0031 0264  C:\WINDOWS\system32\drivers\wanarp.sys - ok
22:43:52.0031 0264  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:43:52.0031 0264  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
22:43:52.0046 0264  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
22:43:52.0046 0264  C:\WINDOWS\system32\drivers\afd.sys - ok
22:43:52.0046 0264  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
22:43:52.0046 0264  C:\WINDOWS\system32\drivers\netbios.sys - ok
22:43:52.0062 0264  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
22:43:52.0062 0264  C:\WINDOWS\system32\drivers\rdbss.sys - ok
22:43:52.0062 0264  [ 224EF1530777D62B65E8C2D5E9CFA511 ] C:\WINDOWS\system32\drivers\srvkp.sys
22:43:52.0062 0264  C:\WINDOWS\system32\drivers\srvkp.sys - ok
22:43:52.0078 0264  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
22:43:52.0078 0264  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
22:43:52.0078 0264  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
22:43:52.0078 0264  C:\WINDOWS\system32\drivers\imapi.sys - ok
22:43:52.0093 0264  [ B0678A548587C5F1967B0D70BACAD6C1 ] C:\WINDOWS\system32\drivers\fips.sys
22:43:52.0093 0264  C:\WINDOWS\system32\drivers\fips.sys - ok
22:43:52.0109 0264  [ B3EFDE4B2CC3AC949BCDE7A89712AFCF ] C:\WINDOWS\system32\smss.exe
22:43:52.0109 0264  C:\WINDOWS\system32\smss.exe - ok
22:43:52.0109 0264  [ E3BDD71DA7EAB0A503129D4D127AF1CB ] C:\WINDOWS\system32\ntdll.dll
22:43:52.0109 0264  C:\WINDOWS\system32\ntdll.dll - ok
22:43:52.0125 0264  [ 813DB4805C6EF1D8A86EAF530597EAB7 ] C:\WINDOWS\system32\autochk.exe
22:43:52.0125 0264  C:\WINDOWS\system32\autochk.exe - ok
22:43:52.0125 0264  [ 5251425B86EA4A3532B8BB8D14044E61 ] C:\WINDOWS\system32\sfcfiles.dll
22:43:52.0125 0264  C:\WINDOWS\system32\sfcfiles.dll - ok
22:43:52.0140 0264  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
22:43:52.0140 0264  C:\WINDOWS\system32\drivers\cdfs.sys - ok
22:43:52.0140 0264  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
22:43:52.0140 0264  C:\WINDOWS\system32\drivers\wmilib.sys - ok
22:43:52.0156 0264  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
22:43:52.0156 0264  C:\WINDOWS\system32\drivers\atapi.sys - ok
22:43:52.0156 0264  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
22:43:52.0156 0264  C:\WINDOWS\system32\drivers\dxapi.sys - ok
22:43:52.0171 0264  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
22:43:52.0171 0264  C:\WINDOWS\system32\watchdog.sys - ok
22:43:52.0171 0264  [ 126A75CA8EB5B1809E0344E09B5D0280 ] C:\WINDOWS\system32\win32k.sys
22:43:52.0171 0264  C:\WINDOWS\system32\win32k.sys - ok
22:43:52.0187 0264  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:43:52.0187 0264  C:\WINDOWS\system32\basesrv.dll - ok
22:43:52.0187 0264  [ 4A3CFD060030E7EA7ABEEB62CE820E94 ] C:\WINDOWS\system32\csrsrv.dll
22:43:52.0187 0264  C:\WINDOWS\system32\csrsrv.dll - ok
22:43:52.0218 0264  [ 9B22AAE3566AEFEE33CE498DBE0D2FD2 ] C:\WINDOWS\system32\csrss.exe
22:43:52.0218 0264  C:\WINDOWS\system32\csrss.exe - ok
22:43:52.0218 0264  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:43:52.0218 0264  C:\WINDOWS\system32\winsrv.dll - ok
22:43:52.0234 0264  [ 549A461ADE829E66856F9FDADA6CE787 ] C:\WINDOWS\system32\gdi32.dll
22:43:52.0234 0264  C:\WINDOWS\system32\gdi32.dll - ok
22:43:52.0234 0264  [ 8214D49147FBB2CD5CF896CBE021D339 ] C:\WINDOWS\system32\kernel32.dll
22:43:52.0234 0264  C:\WINDOWS\system32\kernel32.dll - ok
22:43:52.0250 0264  [ B0050CC5340E3A0760DD8B417FF7AEBD ] C:\WINDOWS\system32\user32.dll
22:43:52.0250 0264  C:\WINDOWS\system32\user32.dll - ok
22:43:52.0250 0264  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
22:43:52.0250 0264  C:\WINDOWS\system32\drivers\dxg.sys - ok
22:43:52.0265 0264  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
22:43:52.0265 0264  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
22:43:52.0265 0264  [ 70A7352CB8C71073E6C1BEBBAB3FC661 ] C:\WINDOWS\system32\sisgrv.dll
22:43:52.0265 0264  C:\WINDOWS\system32\sisgrv.dll - ok
22:43:52.0281 0264  [ 95C6B8206B8A55D89CD517675583AA4B ] C:\WINDOWS\system32\vga.dll
22:43:52.0281 0264  C:\WINDOWS\system32\vga.dll - ok
22:43:52.0281 0264  [ F09A527B422E25C478E38CAA0E44417A ] C:\WINDOWS\system32\winlogon.exe
22:43:52.0281 0264  C:\WINDOWS\system32\winlogon.exe - ok
22:43:52.0296 0264  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] C:\WINDOWS\system32\advapi32.dll
22:43:52.0296 0264  C:\WINDOWS\system32\advapi32.dll - ok
22:43:52.0296 0264  [ 3E1988B81FE40C7D0AC67A698CCBB462 ] C:\WINDOWS\system32\rpcrt4.dll
22:43:52.0296 0264  C:\WINDOWS\system32\rpcrt4.dll - ok
22:43:52.0312 0264  [ 8B171E51F5486FC0ACE108BE3E76B1E0 ] C:\WINDOWS\system32\authz.dll
22:43:52.0312 0264  C:\WINDOWS\system32\authz.dll - ok
22:43:52.0312 0264  [ C6A6E53A0C34EC87883137A6CB87AE5E ] C:\WINDOWS\system32\msvcrt.dll
22:43:52.0312 0264  C:\WINDOWS\system32\msvcrt.dll - ok
22:43:52.0328 0264  [ 5478C005AAD135B2EFF0E3EE0FE2FD2B ] C:\WINDOWS\system32\secur32.dll
22:43:52.0328 0264  C:\WINDOWS\system32\secur32.dll - ok
22:43:52.0328 0264  [ 589D71B6D6573CE7B3760E2DA548F78C ] C:\WINDOWS\system32\crypt32.dll
22:43:52.0328 0264  C:\WINDOWS\system32\crypt32.dll - ok
22:43:52.0343 0264  [ 991B16C33EB098CD91406EFCEF1AB596 ] C:\WINDOWS\system32\msasn1.dll
22:43:52.0343 0264  C:\WINDOWS\system32\msasn1.dll - ok
22:43:52.0343 0264  [ E500CB5F6FE4C1AF388608A54B32E7F7 ] C:\WINDOWS\system32\nddeapi.dll
22:43:52.0343 0264  C:\WINDOWS\system32\nddeapi.dll - ok
22:43:52.0359 0264  [ A4824D5B693834997D86601BD8DF7086 ] C:\WINDOWS\system32\netapi32.dll
22:43:52.0359 0264  C:\WINDOWS\system32\netapi32.dll - ok
22:43:52.0375 0264  [ B50FBE927DA41AB4A151663F59664B82 ] C:\WINDOWS\system32\profmap.dll
22:43:52.0375 0264  C:\WINDOWS\system32\profmap.dll - ok
22:43:52.0375 0264  [ 8CB206B85C69B8FB0E7AD1E949BF3194 ] C:\WINDOWS\system32\userenv.dll
22:43:52.0375 0264  C:\WINDOWS\system32\userenv.dll - ok
22:43:52.0390 0264  [ D0112D84372AB2C47DC9755696354CE6 ] C:\WINDOWS\system32\psapi.dll
22:43:52.0390 0264  C:\WINDOWS\system32\psapi.dll - ok
22:43:52.0390 0264  [ 06C0391672FB97E017B431076F455857 ] C:\WINDOWS\system32\regapi.dll
22:43:52.0390 0264  C:\WINDOWS\system32\regapi.dll - ok
22:43:52.0406 0264  [ 5B04BC7C5AF0E2A0A8EC402B2FCBD9E5 ] C:\WINDOWS\system32\setupapi.dll
22:43:52.0406 0264  C:\WINDOWS\system32\setupapi.dll - ok
22:43:52.0406 0264  [ F86000634319F71535BCE6B06995EE99 ] C:\WINDOWS\system32\version.dll
22:43:52.0406 0264  C:\WINDOWS\system32\version.dll - ok
22:43:52.0421 0264  [ 455AEC2D466FB582D1CB0EF49CE8EDEC ] C:\WINDOWS\system32\winsta.dll
22:43:52.0421 0264  C:\WINDOWS\system32\winsta.dll - ok
22:43:52.0421 0264  [ B6057B92278E3F7D3E058F424DB31462 ] C:\WINDOWS\system32\wintrust.dll
22:43:52.0421 0264  C:\WINDOWS\system32\wintrust.dll - ok
22:43:52.0437 0264  [ 909E91FBC58455B0F0A24F1483E905BF ] C:\WINDOWS\system32\imagehlp.dll
22:43:52.0437 0264  C:\WINDOWS\system32\imagehlp.dll - ok
22:43:52.0437 0264  [ F9954695D246B33A5BF105029A4C6AB6 ] C:\WINDOWS\system32\imm32.dll
22:43:52.0437 0264  C:\WINDOWS\system32\imm32.dll - ok
22:43:52.0453 0264  [ C7D8A0517CBF16B84F657DE87EBE9D4B ] C:\WINDOWS\system32\ws2help.dll
22:43:52.0453 0264  C:\WINDOWS\system32\ws2help.dll - ok
22:43:52.0453 0264  [ 6A35E2D6F5F052C84EC2CEB296389439 ] C:\WINDOWS\system32\ws2_32.dll
22:43:52.0453 0264  C:\WINDOWS\system32\ws2_32.dll - ok
22:43:52.0468 0264  [ 3C1708C5C05910FE495D832C6536ED78 ] C:\WINDOWS\system32\kbdgr.dll
22:43:52.0468 0264  C:\WINDOWS\system32\kbdgr.dll - ok
22:43:52.0468 0264  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
22:43:52.0468 0264  C:\WINDOWS\system32\kbdus.dll - ok
22:43:52.0484 0264  [ BEEB23CAA0A08CBECB13D55C1922C86E ] C:\WINDOWS\system32\msgina.dll
22:43:52.0484 0264  C:\WINDOWS\system32\msgina.dll - ok
22:43:52.0484 0264  [ 1438703F3D9FFE111DA3869E4F3EEE73 ] C:\WINDOWS\system32\comctl32.dll
22:43:52.0484 0264  C:\WINDOWS\system32\comctl32.dll - ok
22:43:52.0500 0264  [ 96E31F7B305D0CD510950B945E2ED829 ] C:\WINDOWS\system32\comdlg32.dll
22:43:52.0500 0264  C:\WINDOWS\system32\comdlg32.dll - ok
22:43:52.0500 0264  [ 566AA393D201A558D968A868290D288F ] C:\WINDOWS\system32\odbc32.dll
22:43:52.0500 0264  C:\WINDOWS\system32\odbc32.dll - ok
22:43:52.0531 0264  [ C792FAE25D3880F1BB94A03B7E5FC88F ] C:\WINDOWS\system32\shell32.dll
22:43:52.0531 0264  C:\WINDOWS\system32\shell32.dll - ok
22:43:52.0593 0264  [ 60F56973DF81D738D3774ADCD5CA5E65 ] C:\WINDOWS\system32\shlwapi.dll
22:43:52.0593 0264  C:\WINDOWS\system32\shlwapi.dll - ok
22:43:52.0593 0264  [ 353FC7A3091E25F831439E94082C9B35 ] C:\WINDOWS\system32\sxs.dll
22:43:52.0593 0264  C:\WINDOWS\system32\sxs.dll - ok
22:43:52.0609 0264  [ 2B6ADE29F8D00EEFA5FA2250CBE094AD ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
22:43:52.0609 0264  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
22:43:52.0625 0264  [ 4E7F74CFC0DBB2DB988A8A460A603407 ] C:\WINDOWS\system32\odbcint.dll
22:43:52.0625 0264  C:\WINDOWS\system32\odbcint.dll - ok
22:43:52.0640 0264  [ 2DB7D303C36DDD055215052F118E8E75 ] C:\WINDOWS\system32\shsvcs.dll
22:43:52.0640 0264  C:\WINDOWS\system32\shsvcs.dll - ok
22:43:52.0656 0264  [ 6AD6619E7523E27B771569C26F408F0A ] C:\WINDOWS\system32\ole32.dll
22:43:52.0656 0264  C:\WINDOWS\system32\ole32.dll - ok
22:43:52.0671 0264  [ 44161A59DC33AC2EA9C95438ADFFFB7F ] C:\WINDOWS\system32\sfc.dll
22:43:52.0671 0264  C:\WINDOWS\system32\sfc.dll - ok
22:43:52.0687 0264  [ D110369E8D883029325B77D7E1B7B2AD ] C:\WINDOWS\system32\sfc_os.dll
22:43:52.0687 0264  C:\WINDOWS\system32\sfc_os.dll - ok
22:43:52.0703 0264  [ 07CBC9E96C70214034E00136D5642492 ] C:\WINDOWS\system32\apphelp.dll
22:43:52.0703 0264  C:\WINDOWS\system32\apphelp.dll - ok
22:43:52.0718 0264  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] C:\WINDOWS\system32\lsass.exe
22:43:52.0718 0264  C:\WINDOWS\system32\lsass.exe - ok
22:43:52.0734 0264  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:43:52.0734 0264  C:\WINDOWS\system32\services.exe - ok
22:43:52.0765 0264  [ 2158101C053D2B9C41D6780E8E10A54A ] C:\WINDOWS\system32\lsasrv.dll
22:43:52.0765 0264  C:\WINDOWS\system32\lsasrv.dll - ok
22:43:52.0828 0264  [ 2957CF1BDDCF21D3F5DB13AD5E406A7B ] C:\WINDOWS\system32\ncobjapi.dll
22:43:52.0828 0264  C:\WINDOWS\system32\ncobjapi.dll - ok
22:43:52.0890 0264  [ 243955BFA314C7D48D7A6D5BC4A9922A ] C:\WINDOWS\system32\msvcp60.dll
22:43:52.0890 0264  C:\WINDOWS\system32\msvcp60.dll - ok
22:43:55.0812 0264  [ 7717633EB7A76FBD3FB09BACAB07124E ] C:\WINDOWS\system32\mpr.dll
22:43:55.0812 0264  C:\WINDOWS\system32\mpr.dll - ok
22:43:55.0828 0264  [ 37499389DEAE0FF44437AAB7A75DAB73 ] C:\WINDOWS\system32\scesrv.dll
22:43:55.0828 0264  C:\WINDOWS\system32\scesrv.dll - ok
22:43:56.0125 0264  [ 8CD2A78CF917653768485E74F3B89C50 ] C:\WINDOWS\system32\dnsapi.dll
22:43:56.0125 0264  C:\WINDOWS\system32\dnsapi.dll - ok
22:43:56.0500 0264  [ 8007D5DC09EB8646C03B6D61AACC3B20 ] C:\WINDOWS\system32\ntdsapi.dll
22:43:56.0500 0264  C:\WINDOWS\system32\ntdsapi.dll - ok
22:43:56.0859 0264  [ 327507F0FD1C410917AD951FE7CAAC2D ] C:\WINDOWS\system32\umpnpmgr.dll
22:43:56.0859 0264  C:\WINDOWS\system32\umpnpmgr.dll - ok
22:43:58.0687 0264  [ FEB0A547DF442F353E1FC83BC7D7AE73 ] C:\WINDOWS\system32\wldap32.dll
22:43:58.0687 0264  C:\WINDOWS\system32\wldap32.dll - ok
22:43:58.0687 0264  [ 6D526EF248128FCEEAD9D35B3744A10B ] C:\WINDOWS\system32\samlib.dll
22:43:58.0687 0264  C:\WINDOWS\system32\samlib.dll - ok
22:44:00.0218 0264  [ B5E7026D1CB7D9BCBA0083B9F69683F1 ] C:\WINDOWS\system32\shimeng.dll
22:44:00.0218 0264  C:\WINDOWS\system32\shimeng.dll - ok
22:44:00.0265 0264  [ 4B6C449D5AAC708E1BBFDF8BB603E4FA ] C:\WINDOWS\AppPatch\acadproc.dll
22:44:00.0265 0264  C:\WINDOWS\AppPatch\acadproc.dll - ok
22:44:00.0281 0264  [ 434ADBB2F0875D881D73A9861220A7FD ] C:\WINDOWS\system32\samsrv.dll
22:44:00.0281 0264  C:\WINDOWS\system32\samsrv.dll - ok
22:44:00.0281 0264  [ AC6927F5C5B4A0478BE981E25C4BDDB6 ] C:\WINDOWS\AppPatch\acgenral.dll
22:44:00.0281 0264  C:\WINDOWS\AppPatch\acgenral.dll - ok
22:44:00.0296 0264  [ 447AF8FE53D79E4F59F9452743C3BB68 ] C:\WINDOWS\system32\cryptdll.dll
22:44:00.0296 0264  C:\WINDOWS\system32\cryptdll.dll - ok
22:44:00.0296 0264  [ 778B27AA9C668CC9FC2ED52BA2B44AEA ] C:\WINDOWS\system32\oleaut32.dll
22:44:00.0296 0264  C:\WINDOWS\system32\oleaut32.dll - ok
22:44:00.0312 0264  [ B072134D1E59A92C9C6E2D9E6FDC62E9 ] C:\WINDOWS\system32\winmm.dll
22:44:00.0312 0264  C:\WINDOWS\system32\winmm.dll - ok
22:44:00.0312 0264  [ 56EB828638033E8DA33A720B22FBBA8A ] C:\WINDOWS\system32\msacm32.dll
22:44:00.0312 0264  C:\WINDOWS\system32\msacm32.dll - ok
22:44:00.0328 0264  [ A00674B8ACB5F8726E5AD35202E091D4 ] C:\WINDOWS\system32\uxtheme.dll
22:44:00.0328 0264  C:\WINDOWS\system32\uxtheme.dll - ok
22:44:00.0328 0264  [ 0FE9572B998F31939FC065CCC9FC03FE ] C:\WINDOWS\system32\msapsspc.dll
22:44:00.0328 0264  C:\WINDOWS\system32\msapsspc.dll - ok
22:44:00.0343 0264  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
22:44:00.0343 0264  C:\WINDOWS\system32\msvcrt40.dll - ok
22:44:00.0343 0264  [ 3EB54E4861AA41989BD60FC934025CFF ] C:\WINDOWS\system32\schannel.dll
22:44:00.0343 0264  C:\WINDOWS\system32\schannel.dll - ok
22:44:00.0359 0264  [ 7E409C66704AFA7C4D021B233C2FA554 ] C:\WINDOWS\system32\digest.dll
22:44:00.0359 0264  C:\WINDOWS\system32\digest.dll - ok
22:44:00.0359 0264  [ 467A917D5916E331154322E712DE9C3F ] C:\WINDOWS\system32\msnsspc.dll
22:44:00.0359 0264  C:\WINDOWS\system32\msnsspc.dll - ok
22:44:00.0375 0264  [ 275CAC40038A2643833B5F48FB474857 ] C:\WINDOWS\system32\msctfime.ime
22:44:00.0375 0264  C:\WINDOWS\system32\msctfime.ime - ok
22:44:00.0375 0264  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
22:44:00.0375 0264  C:\WINDOWS\system32\msprivs.dll - ok
22:44:00.0546 0264  [ 8DFAC31CFD4A7026280056278AF60AF0 ] C:\WINDOWS\system32\kerberos.dll
22:44:00.0546 0264  C:\WINDOWS\system32\kerberos.dll - ok
22:44:00.0609 0264  [ 7CCBE7046A81E4496E56E225D8E540D5 ] C:\WINDOWS\system32\msv1_0.dll
22:44:00.0609 0264  C:\WINDOWS\system32\msv1_0.dll - ok
22:44:00.0609 0264  [ B65FA22811B17544F24A3E2520F087EF ] C:\WINDOWS\system32\iphlpapi.dll
22:44:00.0609 0264  C:\WINDOWS\system32\iphlpapi.dll - ok
22:44:00.0625 0264  [ 0098D35F91DEAB9C127360A877F2CF84 ] C:\WINDOWS\system32\netlogon.dll
22:44:00.0625 0264  C:\WINDOWS\system32\netlogon.dll - ok
22:44:00.0625 0264  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] C:\WINDOWS\system32\w32time.dll
22:44:00.0625 0264  C:\WINDOWS\system32\w32time.dll - ok
22:44:00.0640 0264  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
22:44:00.0640 0264  C:\WINDOWS\system32\rsaenh.dll - ok
22:44:00.0640 0264  [ 279C67C6560943B5D0653A0D14BAD4C3 ] C:\WINDOWS\system32\wdigest.dll
22:44:00.0640 0264  C:\WINDOWS\system32\wdigest.dll - ok
22:44:00.0656 0264  [ 798D5AE675FD3A9B7CB836112C0EEC78 ] C:\WINDOWS\system32\winscard.dll
22:44:00.0656 0264  C:\WINDOWS\system32\winscard.dll - ok
22:44:00.0656 0264  [ 0752206793CCA5825C0F8E863D83D81E ] C:\WINDOWS\system32\wtsapi32.dll
22:44:00.0656 0264  C:\WINDOWS\system32\wtsapi32.dll - ok
22:44:00.0671 0264  [ 5132443DF6FC3771A17AB4AE55DCBC28 ] C:\WINDOWS\system32\scecli.dll
22:44:00.0671 0264  C:\WINDOWS\system32\scecli.dll - ok
22:44:00.0671 0264  [ 4FBC75B74479C7A6F829E0CA19DF3366 ] C:\WINDOWS\system32\svchost.exe
22:44:00.0671 0264  C:\WINDOWS\system32\svchost.exe - ok
22:44:00.0687 0264  [ 65ABA37DE32716D6D1164216DB6263BA ] C:\WINDOWS\system32\ntmarta.dll
22:44:00.0687 0264  C:\WINDOWS\system32\ntmarta.dll - ok
22:44:00.0687 0264  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] C:\WINDOWS\system32\rpcss.dll
22:44:00.0687 0264  C:\WINDOWS\system32\rpcss.dll - ok
22:44:00.0703 0264  [ FDB5E2CA5763E37E1D19B7C4AFAE8055 ] C:\WINDOWS\system32\xpsp2res.dll
22:44:00.0703 0264  C:\WINDOWS\system32\xpsp2res.dll - ok
22:44:00.0703 0264  [ 04955AA695448C181B367D964AF158AA ] C:\WINDOWS\system32\eventlog.dll
22:44:00.0703 0264  C:\WINDOWS\system32\eventlog.dll - ok
22:44:00.0718 0264  [ F1B67B6B0751AE0E6E964B02821206A3 ] C:\WINDOWS\system32\mswsock.dll
22:44:00.0718 0264  C:\WINDOWS\system32\mswsock.dll - ok
22:44:00.0718 0264  [ 0DAF0705D7B39C94E287913226688804 ] C:\WINDOWS\system32\hnetcfg.dll
22:44:00.0718 0264  C:\WINDOWS\system32\hnetcfg.dll - ok
22:44:00.0734 0264  [ 4934FF44C8B6AE7B4CA0118B3D2CF666 ] C:\WINDOWS\system32\winrnr.dll
22:44:00.0734 0264  C:\WINDOWS\system32\winrnr.dll - ok
22:44:00.0750 0264  [ 02AF8A799D173C2D0C71F399C03AC9E1 ] C:\WINDOWS\system32\wshtcpip.dll
22:44:00.0750 0264  C:\WINDOWS\system32\wshtcpip.dll - ok
22:44:00.0750 0264  [ 469FED8597896DB77B49384BE90E2E0A ] C:\WINDOWS\system32\rasadhlp.dll
22:44:00.0750 0264  C:\WINDOWS\system32\rasadhlp.dll - ok
22:44:00.0765 0264  [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll
22:44:00.0765 0264  C:\WINDOWS\system32\WudfSvc.dll - ok
22:44:00.0765 0264  [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll
22:44:00.0765 0264  C:\WINDOWS\system32\WudfPlatform.dll - ok
22:44:00.0781 0264  [ D1A962D2DA4241977634365E33DB2417 ] C:\WINDOWS\system32\cscdll.dll
22:44:00.0781 0264  C:\WINDOWS\system32\cscdll.dll - ok
22:44:00.0781 0264  [ 2449D2A51EA2083FA05058F7CEF44714 ] C:\WINDOWS\system32\dimsntfy.dll
22:44:00.0781 0264  C:\WINDOWS\system32\dimsntfy.dll - ok
22:44:00.0796 0264  [ 85D87ABB3889CE139BFFD7C7CBAC396B ] C:\WINDOWS\system32\wlnotify.dll
22:44:00.0796 0264  C:\WINDOWS\system32\wlnotify.dll - ok
22:44:00.0796 0264  [ E12D149442BBFEA6AA952327B2EA0079 ] C:\WINDOWS\system32\winspool.drv
22:44:00.0796 0264  C:\WINDOWS\system32\winspool.drv - ok
22:44:00.0812 0264  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
22:44:00.0812 0264  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
22:44:00.0812 0264  [ C29A1C9B75BA38FA37F8C44405DEC360 ] C:\WINDOWS\system32\dhcpcsvc.dll
22:44:00.0812 0264  C:\WINDOWS\system32\dhcpcsvc.dll - ok
22:44:00.0828 0264  [ 407F3227AC618FD1CA54B335B083DE07 ] C:\WINDOWS\system32\dnsrslvr.dll
22:44:00.0828 0264  C:\WINDOWS\system32\dnsrslvr.dll - ok
22:44:00.0828 0264  [ 636714B7D43C8D0C80449123FD266920 ] C:\WINDOWS\system32\lmhsvc.dll
22:44:00.0828 0264  C:\WINDOWS\system32\lmhsvc.dll - ok
22:44:00.0843 0264  [ C4F109C005F6725162D2D12CA751E4A7 ] C:\WINDOWS\system32\wzcsvc.dll
22:44:00.0843 0264  C:\WINDOWS\system32\wzcsvc.dll - ok
22:44:00.0843 0264  [ 7CC640E3B8D427752F1D5B1093609338 ] C:\WINDOWS\system32\rtutils.dll
22:44:00.0843 0264  C:\WINDOWS\system32\rtutils.dll - ok
22:44:00.0859 0264  [ FBA0B991F59FE2B1A5B54CFD7395DE48 ] C:\WINDOWS\system32\atl.dll
22:44:00.0859 0264  C:\WINDOWS\system32\atl.dll - ok
22:44:00.0859 0264  [ 27EE4C04D81A9B5658C819C43221598B ] C:\WINDOWS\system32\eapolqec.dll
22:44:00.0859 0264  C:\WINDOWS\system32\eapolqec.dll - ok
22:44:00.0875 0264  [ 06BE178035B554A7638CC45030DFB7A5 ] C:\WINDOWS\system32\qutil.dll
22:44:00.0875 0264  C:\WINDOWS\system32\qutil.dll - ok
22:44:00.0875 0264  [ 43AD9160D7AF6E7EAD00B485EBBAB6A5 ] C:\WINDOWS\system32\wmi.dll
22:44:00.0875 0264  C:\WINDOWS\system32\wmi.dll - ok
22:44:00.0890 0264  [ 6B08275230504D5112CE379A3D9DF8D9 ] C:\WINDOWS\system32\dot3api.dll
22:44:00.0890 0264  C:\WINDOWS\system32\dot3api.dll - ok
22:44:00.0890 0264  [ EC9DB893C89020C2B95D301429535162 ] C:\WINDOWS\system32\esent.dll
22:44:00.0890 0264  C:\WINDOWS\system32\esent.dll - ok
22:44:00.0906 0264  [ 78CC39AD817831F5BAD2B5D79A299F25 ] C:\WINDOWS\system32\clbcatq.dll
22:44:00.0906 0264  C:\WINDOWS\system32\clbcatq.dll - ok
22:44:00.0906 0264  [ D0DE8A2EC95184E5193BB4B3112E29DF ] C:\WINDOWS\system32\comres.dll
22:44:00.0906 0264  C:\WINDOWS\system32\comres.dll - ok
22:44:00.0921 0264  [ 8395FB1049CB49B2C14C3CACDF9B2B5A ] C:\WINDOWS\system32\cryptui.dll
22:44:00.0921 0264  C:\WINDOWS\system32\cryptui.dll - ok
22:44:00.0921 0264  [ ED5F55A46B58ACAED1AB49950669AD33 ] C:\WINDOWS\system32\rastls.dll
22:44:00.0921 0264  C:\WINDOWS\system32\rastls.dll - ok
22:44:00.0937 0264  [ B71E96F15F45D4B3DB4D1F1D7A7B4A0C ] C:\WINDOWS\system32\wininet.dll
22:44:00.0937 0264  C:\WINDOWS\system32\wininet.dll - ok
22:44:00.0937 0264  [ C45AE300120F55FBB8B8E37F8CE91F45 ] C:\WINDOWS\system32\iertutil.dll
22:44:00.0937 0264  C:\WINDOWS\system32\iertutil.dll - ok
22:44:00.0953 0264  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
22:44:00.0953 0264  C:\WINDOWS\system32\normaliz.dll - ok
22:44:00.0953 0264  [ C310CEAF283A8B5D4100E7C81E711F74 ] C:\WINDOWS\system32\mprapi.dll
22:44:00.0953 0264  C:\WINDOWS\system32\mprapi.dll - ok
22:44:00.0968 0264  [ 210199B7F3F632A95C29C916B040EABE ] C:\WINDOWS\system32\activeds.dll
22:44:00.0968 0264  C:\WINDOWS\system32\activeds.dll - ok
22:44:00.0968 0264  [ DEF910C95F7C0C9B36C9A90EE25C924E ] C:\WINDOWS\system32\adsldpc.dll
22:44:00.0968 0264  C:\WINDOWS\system32\adsldpc.dll - ok
22:44:00.0984 0264  [ FC5F5F2EC1676C7CD898155B6546D2AE ] C:\WINDOWS\system32\rasapi32.dll
22:44:00.0984 0264  C:\WINDOWS\system32\rasapi32.dll - ok
22:44:00.0984 0264  [ D4A61C9CFD998B132541C658E60C239D ] C:\WINDOWS\system32\rasman.dll
22:44:00.0984 0264  C:\WINDOWS\system32\rasman.dll - ok
22:44:01.0000 0264  [ 995857A5138976FAEE6455F00033F607 ] C:\WINDOWS\system32\tapi32.dll
22:44:01.0000 0264  C:\WINDOWS\system32\tapi32.dll - ok
22:44:01.0000 0264  [ B4B91D8615D022B4143B9AED662008D1 ] C:\WINDOWS\system32\riched20.dll
22:44:01.0000 0264  C:\WINDOWS\system32\riched20.dll - ok
22:44:01.0015 0264  [ 4180B7506037481BF17339DA0F3960CD ] C:\WINDOWS\system32\raschap.dll
22:44:01.0015 0264  C:\WINDOWS\system32\raschap.dll - ok
22:44:01.0015 0264  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
22:44:01.0015 0264  C:\WINDOWS\system32\spoolsv.exe - ok
22:44:01.0031 0264  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] C:\WINDOWS\system32\audiosrv.dll
22:44:01.0031 0264  C:\WINDOWS\system32\audiosrv.dll - ok
22:44:01.0031 0264  [ 1869B14B06B44B44AF70548E1EA3303F ] C:\WINDOWS\system32\wkssvc.dll
22:44:01.0031 0264  C:\WINDOWS\system32\wkssvc.dll - ok
22:44:01.0046 0264  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
22:44:01.0046 0264  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
22:44:01.0046 0264  [ 9621BE9F6EA24F3D7F09B07853CB5AC8 ] C:\WINDOWS\system32\spoolss.dll
22:44:01.0046 0264  C:\WINDOWS\system32\spoolss.dll - ok
22:44:01.0062 0264  [ 81727C9873E3905A2FFC1EBD07265002 ] C:\WINDOWS\system32\webclnt.dll
22:44:01.0062 0264  C:\WINDOWS\system32\webclnt.dll - ok
22:44:01.0062 0264  [ F84785660305B9B903FB3BCA8BA29837 ] C:\WINDOWS\system32\drivers\parport.sys
22:44:01.0062 0264  C:\WINDOWS\system32\drivers\parport.sys - ok
22:44:01.0078 0264  [ CF24EB4F0412C82BCD1F4F35A025E31D ] C:\WINDOWS\system32\drivers\serial.sys
22:44:01.0078 0264  C:\WINDOWS\system32\drivers\serial.sys - ok
22:44:01.0078 0264  [ 611F824E5C703A5A899F84C5F1699E4D ] C:\WINDOWS\system32\cryptsvc.dll
22:44:01.0078 0264  C:\WINDOWS\system32\cryptsvc.dll - ok
22:44:01.0093 0264  [ 7E7D8DD0AFC6EFAA7F39CCF7B222D751 ] C:\WINDOWS\system32\certcli.dll
22:44:01.0093 0264  C:\WINDOWS\system32\certcli.dll - ok
22:44:01.0093 0264  [ D6F603772A789BB3228F310D650B8BD1 ] C:\WINDOWS\system32\qmgr.dll
22:44:01.0093 0264  C:\WINDOWS\system32\qmgr.dll - ok
22:44:01.0109 0264  [ CC54FD59486BEF7CE70275FAC2FD9D34 ] C:\Programme\Java\jre7\bin\jqs.exe
22:44:01.0109 0264  C:\Programme\Java\jre7\bin\jqs.exe - ok
22:44:01.0109 0264  [ CB66BF85BF599BEFD6C6A57C2E20357F ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
22:44:01.0109 0264  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
22:44:01.0125 0264  [ DC6A38A2A41B2B40BE3F143203872479 ] C:\WINDOWS\system32\shfolder.dll
22:44:01.0125 0264  C:\WINDOWS\system32\shfolder.dll - ok
22:44:01.0125 0264  [ E07A0AAD5EEAC79210F1FB469CFCE6A2 ] C:\WINDOWS\system32\winhttp.dll
22:44:01.0125 0264  C:\WINDOWS\system32\winhttp.dll - ok
22:44:01.0140 0264  [ AF4F6B5739D18CA7972AB53E091CBC74 ] C:\WINDOWS\system32\es.dll
22:44:01.0140 0264  C:\WINDOWS\system32\es.dll - ok
22:44:01.0140 0264  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Programme\Java\jre7\bin\msvcr100.dll
22:44:01.0140 0264  C:\Programme\Java\jre7\bin\msvcr100.dll - ok
22:44:01.0156 0264  [ 877C18558D70587AA7823A1A308AC96B ] C:\WINDOWS\system32\ersvc.dll
22:44:01.0156 0264  C:\WINDOWS\system32\ersvc.dll - ok
22:44:01.0156 0264  [ E6D88F1F6745BF00B57E7855A2AB696C ] C:\WINDOWS\system32\netman.dll
22:44:01.0156 0264  C:\WINDOWS\system32\netman.dll - ok
22:44:01.0171 0264  [ 121E5C473F0AD53BCFDB6E8181C44F81 ] C:\WINDOWS\system32\netshell.dll
22:44:01.0171 0264  C:\WINDOWS\system32\netshell.dll - ok
22:44:01.0171 0264  [ 2BAFC89AF4AAB5E266091D6E4CADF16D ] C:\WINDOWS\system32\pdh.dll
22:44:01.0171 0264  C:\WINDOWS\system32\pdh.dll - ok
22:44:01.0187 0264  [ 03135A829BA0B756A89F7D17E75ABCED ] C:\WINDOWS\system32\odbcbcp.dll
22:44:01.0187 0264  C:\WINDOWS\system32\odbcbcp.dll - ok
22:44:01.0187 0264  [ AFF1657382B09291DCB40ECFD2B673F2 ] C:\WINDOWS\system32\credui.dll
22:44:01.0187 0264  C:\WINDOWS\system32\credui.dll - ok
22:44:01.0203 0264  [ 2BBDCB79900990F0716DFCB714E72DE7 ] C:\WINDOWS\system32\srvsvc.dll
22:44:01.0203 0264  C:\WINDOWS\system32\srvsvc.dll - ok
22:44:01.0203 0264  [ AE1BFF56A081E11208AFFCC7209BF5CE ] C:\WINDOWS\system32\dot3dlg.dll
22:44:01.0203 0264  C:\WINDOWS\system32\dot3dlg.dll - ok
22:44:01.0218 0264  [ 4BAC361B11D8C5F3B38EC668ADD95D60 ] C:\WINDOWS\system32\onex.dll
22:44:01.0218 0264  C:\WINDOWS\system32\onex.dll - ok
22:44:01.0218 0264  [ 72DC0AFC9BDCFEB18F390B937A24E32C ] C:\WINDOWS\system32\ipsecsvc.dll
22:44:01.0218 0264  C:\WINDOWS\system32\ipsecsvc.dll - ok
22:44:01.0234 0264  [ 14FA15EF89423FBFE55F55BB892C5CF2 ] C:\WINDOWS\system32\eappcfg.dll
22:44:01.0234 0264  C:\WINDOWS\system32\eappcfg.dll - ok
22:44:01.0234 0264  [ D8FE1A413745C0677D9AB7211675089D ] C:\WINDOWS\system32\oakley.dll
22:44:01.0234 0264  C:\WINDOWS\system32\oakley.dll - ok
22:44:01.0250 0264  [ D6633FC7D1FCE7DCD7A1FE2564DC4FA6 ] C:\WINDOWS\system32\eappprxy.dll
22:44:01.0250 0264  C:\WINDOWS\system32\eappprxy.dll - ok
22:44:01.0250 0264  [ C6D9B9487143C455C26BFA3D8BE7C445 ] C:\WINDOWS\system32\winipsec.dll
22:44:01.0250 0264  C:\WINDOWS\system32\winipsec.dll - ok
22:44:01.0265 0264  [ 41696F6200C7151CC0A4A26816E3F577 ] C:\WINDOWS\system32\wzcsapi.dll
22:44:01.0265 0264  C:\WINDOWS\system32\wzcsapi.dll - ok
22:44:01.0265 0264  [ AB0B97A27AA94AB681F0B0DD7C1B5E89 ] C:\WINDOWS\system32\psbase.dll
22:44:01.0265 0264  C:\WINDOWS\system32\psbase.dll - ok
22:44:01.0281 0264  [ 1F975474A91306BEFF9A2314A88DB3BF ] C:\WINDOWS\system32\pstorsvc.dll
22:44:01.0281 0264  C:\WINDOWS\system32\pstorsvc.dll - ok
22:44:01.0281 0264  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
22:44:01.0281 0264  C:\WINDOWS\system32\dssenh.dll - ok
22:44:01.0296 0264  [ A3962F4BBFE699B7EFFBBADE608E314F ] C:\WINDOWS\system32\netmsg.dll
22:44:01.0296 0264  C:\WINDOWS\system32\netmsg.dll - ok
22:44:01.0296 0264  [ FE77A85495065F3AD59C5C65B6C54182 ] C:\WINDOWS\system32\srsvc.dll
22:44:01.0296 0264  C:\WINDOWS\system32\srsvc.dll - ok
22:44:01.0312 0264  [ C8C0BDABC966B6C24D337DF0A0A399E1 ] C:\WINDOWS\system32\powrprof.dll
22:44:01.0312 0264  C:\WINDOWS\system32\powrprof.dll - ok
22:44:01.0328 0264  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] C:\WINDOWS\system32\sens.dll
22:44:01.0328 0264  C:\WINDOWS\system32\sens.dll - ok
22:44:01.0343 0264  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] C:\WINDOWS\system32\seclogon.dll
22:44:01.0343 0264  C:\WINDOWS\system32\seclogon.dll - ok
22:44:01.0359 0264  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
22:44:01.0359 0264  C:\WINDOWS\system32\drivers\srv.sys - ok
22:44:01.0359 0264  [ BC2C5985611C5356B24AEB370953DED9 ] C:\WINDOWS\system32\wiaservc.dll
22:44:01.0359 0264  C:\WINDOWS\system32\wiaservc.dll - ok
22:44:01.0375 0264  [ 626504572B175867F30F3215C04B3E2F ] C:\WINDOWS\system32\trkwks.dll
22:44:01.0375 0264  C:\WINDOWS\system32\trkwks.dll - ok
22:44:01.0375 0264  [ FB48C9B0B6382D5AEA6AEEDBDAEA55A3 ] C:\WINDOWS\system32\cfgmgr32.dll
22:44:01.0375 0264  C:\WINDOWS\system32\cfgmgr32.dll - ok
22:44:01.0390 0264  [ D16B8021EE3ADFCD483F24076D8FBC8B ] C:\WINDOWS\system32\mscms.dll
22:44:01.0390 0264  C:\WINDOWS\system32\mscms.dll - ok
22:44:01.0406 0264  [ 6F3F3973D97714CC5F906A19FE883729 ] C:\WINDOWS\system32\wbem\wmisvc.dll
22:44:01.0406 0264  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
22:44:01.0406 0264  [ 6E3FFF4A95EA978E333E53FE7F47E7F6 ] C:\WINDOWS\system32\vssapi.dll
22:44:01.0406 0264  C:\WINDOWS\system32\vssapi.dll - ok
22:44:01.0421 0264  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
22:44:01.0421 0264  C:\WINDOWS\system32\wuaueng.dll - ok
22:44:01.0437 0264  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] C:\WINDOWS\system32\wuauserv.dll
22:44:01.0437 0264  C:\WINDOWS\system32\wuauserv.dll - ok
22:44:01.0437 0264  [ 7659F638CC316E1771E6EE8116AB9309 ] C:\WINDOWS\system32\cabinet.dll
22:44:01.0437 0264  C:\WINDOWS\system32\cabinet.dll - ok
22:44:01.0453 0264  [ 3AA20F72B176DB71033217CEF7A0FAC5 ] C:\WINDOWS\system32\mspatcha.dll
22:44:01.0453 0264  C:\WINDOWS\system32\mspatcha.dll - ok
22:44:01.0453 0264  [ B71549F23736ADF83A571061C47777FD ] C:\WINDOWS\system32\browser.dll
22:44:01.0453 0264  C:\WINDOWS\system32\browser.dll - ok
22:44:01.0468 0264  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] C:\WINDOWS\system32\ipnathlp.dll
22:44:01.0468 0264  C:\WINDOWS\system32\ipnathlp.dll - ok
22:44:01.0484 0264  [ 18D926CD5F5BE2AA73EAD99C02BC719D ] C:\WINDOWS\system32\actxprxy.dll
22:44:01.0484 0264  C:\WINDOWS\system32\actxprxy.dll - ok
22:44:01.0484 0264  [ 300B3E84FAF1A5C1F791C159BA28035D ] C:\WINDOWS\system32\wscsvc.dll
22:44:01.0484 0264  C:\WINDOWS\system32\wscsvc.dll - ok
22:44:01.0500 0264  [ 943407905382C0A6E3993CE5B43076AF ] C:\WINDOWS\system32\msi.dll
22:44:01.0500 0264  C:\WINDOWS\system32\msi.dll - ok
22:44:01.0500 0264  [ F985679AFB1A70679B7B9D873E84D255 ] C:\WINDOWS\system32\query.dll
22:44:01.0500 0264  C:\WINDOWS\system32\query.dll - ok
22:44:01.0515 0264  [ 71958C65E8924C42B674D878A84D4D42 ] C:\WINDOWS\system32\msdtcuiu.dll
22:44:01.0515 0264  C:\WINDOWS\system32\msdtcuiu.dll - ok
22:44:01.0531 0264  [ 973E32A975EFFCC4B430EE8E5D2B580B ] C:\WINDOWS\system32\mfc42u.dll
22:44:01.0531 0264  C:\WINDOWS\system32\mfc42u.dll - ok
22:44:01.0531 0264  [ 8747DA0A28057B6EF2366E4C951A23F5 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
22:44:01.0531 0264  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
22:44:01.0546 0264  [ 517A94B722F607B904061447939D7924 ] C:\WINDOWS\system32\wbem\wbemprox.dll
22:44:01.0546 0264  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
22:44:01.0546 0264  [ 90075AE5778A16AD07A030377E2E95CD ] C:\WINDOWS\system32\comsvcs.dll
22:44:01.0546 0264  C:\WINDOWS\system32\comsvcs.dll - ok
22:44:01.0562 0264  [ FFEE7318A3B03BD498989D6104E2BFC0 ] C:\WINDOWS\system32\msdtcprx.dll
22:44:01.0562 0264  C:\WINDOWS\system32\msdtcprx.dll - ok
22:44:01.0562 0264  [ A5BB2A55DB80F0C78D79F6BF9AAA6E43 ] C:\WINDOWS\system32\mtxclu.dll
22:44:01.0562 0264  C:\WINDOWS\system32\mtxclu.dll - ok
22:44:01.0578 0264  [ 7CFDED5C3DC1B5843CBAAECF6868CBD0 ] C:\WINDOWS\system32\mfc42loc.dll
22:44:01.0578 0264  C:\WINDOWS\system32\mfc42loc.dll - ok
22:44:01.0578 0264  [ F0C803D84B89B2EA3CDB5580CECC15E3 ] C:\WINDOWS\system32\wsock32.dll
22:44:01.0578 0264  C:\WINDOWS\system32\wsock32.dll - ok
22:44:01.0593 0264  [ B601A34A1BC3FFF07B005BC91FF58500 ] C:\WINDOWS\system32\clusapi.dll
22:44:01.0593 0264  C:\WINDOWS\system32\clusapi.dll - ok
22:44:01.0593 0264  [ 17E6FA7A7EBE1864DD5DDCD66D2735DF ] C:\WINDOWS\system32\colbact.dll
22:44:01.0593 0264  C:\WINDOWS\system32\colbact.dll - ok
22:44:01.0609 0264  [ 241F738F1F3F67297066898C6322E794 ] C:\WINDOWS\system32\resutils.dll
22:44:01.0609 0264  C:\WINDOWS\system32\resutils.dll - ok
22:44:01.0609 0264  [ 8B42C14DA903681760079C1E12D8B4DA ] C:\WINDOWS\system32\wbem\wbemcore.dll
22:44:01.0609 0264  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
22:44:01.0625 0264  [ 5F07EDF60DC19981238A0D8A9622535D ] C:\WINDOWS\system32\wbem\esscli.dll
22:44:01.0625 0264  C:\WINDOWS\system32\wbem\esscli.dll - ok
22:44:01.0625 0264  [ 5039B29D5678B19B116313FF17D3BEBB ] C:\WINDOWS\system32\wbem\fastprox.dll
22:44:01.0625 0264  C:\WINDOWS\system32\wbem\fastprox.dll - ok
22:44:01.0640 0264  [ F4E0C344DDBD3F1DD43B438009A06B77 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
22:44:01.0640 0264  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
22:44:01.0640 0264  [ BBF69BCF56B41E590B3F52719D002DB3 ] C:\WINDOWS\system32\wbem\wmiutils.dll
22:44:01.0640 0264  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
22:44:01.0656 0264  [ 818DD7B94AF1CF471DA45FBF71513C03 ] C:\PROGRA~1\GEMEIN~1\System\MSMAPI\1031\MSMAPI32.DLL
22:44:01.0656 0264  C:\PROGRA~1\GEMEIN~1\System\MSMAPI\1031\MSMAPI32.DLL - ok
22:44:01.0656 0264  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
22:44:01.0656 0264  C:\WINDOWS\system32\wups.dll - ok
22:44:01.0671 0264  [ 61E5A4949B77DFF8A776C3C45383AF2E ] C:\WINDOWS\system32\wbem\repdrvfs.dll
22:44:01.0671 0264  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
22:44:01.0671 0264  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
22:44:01.0671 0264  C:\WINDOWS\system32\wups2.dll - ok
22:44:01.0687 0264  [ 02F9FA9C679A2BFF4F5A8151619F42CF ] C:\WINDOWS\system32\mlang.dll
22:44:01.0687 0264  C:\WINDOWS\system32\mlang.dll - ok
22:44:01.0687 0264  [ 251C11444F614DE5FA47ECF7275E7BF1 ] C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSO.DLL
22:44:01.0687 0264  C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSO.DLL - ok
22:44:01.0703 0264  [ 65F97FA4F5761F74200456AA942E9866 ] C:\WINDOWS\system32\xmlprovi.dll
22:44:01.0703 0264  C:\WINDOWS\system32\xmlprovi.dll - ok
22:44:01.0703 0264  [ 7D042D1A9CB2E6E44875B51AD55A305A ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
22:44:01.0703 0264  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
22:44:01.0718 0264  [ 885CE91BDCDECEDCA6DB0E59D48FB43D ] C:\WINDOWS\system32\wbem\wbemess.dll
22:44:01.0718 0264  C:\WINDOWS\system32\wbem\wbemess.dll - ok
22:44:01.0718 0264  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
22:44:01.0718 0264  C:\WINDOWS\system32\wuauclt.exe - ok
22:44:01.0734 0264  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
22:44:01.0734 0264  C:\WINDOWS\system32\wuapi.dll - ok
22:44:01.0750 0264  [ 755A529EF5EA3960835507A727FABE56 ] C:\WINDOWS\system32\wbem\ncprov.dll
22:44:01.0750 0264  C:\WINDOWS\system32\wbem\ncprov.dll - ok
22:44:01.0750 0264  [ 4CE772E935114095695D3F75E999631C ] C:\WINDOWS\system32\perfdisk.dll
22:44:01.0750 0264  C:\WINDOWS\system32\perfdisk.dll - ok
22:44:01.0765 0264  [ 5EBA4A1E0BEC4C3EEF814B210B0DE871 ] C:\WINDOWS\system32\perfnet.dll
22:44:01.0765 0264  C:\WINDOWS\system32\perfnet.dll - ok
22:44:01.0765 0264  [ D572DC556BB594976D4D179E5B9B41B9 ] C:\WINDOWS\system32\perfos.dll
22:44:01.0765 0264  C:\WINDOWS\system32\perfos.dll - ok
22:44:01.0781 0264  [ E2EE17F580E02D3997B7352ED02A768B ] C:\WINDOWS\system32\pschdprf.dll
22:44:01.0781 0264  C:\WINDOWS\system32\pschdprf.dll - ok
22:44:01.0781 0264  [ 0B7A5B82FBB8D2D9F7CEEFB8A74C06C6 ] C:\WINDOWS\system32\rasctrs.dll
22:44:01.0781 0264  C:\WINDOWS\system32\rasctrs.dll - ok
22:44:01.0796 0264  [ 8209C58DB27DCD32579F8EEB585F32FE ] C:\WINDOWS\system32\rsvpperf.dll
22:44:01.0796 0264  C:\WINDOWS\system32\rsvpperf.dll - ok
22:44:01.0796 0264  [ 926F5A50F62B7CDC87BEEB3527B4F2A8 ] C:\WINDOWS\system32\traffic.dll
22:44:01.0796 0264  C:\WINDOWS\system32\traffic.dll - ok
22:44:01.0812 0264  [ 169CE93F21B50E404593ED7B3BA60E40 ] C:\WINDOWS\system32\localspl.dll
22:44:01.0812 0264  C:\WINDOWS\system32\localspl.dll - ok
22:44:01.0812 0264  [ CD1A323D787B738DDE0D62AA28214E16 ] C:\WINDOWS\system32\cnbjmon.dll
22:44:01.0812 0264  C:\WINDOWS\system32\cnbjmon.dll - ok
22:44:01.0828 0264  [ C7636BA48F5BA08AD427E6FBECC32679 ] C:\WINDOWS\system32\wbem\wbemcons.dll
22:44:01.0828 0264  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
22:44:01.0828 0264  [ CF0376023360AADD55C89BA50564AFDC ] C:\WINDOWS\system32\mdimon.dll
22:44:01.0828 0264  C:\WINDOWS\system32\mdimon.dll - ok
22:44:01.0843 0264  [ 190CD73D4984F94D823F9444980513E5 ] C:\WINDOWS\system32\alg.exe
22:44:01.0843 0264  C:\WINDOWS\system32\alg.exe - ok
22:44:01.0843 0264  [ 1574DD9D409F2DC45CF82C22B99164A4 ] C:\WINDOWS\system32\pdfcmnnt.dll
22:44:01.0843 0264  C:\WINDOWS\system32\pdfcmnnt.dll - ok
22:44:01.0859 0264  [ 27EB9D671497EA236E6B59EB9EDE3607 ] C:\WINDOWS\system32\cscui.dll
22:44:01.0859 0264  C:\WINDOWS\system32\cscui.dll - ok
22:44:01.0859 0264  [ C9DF83C3A1D58C59FF0E0924FCA858C1 ] C:\WINDOWS\system32\dpcdll.dll
22:44:01.0859 0264  C:\WINDOWS\system32\dpcdll.dll - ok
22:44:01.0875 0264  [ 9B0B5DF56025F6E48C17C7BA75310D35 ] C:\WINDOWS\system32\pjlmon.dll
22:44:01.0875 0264  C:\WINDOWS\system32\pjlmon.dll - ok
22:44:01.0890 0264  [ CA8AA75C4DC6A48D65949A30CE46C970 ] C:\WINDOWS\system32\tcpmon.dll
22:44:01.0890 0264  C:\WINDOWS\system32\tcpmon.dll - ok
22:44:01.0890 0264  [ E7BB3BF2DFDF4483DFF8A4AB05805416 ] C:\WINDOWS\system32\usbmon.dll
22:44:01.0890 0264  C:\WINDOWS\system32\usbmon.dll - ok
22:44:01.0906 0264  [ 58E13A2292839321D3CDC918D5A4F5AE ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
22:44:01.0906 0264  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
22:44:01.0921 0264  [ B9E1B91828711D12BBF27C3A29255127 ] C:\WINDOWS\system32\netcfgx.dll
22:44:01.0921 0264  C:\WINDOWS\system32\netcfgx.dll - ok
22:44:01.0921 0264  [ 4333010681772735474A64D984F175AB ] C:\WINDOWS\system32\win32spl.dll
22:44:01.0921 0264  C:\WINDOWS\system32\win32spl.dll - ok
22:44:01.0937 0264  [ 0E892525F035A10857E33153CF65CE6C ] C:\WINDOWS\system32\netrap.dll
22:44:01.0937 0264  C:\WINDOWS\system32\netrap.dll - ok
22:44:01.0953 0264  [ 4BAB096EE0673DE722536F0274DA2373 ] C:\WINDOWS\system32\inetpp.dll
22:44:01.0953 0264  C:\WINDOWS\system32\inetpp.dll - ok
22:44:01.0953 0264  [ 78908CC0EEAE43DE90B07C1A2DA298D7 ] C:\WINDOWS\system32\tapiperf.dll
22:44:01.0953 0264  C:\WINDOWS\system32\tapiperf.dll - ok
22:44:01.0968 0264  [ C47FD93010649AC0D79022D9B69ADBE4 ] C:\WINDOWS\system32\perfctrs.dll
22:44:01.0968 0264  C:\WINDOWS\system32\perfctrs.dll - ok
22:44:01.0984 0264  [ F938C6DDF7F7791C53BD8E55F723016A ] C:\WINDOWS\system32\perfts.dll
22:44:01.0984 0264  C:\WINDOWS\system32\perfts.dll - ok
22:44:01.0984 0264  [ B0D56545C7297F4328496F4EE9ACD36D ] C:\WINDOWS\system32\utildll.dll
22:44:01.0984 0264  C:\WINDOWS\system32\utildll.dll - ok
22:44:02.0000 0264  [ CD1F8B68515120EBAC5A1E3BAD5199C4 ] C:\WINDOWS\system32\loadperf.dll
22:44:02.0000 0264  C:\WINDOWS\system32\loadperf.dll - ok
22:44:02.0000 0264  [ 45EDC8B9C1024EC31165ECAA913170C9 ] C:\WINDOWS\system32\wbem\wmiaprpl.dll
22:44:02.0000 0264  C:\WINDOWS\system32\wbem\wmiaprpl.dll - ok
22:44:02.0015 0264  [ 93908111BA57A6E60EC2FA2DE202105C ] C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:44:02.0015 0264  C:\WINDOWS\system32\wbem\wmiapsrv.exe - ok
22:44:02.0031 0264  [ 61A613C915E5929DCE1F36EEF6174840 ] C:\WINDOWS\system32\wbem\wmiapres.dll
22:44:02.0031 0264  C:\WINDOWS\system32\wbem\wmiapres.dll - ok
22:44:02.0031 0264  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
22:44:02.0031 0264  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
22:44:02.0046 0264  [ 11BCA3CC1F77872E1F5D5582EA1B21B4 ] C:\WINDOWS\system32\wbem\wmiprov.dll
22:44:02.0046 0264  C:\WINDOWS\system32\wbem\wmiprov.dll - ok
22:44:02.0046 0264  [ E5517D0908CA75EEF9633A93FF3F0408 ] C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
22:44:02.0046 0264  C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe - ok
22:44:02.0046 0264  [ 076F8AC2089FABF2735319AE4B7884DC ] C:\WINDOWS\pchealth\helpctr\binaries\HCAppRes.dll
22:44:02.0046 0264  C:\WINDOWS\pchealth\helpctr\binaries\HCAppRes.dll - ok
22:44:02.0062 0264  [ 0E8A6DDFC40829987E8363035358D6D5 ] C:\WINDOWS\system32\msxml3.dll
22:44:02.0062 0264  C:\WINDOWS\system32\msxml3.dll - ok
22:44:02.0062 0264  [ F0DEC5BB10D126DB5E2B720DEAE32BA7 ] C:\WINDOWS\system32\urlmon.dll
22:44:02.0062 0264  C:\WINDOWS\system32\urlmon.dll - ok
22:44:02.0078 0264  [ 788F95312E26389D596C0FA55834E106 ] C:\WINDOWS\system32\userinit.exe
22:44:02.0078 0264  C:\WINDOWS\system32\userinit.exe - ok
22:44:02.0078 0264  [ B7DE02C863D8F5A005A7BF375375A6A4 ] C:\WINDOWS\system32\termsrv.dll
22:44:02.0078 0264  C:\WINDOWS\system32\termsrv.dll - ok
22:44:02.0093 0264  [ 39E63B4B76CB20E20949FCC6DE1BC630 ] C:\WINDOWS\system32\icaapi.dll
22:44:02.0093 0264  C:\WINDOWS\system32\icaapi.dll - ok
22:44:02.0093 0264  [ F0D12C9FA5F8C3ED9329418FFDC4FE4C ] C:\WINDOWS\system32\mstlsapi.dll
22:44:02.0093 0264  C:\WINDOWS\system32\mstlsapi.dll - ok
22:44:02.0109 0264  [ 418045A93CD87A352098AB7DABE1B53E ] C:\WINDOWS\explorer.exe
22:44:02.0109 0264  C:\WINDOWS\explorer.exe - ok
22:44:02.0109 0264  [ 62982E7EF025B5D8FB31467265C43918 ] C:\WINDOWS\system32\browseui.dll
22:44:02.0109 0264  C:\WINDOWS\system32\browseui.dll - ok
22:44:02.0125 0264  [ 973E64C750F09CC12E1669EAA663EA20 ] C:\WINDOWS\system32\shdocvw.dll
22:44:02.0125 0264  C:\WINDOWS\system32\shdocvw.dll - ok
22:44:02.0125 0264  [ 4B0451C5A07470A3722171E354ABDADE ] C:\WINDOWS\system32\desk.cpl
22:44:02.0125 0264  C:\WINDOWS\system32\desk.cpl - ok
22:44:02.0140 0264  [ 78898165CF0E27AFBD8653EF6D2FDA07 ] C:\WINDOWS\system32\themeui.dll
22:44:02.0140 0264  C:\WINDOWS\system32\themeui.dll - ok
22:44:02.0140 0264  [ DC4E223F5813150073FB5CC63D13293B ] C:\WINDOWS\system32\msimg32.dll
22:44:02.0140 0264  C:\WINDOWS\system32\msimg32.dll - ok
22:44:02.0156 0264  [ 9B890F756D087991322464912FE68E75 ] C:\WINDOWS\system32\cmd.exe
22:44:02.0156 0264  C:\WINDOWS\system32\cmd.exe - ok
22:44:02.0156 0264  [ 7469B9D06F0299273769C3E5365F5469 ] C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
22:44:02.0156 0264  C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL - ok
22:44:02.0171 0264  [ 1E0F679850BE4C4BE029665AD41E8336 ] C:\WINDOWS\system32\ieframe.dll
22:44:02.0171 0264  C:\WINDOWS\system32\ieframe.dll - ok
22:44:02.0187 0264  [ 6971807D9AF9976AB0B85CB650BA40BB ] C:\Programme\Java\jre7\bin\awt.dll
22:44:02.0187 0264  C:\Programme\Java\jre7\bin\awt.dll - ok
22:44:02.0187 0264  [ 6C0E14BA5F9D9E3BC5380DBB5FD55B00 ] C:\Programme\Java\jre7\bin\client\jvm.dll
22:44:02.0187 0264  C:\Programme\Java\jre7\bin\client\jvm.dll - ok
22:44:02.0203 0264  [ 08FCA80E6EC14F5541AC2B4784393136 ] C:\Programme\Java\jre7\bin\dcpr.dll
22:44:02.0203 0264  C:\Programme\Java\jre7\bin\dcpr.dll - ok
22:44:02.0203 0264  [ 6BF0F15DAD78470E8601EE1D22A8F1A6 ] C:\Programme\Java\jre7\bin\deploy.dll
22:44:02.0203 0264  C:\Programme\Java\jre7\bin\deploy.dll - ok
22:44:02.0218 0264  [ 6BC44653E01114A8A06EB449B807F198 ] C:\Programme\Java\jre7\bin\fontmanager.dll
22:44:02.0218 0264  C:\Programme\Java\jre7\bin\fontmanager.dll - ok
22:44:02.0218 0264  [ 83C2FB83FB69C91A495EB867E5C06A06 ] C:\Programme\Java\jre7\bin\java.dll
22:44:02.0218 0264  C:\Programme\Java\jre7\bin\java.dll - ok
22:44:02.0234 0264  [ ABC4230E67C8E68E070A22C1E4A8F673 ] C:\Programme\Java\jre7\bin\javaw.exe
22:44:02.0234 0264  C:\Programme\Java\jre7\bin\javaw.exe - ok
22:44:02.0234 0264  [ 6BAF42F15D0A20B02FAA2820A2772109 ] C:\Programme\Java\jre7\bin\jp2native.dll
22:44:02.0234 0264  C:\Programme\Java\jre7\bin\jp2native.dll - ok
22:44:02.0250 0264  [ E772CDB9E02002CB20E649F2F0830B7B ] C:\Programme\Java\jre7\bin\jpeg.dll
22:44:02.0250 0264  C:\Programme\Java\jre7\bin\jpeg.dll - ok
22:44:02.0250 0264  [ BF403AAB2B1C843508F71656C883DDFD ] C:\Programme\Java\jre7\bin\net.dll
22:44:02.0250 0264  C:\Programme\Java\jre7\bin\net.dll - ok
22:44:02.0265 0264  [ 111AE4EE3F0AC53CE6EA9F729F2338DC ] C:\Programme\Java\jre7\bin\nio.dll
22:44:02.0265 0264  C:\Programme\Java\jre7\bin\nio.dll - ok
22:44:02.0265 0264  [ FBAB08EAD3129E9D2A35C48191D63DFB ] C:\Programme\Java\jre7\bin\verify.dll
22:44:02.0265 0264  C:\Programme\Java\jre7\bin\verify.dll - ok
22:44:02.0281 0264  [ 6F67F25408FB60B1205CDC566CFE06C7 ] C:\Programme\Java\jre7\bin\zip.dll
22:44:02.0281 0264  C:\Programme\Java\jre7\bin\zip.dll - ok
22:44:02.0281 0264  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOKUME~1\Frank\LOKALE~1\temp\78BBC6AF-30D9-4E36-ADAB-DB10B4CC28B1.exe
22:44:02.0281 0264  C:\DOKUME~1\Frank\LOKALE~1\temp\78BBC6AF-30D9-4E36-ADAB-DB10B4CC28B1.exe - ok
22:44:02.0296 0264  [ 32462D36530C5039034B5C8230DA7492 ] C:\WINDOWS\system32\wbem\cimwin32.dll
22:44:02.0296 0264  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
22:44:02.0296 0264  [ 5543A9D4A1D0F9F84092482A9373A024 ] C:\WINDOWS\system32\linkinfo.dll
22:44:02.0296 0264  C:\WINDOWS\system32\linkinfo.dll - ok
22:44:02.0296 0264  [ 6AD81A33FE1E1DBB7A1E332C20160D05 ] C:\WINDOWS\system32\ntshrui.dll
22:44:02.0296 0264  C:\WINDOWS\system32\ntshrui.dll - ok
22:44:02.0312 0264  [ 1A40193DCA65EE985430F6BA9788BFDA ] C:\WINDOWS\system32\wbem\framedyn.dll
22:44:02.0312 0264  C:\WINDOWS\system32\wbem\framedyn.dll - ok
22:44:02.0312 0264  [ FDDE6D1F6A2B5CA20E19864E350E71ED ] C:\WINDOWS\system32\wbem\xml\wmi2xml.dll
22:44:02.0328 0264  C:\WINDOWS\system32\wbem\xml\wmi2xml.dll - ok
22:44:02.0328 0264  [ 712E48248A0D16D996D4F3A79CF485A8 ] C:\WINDOWS\system32\verclsid.exe
22:44:02.0328 0264  C:\WINDOWS\system32\verclsid.exe - ok
22:44:02.0343 0264  [ 751EE923FCF5D8226644E663911F6125 ] C:\WINDOWS\system32\webcheck.dll
22:44:02.0343 0264  C:\WINDOWS\system32\webcheck.dll - ok
22:44:02.0343 0264  [ 390679F7A217A5E73D756276C40AE887 ] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
22:44:02.0343 0264  C:\Programme\Spybot - Search & Destroy\TeaTimer.exe - ok
22:44:02.0359 0264  [ DE2CD737BB7C6B2F391D54A06C1B80A1 ] C:\WINDOWS\system32\stobject.dll
22:44:02.0359 0264  C:\WINDOWS\system32\stobject.dll - ok
22:44:02.0359 0264  [ 24ABEFFDE26EDD53F33187FB46068876 ] C:\WINDOWS\system32\upnp.dll
22:44:02.0359 0264  C:\WINDOWS\system32\upnp.dll - ok
22:44:02.0375 0264  [ F84AC3459F5ED9B77BC38C481F744729 ] C:\WINDOWS\system32\batmeter.dll
22:44:02.0375 0264  C:\WINDOWS\system32\batmeter.dll - ok
22:44:02.0375 0264  [ 3F541BFA1043223844EBBFEBE3ED1AD8 ] C:\WINDOWS\system32\ssdpapi.dll
22:44:02.0375 0264  C:\WINDOWS\system32\ssdpapi.dll - ok
22:44:02.0390 0264  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
22:44:02.0390 0264  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
22:44:02.0390 0264  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\29628597.sys
22:44:02.0390 0264  C:\WINDOWS\system32\drivers\29628597.sys - ok
22:44:02.0406 0264  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
22:44:02.0406 0264  C:\WINDOWS\system32\drivers\http.sys - ok
22:44:02.0406 0264  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] C:\WINDOWS\system32\ssdpsrv.dll
22:44:02.0406 0264  C:\WINDOWS\system32\ssdpsrv.dll - ok
22:44:02.0421 0264  [ 0C4C0E39C4E94DE73E2FC4853898463D ] C:\WINDOWS\system32\mydocs.dll
22:44:02.0421 0264  C:\WINDOWS\system32\mydocs.dll - ok
22:44:02.0421 0264  [ 01B4E6E990B6C5EA8856D96C7FD044B2 ] C:\WINDOWS\system32\ctfmon.exe
22:44:02.0421 0264  C:\WINDOWS\system32\ctfmon.exe - ok
22:44:02.0437 0264  [ 64B0B8BA0F5F1DADE2159D99DBF48E99 ] C:\WINDOWS\system32\wbem\mofd.dll
22:44:02.0437 0264  C:\WINDOWS\system32\wbem\mofd.dll - ok
22:44:02.0437 0264  [ A4472EA73BFB27132483F86BAFCD7783 ] C:\WINDOWS\system32\msctf.dll
22:44:02.0437 0264  C:\WINDOWS\system32\msctf.dll - ok
22:44:02.0453 0264  [ 09C12AA4676B24A11BAA183AF09CE371 ] C:\WINDOWS\system32\qmgrprxy.dll
22:44:02.0453 0264  C:\WINDOWS\system32\qmgrprxy.dll - ok
22:44:02.0453 0264  [ 65657A27D1487BAAFE446ED3E20D2209 ] C:\WINDOWS\system32\msutb.dll
22:44:02.0453 0264  C:\WINDOWS\system32\msutb.dll - ok
22:44:02.0468 0264  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
22:44:02.0468 0264  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
22:44:02.0468 0264  [ 2F9E20F8741E32076D498F39EBA71C16 ] C:\WINDOWS\system32\hhctrl.ocx
22:44:02.0468 0264  C:\WINDOWS\system32\hhctrl.ocx - ok
22:44:02.0484 0264  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
22:44:02.0484 0264  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
22:44:02.0484 0264  [ 456DFE2E9E04CAD282E19DE078DCF85B ] C:\WINDOWS\ime\sptip.dll
22:44:02.0484 0264  C:\WINDOWS\ime\sptip.dll - ok
22:44:02.0500 0264  [ 5257778EDF2F2DDD882DAB24AACE9C08 ] C:\WINDOWS\system32\mui\0007\hhctrlui.dll
22:44:02.0500 0264  C:\WINDOWS\system32\mui\0007\hhctrlui.dll - ok
22:44:02.0500 0264  [ 686CB1F7EF455C5FD77DB60E3EADFDFE ] C:\WINDOWS\system32\security.dll
22:44:02.0500 0264  C:\WINDOWS\system32\security.dll - ok
22:44:02.0515 0264  [ 5E7D78E61129FF8B4E129C000B52F5FB ] C:\WINDOWS\system32\asfsipc.dll
22:44:02.0515 0264  C:\WINDOWS\system32\asfsipc.dll - ok
22:44:02.0515 0264  [ CD554362B82587991A244CF563283F63 ] C:\WINDOWS\system32\msisip.dll
22:44:02.0515 0264  C:\WINDOWS\system32\msisip.dll - ok
22:44:02.0531 0264  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
22:44:02.0531 0264  C:\WINDOWS\system32\oleacc.dll - ok
22:44:02.0531 0264  [ E7908D45F5955CF4091CCA8FD77658CA ] C:\WINDOWS\system32\wshext.dll
22:44:02.0546 0264  C:\WINDOWS\system32\wshext.dll - ok
22:44:02.0546 0264  [ F0B0D86C7E5CE1781BB92F300169A257 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
22:44:02.0546 0264  C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
22:44:02.0562 0264  [ 0FA6C84291C7100592F1491BDB830A0F ] C:\Programme\MagicDisc\MagicDisc.exe
22:44:02.0562 0264  C:\Programme\MagicDisc\MagicDisc.exe - ok
22:44:02.0562 0264  [ C7D52D82BBA5A53DD9C7A7AB2723289C ] C:\WINDOWS\system32\wbem\wmipcima.dll
22:44:02.0562 0264  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
22:44:02.0578 0264  [ 31940D74AE890495C73E37482F150DC3 ] C:\WINDOWS\system32\rasdlg.dll
22:44:02.0578 0264  C:\WINDOWS\system32\rasdlg.dll - ok
22:44:02.0578 0264  [ 7C6842469CCE34FB33D6CB5FAAE0E6F5 ] C:\WINDOWS\system32\jsproxy.dll
22:44:02.0578 0264  C:\WINDOWS\system32\jsproxy.dll - ok
22:44:02.0593 0264  [ 441A5040310464A7D3F2D8D3F444748C ] C:\WINDOWS\system32\dskquota.dll
22:44:02.0593 0264  C:\WINDOWS\system32\dskquota.dll - ok
22:44:02.0593 0264  [ 9CCA73FCC509C52D322A7C2898CD9D08 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
22:44:02.0593 0264  C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL - ok
22:44:02.0609 0264  [ 58ED0528F2B1BFB3301BC10E0E707C35 ] C:\Programme\Mozilla Firefox\firefox.exe
22:44:02.0609 0264  C:\Programme\Mozilla Firefox\firefox.exe - ok
22:44:02.0625 0264  [ 567DA4B2C285EA0B6E8953223AD3B98A ] C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
22:44:02.0625 0264  C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL - ok
22:44:02.0625 0264  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Programme\Mozilla Firefox\msvcr100.dll
22:44:02.0625 0264  C:\Programme\Mozilla Firefox\msvcr100.dll - ok
22:44:02.0640 0264  [ 365D6248953729F90D8A0CAEAEDFCC7A ] C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
22:44:02.0640 0264  C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll - ok
22:44:02.0640 0264  [ 262D86B6E19F7A4766402981B07D9F61 ] C:\Programme\Mozilla Firefox\mozglue.dll
22:44:02.0640 0264  C:\Programme\Mozilla Firefox\mozglue.dll - ok
22:44:02.0656 0264  [ 5294E28996A54959E53FDF1956CF8888 ] C:\Programme\Mozilla Firefox\nspr4.dll
22:44:02.0656 0264  C:\Programme\Mozilla Firefox\nspr4.dll - ok
22:44:02.0656 0264  [ 03E9314004F504A14A61C3D364B62F66 ] C:\Programme\Mozilla Firefox\msvcp100.dll
22:44:02.0656 0264  C:\Programme\Mozilla Firefox\msvcp100.dll - ok
22:44:02.0671 0264  [ 4CA195A73CF64142D50B387B07289A64 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
22:44:02.0671 0264  C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll - ok
22:44:02.0671 0264  [ 446AC8F3111F24910EB37BFED0C9D2E8 ] C:\Programme\Gemeinsame Dateien\Microsoft Shared\MODI\11.0\1031\MSPLCRES.DLL
22:44:02.0671 0264  C:\Programme\Gemeinsame Dateien\Microsoft Shared\MODI\11.0\1031\MSPLCRES.DLL - ok
22:44:02.0687 0264  [ 577A365E730736D3DC2FB870156D1BB8 ] C:\Programme\Mozilla Firefox\mozjs.dll
22:44:02.0687 0264  C:\Programme\Mozilla Firefox\mozjs.dll - ok
22:44:02.0687 0264  [ FCDB95CAD0F44BA045CB6E7620F2E3D4 ] C:\Programme\Mozilla Firefox\plc4.dll
22:44:02.0687 0264  C:\Programme\Mozilla Firefox\plc4.dll - ok
22:44:02.0703 0264  [ CC6B544120760F0AE1146927447AF319 ] C:\Programme\Mozilla Firefox\plds4.dll
22:44:02.0703 0264  C:\Programme\Mozilla Firefox\plds4.dll - ok
22:44:02.0703 0264  [ 810D3D884387DAE0E1C1A5010C12508A ] C:\Programme\Mozilla Firefox\nssutil3.dll
22:44:02.0703 0264  C:\Programme\Mozilla Firefox\nssutil3.dll - ok
22:44:02.0718 0264  [ 06798CDC2698C0798089B44124C77253 ] C:\Programme\Mozilla Firefox\nss3.dll
22:44:02.0718 0264  C:\Programme\Mozilla Firefox\nss3.dll - ok
22:44:02.0718 0264  [ 165BEB6D3C856AD618E6E95B4D69217A ] C:\Programme\Mozilla Firefox\smime3.dll
22:44:02.0718 0264  C:\Programme\Mozilla Firefox\smime3.dll - ok
22:44:02.0734 0264  [ F7868F18670E0D7D7D161C5F093F19CB ] C:\Programme\Mozilla Firefox\ssl3.dll
22:44:02.0734 0264  C:\Programme\Mozilla Firefox\ssl3.dll - ok
22:44:02.0734 0264  [ 574299294DB5E98F963BBA61E0112C58 ] C:\Programme\Mozilla Firefox\mozsqlite3.dll
22:44:02.0734 0264  C:\Programme\Mozilla Firefox\mozsqlite3.dll - ok
22:44:02.0750 0264  [ F6886DA015E93A5B42304BA3A5FD8E23 ] C:\Programme\Mozilla Firefox\mozalloc.dll
22:44:02.0750 0264  C:\Programme\Mozilla Firefox\mozalloc.dll - ok
22:44:02.0750 0264  [ 12439FD1B08CE5EAD888A7467086CFF6 ] C:\Programme\Mozilla Firefox\gkmedias.dll
22:44:02.0750 0264  C:\Programme\Mozilla Firefox\gkmedias.dll - ok
22:44:02.0765 0264  [ 45954AFB7AE6E29B23C56B830C820A11 ] C:\WINDOWS\system32\usp10.dll
22:44:02.0765 0264  C:\WINDOWS\system32\usp10.dll - ok
22:44:02.0765 0264  [ 2D74DA2F9DCFA013158BAA5D5B17C5B3 ] C:\Programme\Mozilla Firefox\xul.dll
22:44:02.0765 0264  C:\Programme\Mozilla Firefox\xul.dll - ok
22:44:02.0781 0264  [ 5BE3C41CAF78D0358C7BA33FC4F59256 ] C:\WINDOWS\system32\msdmo.dll
22:44:02.0781 0264  C:\WINDOWS\system32\msdmo.dll - ok
22:44:02.0781 0264  [ 0098E4B99614900C33F795A81635EAE1 ] C:\Programme\Mozilla Firefox\xpcom.dll
22:44:02.0781 0264  C:\Programme\Mozilla Firefox\xpcom.dll - ok
22:44:02.0796 0264  [ 4489039D3E2A17F795A774C5ECCCA0C2 ] C:\WINDOWS\system32\dbghelp.dll
22:44:02.0796 0264  C:\WINDOWS\system32\dbghelp.dll - ok
22:44:02.0796 0264  [ C60B1A819F38C05254E7035701B83919 ] C:\WINDOWS\system32\drprov.dll
22:44:02.0796 0264  C:\WINDOWS\system32\drprov.dll - ok
22:44:02.0812 0264  [ 6242D532697DF34EA197F0770A361EE6 ] C:\WINDOWS\system32\ntlanman.dll
22:44:02.0812 0264  C:\WINDOWS\system32\ntlanman.dll - ok
22:44:02.0812 0264  [ AA602642E235C46A8C7BF19D20642A89 ] C:\WINDOWS\system32\netui0.dll
22:44:02.0812 0264  C:\WINDOWS\system32\netui0.dll - ok
22:44:02.0828 0264  [ 09AE8DC3E430FA9111A2E2FDB92E305A ] C:\WINDOWS\system32\netui1.dll
22:44:02.0828 0264  C:\WINDOWS\system32\netui1.dll - ok
22:44:02.0828 0264  [ 1204982A78DFFD0D8F8261EC027A456D ] C:\WINDOWS\system32\davclnt.dll
22:44:02.0828 0264  C:\WINDOWS\system32\davclnt.dll - ok
22:44:02.0843 0264  [ E34CA3DE924143F693A5E22B87C5CC4F ] C:\Programme\Mozilla Firefox\components\browsercomps.dll
22:44:02.0843 0264  C:\Programme\Mozilla Firefox\components\browsercomps.dll - ok
22:44:02.0843 0264  [ 7F998E16C6139AC8CD52AFD9B8D429B8 ] C:\WINDOWS\system32\t2embed.dll
22:44:02.0843 0264  C:\WINDOWS\system32\t2embed.dll - ok
22:44:02.0859 0264  [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
22:44:02.0859 0264  C:\WINDOWS\system32\lz32.dll - ok
22:44:02.0859 0264  [ 07A880E2A81D533DAAFBBB9DE9EAC2C4 ] C:\WINDOWS\system32\browselc.dll
22:44:02.0859 0264  C:\WINDOWS\system32\browselc.dll - ok
22:44:02.0875 0264  [ B198CB3B0689B10FDC4C8CCF8C3C3289 ] C:\WINDOWS\system32\taskmgr.exe
22:44:02.0875 0264  C:\WINDOWS\system32\taskmgr.exe - ok
22:44:02.0875 0264  [ 57133712ECF76459FB4117FC2B849D3F ] C:\WINDOWS\system32\feclient.dll
22:44:02.0875 0264  C:\WINDOWS\system32\feclient.dll - ok
22:44:02.0890 0264  [ C2DD2F2E5D10D1C4065439E04FB3D6CC ] C:\WINDOWS\system32\vdmdbg.dll
22:44:02.0890 0264  C:\WINDOWS\system32\vdmdbg.dll - ok
22:44:02.0890 0264  [ 197153B4233375F28600C1E87EFE4881 ] C:\WINDOWS\system32\sensapi.dll
22:44:02.0890 0264  C:\WINDOWS\system32\sensapi.dll - ok
22:44:02.0906 0264  [ 05903CAC4B98908D55EA5774775B382E ] C:\WINDOWS\system32\tapisrv.dll
22:44:02.0906 0264  C:\WINDOWS\system32\tapisrv.dll - ok
22:44:02.0906 0264  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] C:\WINDOWS\system32\rasmans.dll
22:44:02.0906 0264  C:\WINDOWS\system32\rasmans.dll - ok
22:44:02.0921 0264  [ 67F2A1E0D4EF9F276346E9FE5007C6A2 ] C:\WINDOWS\system32\rastapi.dll
22:44:02.0921 0264  C:\WINDOWS\system32\rastapi.dll - ok
22:44:02.0921 0264  [ 4C99AED2AABDEDD7B0C99B62A7E24B3D ] C:\Programme\Mozilla Firefox\softokn3.dll
22:44:02.0921 0264  C:\Programme\Mozilla Firefox\softokn3.dll - ok
22:44:02.0937 0264  [ D31E86BA9D9D3C5608CC916D0C38410D ] C:\Programme\Mozilla Firefox\nssdbm3.dll
22:44:02.0937 0264  C:\Programme\Mozilla Firefox\nssdbm3.dll - ok
22:44:02.0937 0264  [ A0D8D3E40071A2D46A174F358E579FF9 ] C:\WINDOWS\system32\unimdm.tsp
22:44:02.0937 0264  C:\WINDOWS\system32\unimdm.tsp - ok
22:44:02.0953 0264  [ 6880D17F2120260DED52864711FD5D40 ] C:\WINDOWS\system32\uniplat.dll
22:44:02.0953 0264  C:\WINDOWS\system32\uniplat.dll - ok
22:44:02.0953 0264  [ B06643DB1CFFF911F80F03A80FDD6203 ] C:\Programme\Mozilla Firefox\freebl3.dll
22:44:02.0953 0264  C:\Programme\Mozilla Firefox\freebl3.dll - ok
22:44:02.0968 0264  [ B88E7C1BECF19CB7DF5D14C139E1B129 ] C:\WINDOWS\system32\kmddsp.tsp
22:44:02.0968 0264  C:\WINDOWS\system32\kmddsp.tsp - ok
22:44:02.0968 0264  [ B6368A01066D60B47927E70C3FCC4F4E ] C:\WINDOWS\system32\ndptsp.tsp
22:44:02.0968 0264  C:\WINDOWS\system32\ndptsp.tsp - ok
22:44:02.0984 0264  [ FAB9161D01BAFED0FBA37B7EDC2E6C3E ] C:\WINDOWS\system32\ipconf.tsp
22:44:02.0984 0264  C:\WINDOWS\system32\ipconf.tsp - ok
22:44:02.0984 0264  [ 585F0850AEACE07B6D095CA9CBF02226 ] C:\Programme\Mozilla Firefox\nssckbi.dll
22:44:02.0984 0264  C:\Programme\Mozilla Firefox\nssckbi.dll - ok
22:44:03.0000 0264  [ A46C35D2222289E11498E63DC255D9EE ] C:\WINDOWS\system32\h323.tsp
22:44:03.0000 0264  C:\WINDOWS\system32\h323.tsp - ok
22:44:03.0000 0264  [ B469B24EB3B6A5FA2E9AD4679F209A5A ] C:\WINDOWS\system32\hidphone.tsp
22:44:03.0000 0264  C:\WINDOWS\system32\hidphone.tsp - ok
22:44:03.0015 0264  [ 8E1714FC6103F585F00CF2FA883EB33A ] C:\WINDOWS\system32\hid.dll
22:44:03.0015 0264  C:\WINDOWS\system32\hid.dll - ok
22:44:03.0031 0264  [ AD1EA59C74D873AC22FB839B8E3E97F7 ] C:\Programme\Spybot - Search & Destroy\advcheck.dll
22:44:03.0031 0264  C:\Programme\Spybot - Search & Destroy\advcheck.dll - ok
22:44:03.0031 0264  [ 784CE11452CEE7FA71BE94ACABC8D241 ] C:\WINDOWS\system32\rasppp.dll
22:44:03.0031 0264  C:\WINDOWS\system32\rasppp.dll - ok
22:44:03.0046 0264  [ 41AA6EB6D03E14F64CAE4E661C45F5FC ] C:\WINDOWS\system32\ntlsapi.dll
22:44:03.0046 0264  C:\WINDOWS\system32\ntlsapi.dll - ok
22:44:03.0046 0264  [ 1F869848291EFDBE3883B101EDD39025 ] C:\WINDOWS\system32\rasqec.dll
22:44:03.0046 0264  C:\WINDOWS\system32\rasqec.dll - ok
22:44:03.0046 0264  [ 4B57701BDEECED8714EE21C56DADD390 ] C:\WINDOWS\system32\cryptnet.dll
22:44:03.0046 0264  C:\WINDOWS\system32\cryptnet.dll - ok
22:44:03.0062 0264  [ 022C2F6DCCDFA0AD73024D254E62AFAC ] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
22:44:03.0062 0264  C:\PROGRA~1\SPYBOT~1\SDHelper.dll - ok
22:44:03.0062 0264  [ 2766012EA7FC61E58144B6E7E6869CFE ] C:\WINDOWS\system32\faultrep.dll
22:44:03.0062 0264  C:\WINDOWS\system32\faultrep.dll - ok
22:44:03.0078 0264  [ 5D7F5A46975D2E59A6FECB6C231D200F ] C:\WINDOWS\system32\olepro32.dll
22:44:03.0078 0264  C:\WINDOWS\system32\olepro32.dll - ok
22:44:03.0078 0264  [ 178A34E5554DCE485E1262DDF027960C ] C:\Dokumente und Einstellungen\Frank\Desktop\tdsskiller\TDSSKiller.exe
22:44:03.0078 0264  C:\Dokumente und Einstellungen\Frank\Desktop\tdsskiller\TDSSKiller.exe - ok
22:44:03.0093 0264  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\57326949.sys
22:44:03.0093 0264  C:\WINDOWS\system32\drivers\57326949.sys - ok
22:44:03.0093 0264  ============================================================
22:44:03.0093 0264  Scan finished
22:44:03.0093 0264  ============================================================
22:44:03.0125 1792  Detected object count: 0
22:44:03.0125 1792  Actual detected object count: 0


 



#13 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 18 February 2013 - 05:01 PM

One thing I forgot to mention: Often I have to kill the process wuauclt.exe ( windows update searcher?) although updates are the latest, because it makes the machine extremly slow. Can this be an indication of malware as well?



#14 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:12:56 AM

Posted 19 February 2013 - 04:04 AM

Hey userthomas,

Often I have to kill the process wuauclt.exe ( windows update searcher?) although updates are the latest, because it makes the machine extremly slow. Can this be an indication of malware as well?

Unlikely. Probably just Windows getting excited about updates.

I would like to see a fresh run from MBAR please.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#15 userthomas

userthomas
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 19 February 2013 - 06:09 PM

Hi Dark Night,

 

The scan took longer this time but no results, here are the logs:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 189030400

------------ Kernel report ------------
     02/17/2013 18:47:51
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\sisgrp.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\o2mmb.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\srvkp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\SiSGRV.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82b299c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82ba04e0
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.17.05
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82b299c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82b295c8, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff82b29798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82b299c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82ba03c8, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff82ba04e0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe1769350, 0xffffffff82b299c0, 0xffffffff81d18040
Lower DeviceData: 0xffffffffe1761e18, 0xffffffff82ba04e0, 0xffffffff81d199e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Infected: C:\WINDOWS\system32\drivers\acpi.sys --> [Rootkit.RLoader]
Replacement file found for a file C:\WINDOWS\system32\drivers\acpi.sys
File C:\WINDOWS\system32\drivers\acpi.sys --> [Forged file]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70ADA904

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 31503465

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31519530  Numsec = 163846935
    Partition file system is NTFS
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-195351568-195371568)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 177926144

Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 65093632

------------ Kernel report ------------
     02/17/2013 22:40:26
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\sisgrp.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\o2mmb.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\srvkp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\SiSGRV.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\hiber_WMILIB.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82ba9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82b8e5d8
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.17.06
Downloaded database version: v2013.02.17.07
Downloaded database version: v2013.02.17.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82ba9030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82ba9c38, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff82ba9e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82ba9030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82b8cf18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff82b8e5d8, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe1d9c4a8, 0xffffffff82ba9030, 0xffffffff81e10898
Lower DeviceData: 0xffffffffe1d9c4c0, 0xffffffff82b8e5d8, 0xffffffff81eaa8a8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70ADA904

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 31503465

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31519530  Numsec = 163846935
    Partition file system is NTFS
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-195351568-195371568)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 401981440, free: 142073856

------------ Kernel report ------------
     02/19/2013 23:27:40
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\sisgrp.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\o2mmb.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\srvkp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\SiSGRV.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\hiber_WMILIB.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82ba9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82b8e5d8
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.18.01
Downloaded database version: v2013.02.18.02
Downloaded database version: v2013.02.18.03
Downloaded database version: v2013.02.18.04
Downloaded database version: v2013.02.18.05
Downloaded database version: v2013.02.18.06
Downloaded database version: v2013.02.18.07
Downloaded database version: v2013.02.18.08
Downloaded database version: v2013.02.18.09
Downloaded database version: v2013.02.18.10
Downloaded database version: v2013.02.18.11
Downloaded database version: v2013.02.19.01
Downloaded database version: v2013.02.19.02
Downloaded database version: v2013.02.19.03
Downloaded database version: v2013.02.19.04
Downloaded database version: v2013.02.19.05
Downloaded database version: v2013.02.19.06
Downloaded database version: v2013.02.19.07
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82ba9030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82ba9c38, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff82ba9e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82ba9030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82b8cf18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff82b8e5d8, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe17b63d8, 0xffffffff82ba9030, 0xffffffff81e21348
Lower DeviceData: 0xffffffffe1d5b890, 0xffffffff82b8e5d8, 0xffffffff81e5a228
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70ADA904

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 31503465

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31519530  Numsec = 163846935
    Partition file system is NTFS
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-195351568-195371568)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2736233$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
=======================================

 



Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.19.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Frank :: MOBILO [administrator]

20.02.2013 00:04:51
mbar-log-2013-02-20 (00-04-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 40414
Time elapsed: 36 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users