Home » Viren, Trojaner & Malware Forum » Trojaner: TR/Sirefef.BP » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3

Antworten

Trojaner: TR/Sirefef.BP

05.06.2012, 17:07

Kipcha

Member

Beiträge: 61

#1 Hallo liebe Protecus-Helfer,

auf meinem Windows 7 Laptop schleicht seit einiger Zeit ein Trojaner herum. Laut Avira ist es "TR/Sirefef.BP". Vor zwei Monaten hatte ich erste Probleme damit. Wenn ich auf einen Google-Link geklickt habe, wurde ich nicht weitergeleitet. Das Problem hat sich aber in Luft aufgelöst (ich weiß nicht mehr was ich dagegen getan habe) und Avira hatte danach auch keine Viren/Trojaner gefunden. Seit ein paar Tagen macht mit der gleiche Trojaner aber wieder Ärger. Wenn Avira die infizierten Dateien (fast über 30 Stück) in die Quarantäne schickt und ich den Laptop neustarte, bleibt der Anmeldebildschirm schwarz und man sieht nur die Maus, die man auch bewegen kann...Selbst im abgesicherten Modus.
Da half bei mir nur Systemwiederherstellung.
Ich hoffe ihr könnt mir helfen.

Code

OTL logfile created on: 05.06.2012 15:44:47 - Run 1
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Users\Lenovo\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 77,61% Memory free
5,87 Gb Paging File | 4,74 Gb Available in Paging File | 80,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 420,56 Gb Total Space | 282,75 Gb Free Space | 67,23% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,53 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-PC | User Name: Lenovo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.06.05 15:20:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lenovo\Desktop\OTL.exe
PRC - [2012.05.08 12:29:05 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 12:29:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 12:29:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 12:29:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.08.28 14:57:52 | 001,462,272 | ---- | M] ( ) -- C:\Program Files\Codebox\BitMeter\BitMeter2.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.06 10:23:42 | 003,122,440 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2009.09.29 18:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009.09.29 18:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009.08.12 10:09:32 | 000,683,576 | ---- | M] (Conexant Systems, Inc) -- C:\Program Files\CONEXANT\SAII\SmartAudio.exe
PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2009.06.04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.02.22 11:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.02.22 11:33:00 | 000,072,192 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.05.12 18:52:52 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9bfbf0613d3780e34d98333c7b381218\WindowsFormsIntegration.ni.dll
MOD - [2012.05.12 18:48:17 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012.05.12 18:46:21 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dab0ad2d0f5da372a4947d3a1c7c07a9\Microsoft.VisualBasic.ni.dll
MOD - [2012.05.12 09:17:06 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 09:16:21 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 09:15:57 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012.05.12 09:15:30 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.12 09:15:17 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.12 09:15:12 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012.05.12 09:14:58 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 09:14:50 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 09:14:45 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 09:14:44 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 09:14:11 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.01.06 10:23:41 | 001,410,312 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2010.01.06 10:23:41 | 000,492,808 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010.01.06 10:23:40 | 000,513,288 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2009.11.16 21:41:36 | 000,090,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2009.11.16 21:41:12 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2008.12.20 05:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.12.20 05:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\arrayssl_vpn_service3,0,1,9.dll -- (lbtserv)
SRV - [2012.05.08 12:29:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 12:29:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.05 08:38:04 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.04 23:03:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.20 14:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010.11.05 03:52:39 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\crystalaps.dll -- (zebrsce)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\epstnt01.dll -- (VICESYS)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ssm_mdm.dll -- (viairda)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\tng-doba.dll -- (tosrfhid)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\atirage3.dll -- (sis315)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\OEM02Dev.dll -- (sfdrv01)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\bjmcmng.dll -- (roxmediadb)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\VAIOMediaPlatform-PhotoServer-HTTP.dll -- (roxliveshare9)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\WDM_YAMAHAAC97.dll -- (ROCKEYNT)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Intels51.dll -- (risdptsk)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\afs2k.dll -- (rdpdr)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\symantecantibotshim.dll -- (pdlndoem)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\gmer.dll -- (ozoneinstallerservice)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\sonicatheaterinstallerservice.dll -- (oraclesnmppeerencapsulator)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ZSMC211.dll -- (odysseyIM4)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\USB28xxBGA.dll -- (NWSAP)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\DFUBTUSB.dll -- (nwlnkspx)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\se45obex.dll -- (nvax)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\pdlndint.dll -- (ntsecure)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\downloadmanagerlite.dll -- (mvwebserver)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\mssql$sony_mediamgr.dll -- (Mtlmnt5)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\trioservice.dll -- (lsdiorw)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\astcc.dll -- (iviVD)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\wmp54gssvc.dll -- (iSMBIOS)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSSdk23.dll -- (icraplus)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\SenFiltService.dll -- (hpn)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\sparrow.dll -- (ha10kx2k)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\dcomlaunch.dll -- (GBFSHook)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\truecrypt.dll -- (elnkservice)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\atdisk.dll -- (E1000)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\usnsvc.dll -- (cwafrmiregistry)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\vwlogger.dll -- (btwrchid)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\tunmp.dll -- (blueletscoaudio)
SRV - [2009.07.14 03:14:41 | 000,005,120 | ---- | M] () [Auto | Running] -- C:\Windows\System32\LHidUsbK.dll -- (bdpredir)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.11.25 00:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.25 00:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.02.22 11:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.05.08 12:29:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 12:29:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.07 16:14:55 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.02.07 16:14:55 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010.01.06 10:23:05 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009.06.26 00:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/|http://memebase.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "      http://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lenovo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lenovo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.04 23:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.11 17:25:54 | 000,000,000 | ---D | M]
 
[2010.10.07 20:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenovo\AppData\Roaming\mozilla\Extensions
[2012.05.05 07:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenovo\AppData\Roaming\mozilla\Firefox\Profiles\6fjxnv6w.default\extensions
[2011.12.22 00:48:08 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Lenovo\AppData\Roaming\mozilla\Firefox\Profiles\6fjxnv6w.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012.04.20 23:20:16 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Lenovo\AppData\Roaming\mozilla\Firefox\Profiles\6fjxnv6w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.12.22 00:48:34 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\Lenovo\AppData\Roaming\mozilla\Firefox\Profiles\6fjxnv6w.default\extensions\rikaichan-jpde@polarcloud.com
[2012.05.05 07:44:18 | 000,000,933 | ---- | M] () -- C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6fjxnv6w.default\searchplugins\11-suche.xml
[2012.05.05 07:44:17 | 000,002,419 | ---- | M] () -- C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6fjxnv6w.default\searchplugins\englische-ergebnisse.xml
[2012.05.05 07:44:18 | 000,010,525 | ---- | M] () -- C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6fjxnv6w.default\searchplugins\gmx-suche.xml
[2012.05.05 07:44:18 | 000,002,457 | ---- | M] () -- C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6fjxnv6w.default\searchplugins\lastminute.xml
[2012.05.05 07:44:17 | 000,005,508 | ---- | M] () -- C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6fjxnv6w.default\searchplugins\webde-suche.xml
[2012.03.18 11:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.04 22:08:36 | 000,022,956 | ---- | M] () (No name found) -- C:\USERS\LENOVO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FJXNV6W.DEFAULT\EXTENSIONS\{5B52016C-D097-4AEC-BE61-9F129D8FDDBA}.XPI
[2012.01.06 12:28:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\LENOVO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FJXNV6W.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.22 00:43:41 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\LENOVO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FJXNV6W.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.03.24 16:04:03 | 000,131,075 | ---- | M] () (No name found) -- C:\USERS\LENOVO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FJXNV6W.DEFAULT\EXTENSIONS\SOCIALFIXER@MATTKRUSE.COM.XPI
[2012.04.07 23:39:36 | 000,004,543 | ---- | M] () (No name found) -- C:\USERS\LENOVO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FJXNV6W.DEFAULT\EXTENSIONS\SUPPORT@FREE-HIDEIP.COM.XPI
[2012.05.04 23:03:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.10 11:55:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.17 13:38:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 13:38:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 13:38:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.30 00:47:48 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.02.17 13:38:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 13:38:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 13:38:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lenovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lenovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lenovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lenovo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AdBlock = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: Google Mail = C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309C0938-CB29-4840-AA7A-7830A3FFDD25}: NameServer = 141.2.22.74,141.2.149.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D13B50-7F09-4CAC-B9D8-AECE38CCC469}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28db7dbb-e60c-11e0-9b88-705ab64d7e8a}\Shell - "" = AutoRun
O33 - MountPoints2\{28db7dbb-e60c-11e0-9b88-705ab64d7e8a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f070cd1f-32e7-11e1-9ea6-705ab64d7e8a}\Shell - "" = AutoRun
O33 - MountPoints2\{f070cd1f-32e7-11e1-9ea6-705ab64d7e8a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f070cd35-32e7-11e1-9ea6-705ab64d7e8a}\Shell - "" = AutoRun
O33 - MountPoints2\{f070cd35-32e7-11e1-9ea6-705ab64d7e8a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: pwd_2K -  File not found
NetSvcs: megamonitorsrv -  File not found
NetSvcs: PNDIS5 -  File not found
NetSvcs: usbio -  File not found
NetSvcs: avgmfx86 -  File not found
NetSvcs: se58mgmt -  File not found
NetSvcs: backupexecalertserver -  File not found
NetSvcs: abp480n5 -  File not found
NetSvcs: mctaskmanager -  File not found
NetSvcs: filemon701 -  File not found
NetSvcs: mstdc -  File not found
NetSvcs: cd20xrnt -  File not found
NetSvcs: NPPTNT -  File not found
NetSvcs: zpjobq -  File not found
NetSvcs: AVCSTRM -  File not found
NetSvcs: webcompserver -  File not found
NetSvcs: fsdfwd -  File not found
NetSvcs: nmwcd -  File not found
NetSvcs: VAIOMediaPlatform-VideoServer-HTTP -  File not found
NetSvcs: lxbs_device -  File not found
NetSvcs: IWCA -  File not found
NetSvcs: W8335XP -  File not found
NetSvcs: hsf_msft -  File not found
NetSvcs: pdlndsdl -  File not found
NetSvcs: AVWLP_USB -  File not found
NetSvcs: Defrag32 -  File not found
NetSvcs: buslogic -  File not found
NetSvcs: mssql$microsoftbcm -  File not found
NetSvcs: mcpromgr -  File not found
NetSvcs: ndassvc -  File not found
NetSvcs: atimtag -  File not found
NetSvcs: dmio -  File not found
NetSvcs: dmisrv -  File not found
NetSvcs: rtport -  File not found
NetSvcs: winpppoverethernet -  File not found
NetSvcs: W700obex -  File not found
NetSvcs: db2governor -  File not found
NetSvcs: MA_CMIDI -  File not found
NetSvcs: hcwPP2 -  File not found
NetSvcs: nuvaud2 -  File not found
NetSvcs: pdlndqll -  File not found
NetSvcs: ossrv -  File not found
NetSvcs: kpfwsvc -  File not found
NetSvcs: hpdskflt -  File not found
NetSvcs: usbsermpt -  File not found
NetSvcs: enethusb -  File not found
NetSvcs: sonicwall_netextender -  File not found
NetSvcs: NWSIPX32 -  File not found
NetSvcs: nlsvc - C:\Windows\System32\wbem\nlsvc.mof ()
NetSvcs: VX1000 -  File not found
NetSvcs: ctac32k -  File not found
NetSvcs: TUWinStylerThemeSvc -  File not found
NetSvcs: dsunidrv -  File not found
NetSvcs: vncdrv -  File not found
NetSvcs: pensup -  File not found
NetSvcs: tvtpktfilter -  File not found
NetSvcs: MR97310_USB_DUAL_CAMERA -  File not found
NetSvcs: mhndrv -  File not found
NetSvcs: SbcpHid -  File not found
NetSvcs: radiosvr -  File not found
NetSvcs: aec -  File not found
NetSvcs: spmgr -  File not found
NetSvcs: ireike -  File not found
NetSvcs: {e2b953a6-195a-44f9-9ba3-3d5f4e32bb55} -  File not found
NetSvcs: SymIMMP -  File not found
NetSvcs: hcmon -  File not found
NetSvcs: iksysflt -  File not found
NetSvcs: IntelC51 -  File not found
NetSvcs: useraccess7 -  File not found
NetSvcs: mqdmbus -  File not found
NetSvcs: sp_clamsrv -  File not found
NetSvcs: RMSvc -  File not found
NetSvcs: nwlnkflt -  File not found
NetSvcs: PhilCam8116 -  File not found
NetSvcs: ScanUSBEMPIA -  File not found
NetSvcs: rt2870 -  File not found
NetSvcs: nim32 -  File not found
NetSvcs: DCamUSBGrandTek -  File not found
NetSvcs: interactivelogon -  File not found
NetSvcs: citrixwmiservice -  File not found
NetSvcs: nhcDriverDevice -  File not found
NetSvcs: sysaudio -  File not found
NetSvcs: winmtsrv -  File not found
NetSvcs: regservice -  File not found
NetSvcs: raysatxsi5_0server -  File not found
NetSvcs: papycpu2 -  File not found
NetSvcs: DELL_A02 -  File not found
NetSvcs: sfusvc -  File not found
NetSvcs: nvnforce -  File not found
NetSvcs: sdbus - C:\Windows\System32\wbem\sdbus.mof ()
NetSvcs: SISNICXP -  File not found
NetSvcs: cwcpsvc20 -  File not found
NetSvcs: acs -  File not found
NetSvcs: TryAndDecideService -  File not found
NetSvcs: lxcc_device -  File not found
NetSvcs: clientservice -  File not found
NetSvcs: cfsvcs -  File not found
NetSvcs: mnmsrvc -  File not found
NetSvcs: p1131vid -  File not found
NetSvcs: hpqcxs08 -  File not found
NetSvcs: zebrmdfl -  File not found
NetSvcs: belgium_id_card_service -  File not found
NetSvcs: w810bus -  File not found
NetSvcs: nidomainservice -  File not found
NetSvcs: TNaviSrv -  File not found
NetSvcs: adobeactivefilemonitor4.0 -  File not found
NetSvcs: UPATC -  File not found
NetSvcs: kmixer -  File not found
NetSvcs: USBModem -  File not found
NetSvcs: uiusys -  File not found
NetSvcs: sdcoreservice -  File not found
NetSvcs: msi_wlan_service -  File not found
NetSvcs: symc8xx -  File not found
NetSvcs: zebrsce - C:\Windows\System32\crystalaps.dll ()
NetSvcs: sis315 - C:\Windows\System32\atirage3.dll ()
NetSvcs: nwlnkspx - C:\Windows\System32\DFUBTUSB.dll ()
NetSvcs: ntsecure - C:\Windows\System32\pdlndint.dll ()
NetSvcs: oraclesnmppeerencapsulator - C:\Windows\System32\sonicatheaterinstallerservice.dll ()
NetSvcs: arrayssl_vpn_service3 -  File not found
NetSvcs: 0 -  File not found
NetSvcs: 1 -  File not found
NetSvcs: 9 -  File not found
NetSvcs: ha10kx2k - C:\Windows\System32\sparrow.dll ()
NetSvcs: mvwebserver - C:\Windows\System32\downloadmanagerlite.dll ()
NetSvcs: tosrfhid - C:\Windows\System32\tng-doba.dll ()
NetSvcs: rdpdr - C:\Windows\System32\afs2k.dll ()
NetSvcs: nvax - C:\Windows\System32\se45obex.dll ()
NetSvcs: AdobeActiveFileMonitor6.0 -  File not found
NetSvcs: lsdiorw - C:\Windows\System32\trioservice.dll ()
NetSvcs: ccevtmgr -  File not found
NetSvcs: roxliveshare9 - C:\Windows\System32\VAIOMediaPlatform-PhotoServer-HTTP.dll ()
NetSvcs: sfdrv01 - C:\Windows\System32\OEM02Dev.dll ()
NetSvcs: bdpredir - C:\Windows\System32\LHidUsbK.dll ()
NetSvcs: icraplus - C:\Windows\System32\PSSdk23.dll ()
NetSvcs: iSMBIOS - C:\Windows\System32\wmp54gssvc.dll ()
NetSvcs: elnkservice - C:\Windows\System32\truecrypt.dll ()
NetSvcs: btwrchid - C:\Windows\System32\vwlogger.dll ()
NetSvcs: odysseyIM4 - C:\Windows\System32\ZSMC211.dll ()
NetSvcs: blueletscoaudio - C:\Windows\System32\tunmp.dll ()
NetSvcs: iviVD - C:\Windows\System32\astcc.dll ()
NetSvcs: roxmediadb - C:\Windows\System32\bjmcmng.dll ()
NetSvcs: ozoneinstallerservice - C:\Windows\System32\gmer.dll ()
NetSvcs: hpn - C:\Windows\System32\SenFiltService.dll ()
NetSvcs: pdlndoem - C:\Windows\System32\symantecantibotshim.dll ()
NetSvcs: risdptsk - C:\Windows\System32\Intels51.dll ()
NetSvcs: Mtlmnt5 - C:\Windows\System32\mssql$sony_mediamgr.dll ()
NetSvcs: viairda - C:\Windows\System32\ssm_mdm.dll ()
NetSvcs: cwafrmiregistry - C:\Windows\System32\usnsvc.dll ()
NetSvcs: VICESYS - C:\Windows\System32\epstnt01.dll ()
NetSvcs: NWSAP - C:\Windows\System32\USB28xxBGA.dll ()
NetSvcs: GBFSHook - C:\Windows\System32\dcomlaunch.dll ()
NetSvcs: ROCKEYNT - C:\Windows\System32\WDM_YAMAHAAC97.dll ()
NetSvcs: sbcssvc -  File not found
NetSvcs: asc -  File not found
NetSvcs: PXRDDriver -  File not found
NetSvcs: Epiusb -  File not found
NetSvcs: VMAUDIO -  File not found
NetSvcs: k56 -  File not found
NetSvcs: TMHIDSRV -  File not found
NetSvcs: RR2Ctrl -  File not found
NetSvcs: amon -  File not found
NetSvcs: networkx -  File not found
NetSvcs: eaps2kbd -  File not found
NetSvcs: agnfilt -  File not found
NetSvcs: portmapper -  File not found
NetSvcs: DCFS2K -  File not found
NetSvcs: s716obex -  File not found
NetSvcs: mqdmserd -  File not found
NetSvcs: ASUSVRC -  File not found
NetSvcs: w810mdm -  File not found
NetSvcs: SrvcEPECioctl -  File not found
NetSvcs: ZSMC301b -  File not found
NetSvcs: hclinetd -  File not found
NetSvcs: ROB_V -  File not found
NetSvcs: MpFilter -  File not found
NetSvcs: mpfp -  File not found
NetSvcs: tappsrv -  File not found
NetSvcs: EQDRV5 -  File not found
NetSvcs: nocashio -  File not found
NetSvcs: mlkkbdntdriver -  File not found
NetSvcs: https-nassry -  File not found
NetSvcs: se44nd5 -  File not found
NetSvcs: SNP2STD -  File not found
NetSvcs: lilsgt -  File not found
NetSvcs: epsonbidirectionalservice -  File not found
NetSvcs: tunnelguardservice -  File not found
NetSvcs: procexp90 -  File not found
NetSvcs: RivaTuner32 -  File not found
NetSvcs: mcafeeframework -  File not found
NetSvcs: dmserver -  File not found
NetSvcs: dlbx_device -  File not found
NetSvcs: wmccdsls -  File not found
NetSvcs: SNP2UVC -  File not found
NetSvcs: s125bus -  File not found
NetSvcs: ofcservice -  File not found
NetSvcs: dtsrvc -  File not found
NetSvcs: ichaud -  File not found
NetSvcs: LKbdFlt2 -  File not found
NetSvcs: GTWModem -  File not found
NetSvcs: rca -  File not found
NetSvcs: rampartsvc -  File not found
NetSvcs: aswrdr -  File not found
NetSvcs: httpfilter -  File not found
NetSvcs: tlntsvr -  File not found
NetSvcs: wintabservice -  File not found
NetSvcs: atiavpci -  File not found
NetSvcs: SE2Cmdm -  File not found
NetSvcs: appmgmt -  File not found
NetSvcs: ELmon -  File not found
NetSvcs: mbmiodrvr -  File not found
NetSvcs: armoucfltr -  File not found
NetSvcs: FTDIBUS -  File not found
NetSvcs: downloadmanagerlite - C:\windows\System32\downloadmanagerlite.dll ()
NetSvcs: FETNDISB -  File not found
NetSvcs: GBDevice -  File not found
NetSvcs: fireport -  File not found
NetSvcs: carboncopyscheduler -  File not found
NetSvcs: lxda_device -  File not found
NetSvcs: avcgbfl -  File not found
NetSvcs: wusb54gv2svc -  File not found
NetSvcs: tnbrlds -  File not found
NetSvcs: E1000 - C:\Windows\System32\atdisk.dll ()
NetSvcs: netw4x32 -  File not found
NetSvcs: mediamaxxlservice -  File not found
NetSvcs: easdrv -  File not found
NetSvcs: digictrl -  File not found
NetSvcs: DC21x4 -  File not found
NetSvcs: mferkdk -  File not found
NetSvcs: atinevxx -  File not found
NetSvcs: savscan -  File not found
NetSvcs: aswupdsv -  File not found
NetSvcs: aspi32 -  File not found
NetSvcs: tsmservice -  File not found
NetSvcs: RIOUNIV -  File not found
NetSvcs: SE26mdm -  File not found
NetSvcs: BrScnUsb -  File not found
NetSvcs: SE27bus -  File not found
NetSvcs: zd1211u(zydas) -  File not found
NetSvcs: dbmanagerscheduler -  File not found
NetSvcs: alertservice -  File not found
NetSvcs: imaservice -  File not found
NetSvcs: smbios -  File not found
NetSvcs: pdreli -  File not found
NetSvcs: Bcim -  File not found
NetSvcs: tphkdrv -  File not found
NetSvcs: VX3000 -  File not found
NetSvcs: dmboot -  File not found
NetSvcs: penrendezvous -  File not found
NetSvcs: lbtserv - %systemroot%\system32\arrayssl_vpn_service3,0,1,9.dll File not found
NetSvcs: usbscan -  File not found
NetSvcs: adsexpb -  File not found
NetSvcs: SE2Dmgmt -  File not found
NetSvcs: EagleNT -  File not found
NetSvcs: k750bus -  File not found
NetSvcs: USRpdA -  File not found
NetSvcs: smtpd32 -  File not found
NetSvcs: aawservice -  File not found
NetSvcs: pserve -  File not found
NetSvcs: de_serv -  File not found
NetSvcs: stac97 -  File not found
NetSvcs: SE2Dmdfl -  File not found
NetSvcs: UpdateCenterService -  File not found
NetSvcs: rtl8023 -  File not found
NetSvcs: TICalc -  File not found
NetSvcs: lxdmCATSCustConnectService -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.06.05 15:20:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lenovo\Desktop\OTL.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.06.05 15:38:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.06.05 15:36:06 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.05 15:36:06 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.05 15:20:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lenovo\Desktop\OTL.exe
[2012.06.05 15:09:02 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1989474913-106441546-910237228-1003UA.job
[2012.06.05 14:55:59 | 000,700,874 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.06.05 14:55:59 | 000,662,716 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.06.05 14:55:59 | 000,147,528 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.06.05 14:55:59 | 000,123,910 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.06.05 14:52:02 | 000,000,437 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2012.06.05 14:51:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.06.05 14:51:35 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.04 23:09:00 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1989474913-106441546-910237228-1003Core.job
[2012.05.26 21:25:14 | 228,519,201 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.05.24 23:09:55 | 000,002,403 | ---- | M] () -- C:\Users\Lenovo\Desktop\Google Chrome.lnk
[2012.05.12 09:13:03 | 000,447,528 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.05.08 12:29:05 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.05.08 12:29:05 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.05.26 08:39:00 | 1467,920,384 | ---- | C] () -- C:\Users\Lenovo\Desktop\El Dorado.avi
[2012.03.05 21:00:07 | 000,022,032 | ---- | C] () -- C:\windows\DCEBoot.exe
[2012.03.05 20:59:21 | 000,519,277 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\census.cache
[2012.03.05 20:58:54 | 000,134,494 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\ars.cache
[2012.03.05 18:30:35 | 000,000,036 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\housecall.guid.cache
[2011.08.13 13:40:07 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2011.06.12 22:26:33 | 000,003,584 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.31 21:56:29 | 000,000,056 | ---- | C] () -- C:\windows\yojijukugo.ini
[2011.05.31 21:56:29 | 000,000,000 | ---- | C] () -- C:\windows\FSaver.ini
[2010.10.19 20:06:17 | 000,001,081 | ---- | C] () -- C:\windows\disney.ini
[2010.10.13 19:13:00 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.12.18 21:45:52 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\.anki
[2011.06.15 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Bitmeter2
[2012.04.04 01:32:04 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Canneverbe Limited
[2011.11.30 22:47:50 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\DAEMON Tools Pro
[2010.10.06 10:10:22 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\EasyCapture
[2012.04.07 23:39:22 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\FreeHideIP
[2011.07.13 21:43:03 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\GetRightToGo
[2011.09.22 16:49:37 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\gtk-2.0
[2011.12.17 12:58:55 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\ICQ
[2011.03.20 13:45:45 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\ImageBlizzard.com
[2011.01.27 00:17:52 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\Local
[2010.10.17 18:10:01 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\NetSpeedMonitor
[2010.10.29 18:44:04 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\OpenOffice.org
[2012.02.11 15:03:26 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\QuickScan
[2011.01.21 18:11:33 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\ScummVM
[2011.12.30 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\Lenovo\AppData\Roaming\T-Mobile
[2012.04.08 09:58:07 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2012.05.25 03:29:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.28 22:20:43 | 000,000,000 | ---D | M] -- C:\ANNO1602
[2012.04.07 23:35:18 | 000,000,000 | ---D | M] -- C:\CCProxy
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.04.12 18:40:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.12 20:19:40 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.03.21 18:47:42 | 000,000,000 | ---D | M] -- C:\Games
[2009.11.16 14:01:07 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.05.04 23:03:51 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.06.03 13:18:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.04.12 18:40:03 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.12 18:40:03 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.06.05 15:50:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.25 11:15:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.06.05 18:30:20 | 000,000,000 | ---D | M] -- C:\Windows
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-05 06:39:51
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011.05.09 19:30:26 | 000,000,000 | ---D | M](C:\Users\Lenovo\??) -- C:\Users\Lenovo\懈怠
(C:\Users\Lenovo\??) -- C:\Users\Lenovo\懈怠
 
[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\windows\$NtUninstallKB60859$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Code

OTL Extras logfile created on: 05.06.2012 15:44:47 - Run 1
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Users\Lenovo\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 77,61% Memory free
5,87 Gb Paging File | 4,74 Gb Available in Paging File | 80,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 420,56 Gb Total Space | 282,75 Gb Free Space | 67,23% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,53 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-PC | User Name: Lenovo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E10EA9-C4EF-4678-96E6-5B4B079A72D7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{21FF2E45-2B4F-4F18-9F9A-0702E4EF6E5B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{292E3FB8-A635-4C39-A0F0-11AC154789D8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3D4E7690-5BC3-4A19-8AE2-C20302E52291}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3F713E81-38A2-4C92-9B76-90DF388BD357}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{461766DF-4BFB-422A-ABF4-62C7146D0888}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4E7A3AC4-CBAC-4F0D-90CF-253E7718DEC0}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{4F8FEC65-484F-4E8E-931D-3E2898450BFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{517003DB-B228-4E45-98E3-35FECAB305BD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{582525B7-EEC8-4D9A-A205-C2649DD56D9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{608331EB-7272-498D-9039-265A7AD3D0F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{67DF117E-482D-4428-9E13-EECB6D861121}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6A7DDEB9-9CDE-4B32-8207-2DA39FFD1A55}" = rport=139 | protocol=6 | dir=out | app=system | 
"{72C014A2-03AD-47DD-A279-F69393AC6D04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7B59F6DE-9BD4-4FE0-A0F7-40259052DB72}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{81E7CDB9-F8A3-4BEF-A00F-E2681EDFFFBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8EEE00DB-4FCD-456B-AAB1-67F2E838E951}" = lport=445 | protocol=6 | dir=in | app=system | 
"{907CC837-BCBC-416B-BB1F-489348AE7029}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9B309409-7362-4ADA-8208-0CD2E37518D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F7FF834-5FD4-4BD8-9DE7-E49B35B33D11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A0C55EE1-057C-43A8-A807-4BEC53E29508}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A6F99D1E-E1CD-46CB-9D2B-CE34B1F2E1A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AC009EE8-CC8C-430C-A537-BD4B74FECFEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B1AF8D47-6140-4417-9F5B-16B0257378BB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CE2404B6-9AE3-444E-BE85-2354F542A095}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3B253B5-3FC3-419D-B3D2-8BD70686D68F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D6D6326A-EBCA-4ECC-9895-B778DDA28F96}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DDDC1A24-CDA8-4054-9082-A4C59AB17E2E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E7455A21-3D47-431D-B812-CBA5F60E7475}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F97774F5-4B09-404A-B2FD-023597DD111A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB81218A-CB72-48FA-B6FF-A29F0D9A8651}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FC769290-FADB-49D9-A19A-1FDB4B8C733F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FCE24FBC-8015-4F08-9441-D3C25208758A}" = rport=138 | protocol=17 | dir=out | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E3C556-6E38-4C70-84A5-44BF8D41857C}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{023790AE-5BC7-4F11-80DC-6B2FD867B63B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{07FBEB55-9157-47E7-9728-6FFE8D592CA2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{08F8AE26-BC14-4981-A85B-34C171E25D8E}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{14E10A7B-5A45-4C02-AD6D-DD9CD1D51C1C}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{197F4A9A-E999-47ED-B727-E4F14EAB3FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{20E12A1E-07AB-4AC4-A780-64F58444D3C3}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{24BB81D2-E14A-4397-97D0-EA1075FC7083}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{27C932DC-73B2-4CAB-9F63-4E223E265C7F}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | 
"{324EADB9-923A-43B4-80D2-2A38477AEE1E}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{356E6129-E60C-4BB7-B5FD-35738C1EEAE8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{53701A2C-ABFD-4E89-B8D4-20375488F3E0}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe | 
"{5E7703BF-B434-4D39-B55E-8AF98F22239A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62A5E763-812A-43C2-91D3-1A816D25679E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6D4E6F03-8CDD-41A5-ADD5-C27D5020E031}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{784EE3B3-BD44-4982-AF9E-62B5EE8D8B05}" = dir=out | app=c:\windows\system32\igrssvcs.exe | 
"{7F34DA30-8270-4CDA-B0DF-3D8F5A9BE9A3}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{8104F7E0-B996-4CA6-9984-27EFFAB6227F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{86566B6D-D01C-4A27-8020-2D22845228BD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{8B5733E1-31FC-4174-9375-936203723049}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{8F0B46C4-59F6-458A-8BDA-200D3B1970C1}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{9B2FCED1-47CF-4800-BCD4-F8D8E3006E90}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{9D109E07-6953-490D-81C9-C51B9782ADCF}" = dir=in | app=c:\windows\system32\igrssvcs.exe | 
"{9FA8C125-62F3-461F-B37D-55072E81E498}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A1BDB91C-616A-4D7C-B1A0-5D98AFEDFCED}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{A421DCE8-7054-46C0-A152-883FC136F734}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B1E7CF08-EFBE-4515-8005-A4C3D6942EAF}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{B4FC8310-9D1C-445C-B05A-F744CB58292F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB790A4E-9816-41AC-A70F-E304FC887AEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3560B23-1DFE-4FB7-9CDF-191E554E9C0F}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{D75C2B9A-2AB1-4ED6-997E-F7343253AF8B}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{E61B26AB-2988-45DD-90C5-C76977DA7417}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EDF83732-F03F-490E-9081-8BA1A0174BBB}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{F0958908-258C-407B-A772-D95025674DC4}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{F0C71A2D-2F26-4C8E-B948-128D61B09A9F}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{FCA0F165-2AF2-4484-87AE-5E485A32966C}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"TCP Query User{08640E77-4F45-41B6-B8BF-4516B6E327A9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{24ACF8F7-F404-45BB-BA4F-1119EB90CE3E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{31B75A2F-840F-4816-8ECF-D84D15D2C23F}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"TCP Query User{59E4960B-341C-40AE-9AC4-C3657E1929C4}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe | 
"TCP Query User{6E9B19E3-99AE-4E7B-BCE2-81D763AD863C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A70BAA45-32FC-4589-8A53-C4F88EC14896}C:\ccproxy\ccproxy.exe" = protocol=6 | dir=in | app=c:\ccproxy\ccproxy.exe | 
"TCP Query User{CC032B0F-4270-4D67-94D5-BE02FE7FEB2E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D3F14A45-D14A-483E-8EF9-3E1289691FB8}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{EF0E30AA-4054-4EDB-9A70-C6DF49B07A9C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{05EE3A54-9FC5-4000-AB38-9E5C3922F372}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{07E9E74F-1A85-4227-90D8-3EA571340140}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1729C9B0-6934-4E6A-94E5-406F86885DFC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{63B387E4-16C8-45C6-9939-E381A04EAE7C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{973105FA-3624-4BFF-B6C1-2E3364CC4773}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{A137985C-223B-44AD-A461-AB3CE376A3F2}C:\ccproxy\ccproxy.exe" = protocol=17 | dir=in | app=c:\ccproxy\ccproxy.exe | 
"UDP Query User{DD075856-EEE2-4427-925F-0610F9EDD33C}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe | 
"UDP Query User{DF743713-955A-46CA-BB53-90CE291BDC49}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"UDP Query User{FFB41DC6-0AAF-42D7-9945-36F95D2BE51A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{77C71BFE-2598-4DB5-8F7C-0CF81A16DA40}" = ArcSoft MediaImpression
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Anki" = Anki
"ANNO1602" = Anno 1602
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitMeter" = BitMeter
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EasyCapture4.0" = EasyCapture
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor for Windows" = PC-Doctor für Windows
"PROHYBRIDR" = 2007 Microsoft Office system
"ScummVM_is1" = ScummVM 1.2.1
"TarzanAG Demo" = Disneys Tarzan Action Spiel Demo
"Theme Park World" = Theme Park World
"TVWiz" = Intel(R) TV Wizard
"Update Service" = Sony Ericsson Update Service
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.4
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 21.01.2012 07:46:43 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 21.01.2012 08:06:09 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 21.01.2012 08:06:11 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 24.01.2012 10:38:53 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.01.2012 10:39:03 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 24.01.2012 10:40:39 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 27.01.2012 15:01:51 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.01.2012 15:02:00 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 31.01.2012 03:30:28 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 31.01.2012 03:30:41 | Computer Name = Lenovo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
[ System Events ]
Error - 05.06.2012 08:51:48 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Nchssvad" wurde mit folgendem Fehler beendet:   %%2
 
Error - 05.06.2012 08:51:48 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Netrcacm" wurde mit folgendem Fehler beendet:   %%2
 
Error - 05.06.2012 08:51:48 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Proxyserverservice" wurde mit folgendem Fehler beendet:
   %%193
 
Error - 05.06.2012 08:51:48 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
 abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 05.06.2012 08:51:49 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Symwsc" wurde mit folgendem Fehler beendet:   %%2
 
Error - 05.06.2012 08:51:49 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Invoker" wurde mit folgendem Fehler beendet:   %%2
 
Error - 05.06.2012 08:51:49 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "M3AD" wurde mit folgendem Fehler beendet:   %%2
 
Error - 05.06.2012 08:51:49 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Freesshdservice" wurde mit folgendem Fehler beendet:   %%2
 
Error - 05.06.2012 08:51:49 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Elockservice" wurde mit folgendem Fehler beendet:   %%2
 
Error - 05.06.2012 08:51:49 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Omniserv" wurde mit folgendem Fehler beendet:   %%2
 
 
< End of report >

Code

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-05 16:46:06
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: khgbpgj3.exe; Driver: C:\Users\Lenovo\AppData\Local\Temp\pxdirpog.sys


---- System - GMER 1.0.15 ----

SSDT            90648FC6                                                                                         ZwCreateSection
SSDT            90648FD0                                                                                         ZwRequestWaitReplyPort
SSDT            90648FCB                                                                                         ZwSetContextThread
SSDT            90648FD5                                                                                         ZwSetSecurityObject
SSDT            90648FDA                                                                                         ZwSystemDebugControl
SSDT            90648F67                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C753C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82CAED52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82CB5EAC 4 Bytes  [C6, 8F, 64, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82CB6208 4 Bytes  [D0, 8F, 64, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82CB624C 4 Bytes  [CB, 8F, 64, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              82CB62C8 4 Bytes  [D5, 8F, 64, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              82CB631C 4 Bytes  [DA, 8F, 64, 90]
.text           ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)  

---- Files - GMER 1.0.15 ----

File            C:\Windows\$NtUninstallKB60859$\2914435058                                                       0 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\@                                                     2048 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\L                                                     0 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\L\xadqgnnk                                            108544 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\loader.tlb                                            2632 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U                                                     0 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U\@00000001                                           45968 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U\@000000c0                                           2560 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U\@000000cb                                           3072 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U\@000000cf                                           1536 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U\@80000000                                           73216 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U\@800000c0                                           43520 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U\@800000cb                                           25600 bytes
File            C:\Windows\$NtUninstallKB60859$\2914435058\U\@800000cf                                           31232 bytes
File            C:\Windows\$NtUninstallKB60859$\825022382                                                        0 bytes

---- EOF - GMER 1.0.15 ----

05.06.2012, 20:27

Swisstreasure

Moderator

Beiträge: 5694

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
• Schließe alle laufenden Programme.
• Trenne dich von Internet.
• Deaktiviere deine AntiViren Software.
• Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Drücke auf Start scan.
Mache während dem Scan nichts am Rechner

• Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
• Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.

• Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
• Bitte poste mir den Inhalt hier in deinen Thread.

Bebilderte Anleitung zur Benutzung von TDSSKiller.

05.06.2012, 20:54

Kipcha

Member

Themenstarter

Beiträge: 61

#3 Danke, dass du mir hilfst.

Aber es gibt schon das erste Hiindernis:

Zitat

• Wurde etwas gefunden werden die Funde in Scan results (bei mir: Threads detected)- Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.

Unter den drei Auswahlmöglichkeiten gibt es nur "Skip", "Copy to Quarantine" und "Delete". (bei high risk ist immer "delete" ausgewählt und bei medium risk "skip")
In einer Leiste über den Funden steht "Copy all to quarantine" und "restore default actions"

Dieser Beitrag wurde am 05.06.2012 um 21:32 Uhr von Kipcha editiert.

05.06.2012, 21:30

Swisstreasure

Moderator

Beiträge: 5694

#4 Copy all to quarantine

05.06.2012, 21:42

Kipcha

Member

Themenstarter

Beiträge: 61

Code

21:36:08.0920 3476    TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
21:36:08.0936 3476    ============================================================
21:36:08.0936 3476    Current date / time: 2012/06/05 21:36:08.0936
21:36:08.0936 3476    SystemInfo:
21:36:08.0936 3476    
21:36:08.0936 3476    OS Version: 6.1.7601 ServicePack: 1.0
21:36:08.0936 3476    Product type: Workstation
21:36:08.0936 3476    ComputerName: LENOVO-PC
21:36:08.0936 3476    UserName: Lenovo
21:36:08.0936 3476    Windows directory: C:\windows
21:36:08.0936 3476    System windows directory: C:\windows
21:36:08.0936 3476    Processor architecture: Intel x86
21:36:08.0936 3476    Number of processors: 2
21:36:08.0936 3476    Page size: 0x1000
21:36:08.0936 3476    Boot type: Normal boot
21:36:08.0936 3476    ============================================================
21:36:10.0870 3476    Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:36:10.0870 3476    ============================================================
21:36:10.0870 3476    \Device\Harddisk0\DR0:
21:36:10.0870 3476    MBR partitions:
21:36:10.0870 3476    \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
21:36:10.0870 3476    \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34920980
21:36:10.0902 3476    \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34985980, BlocksNum 0x3C7E000
21:36:10.0902 3476    ============================================================
21:36:10.0948 3476    C: <-> \Device\Harddisk0\DR0\Partition1
21:36:10.0980 3476    D: <-> \Device\Harddisk0\DR0\Partition2
21:36:10.0980 3476    ============================================================
21:36:10.0980 3476    Initialize success
21:36:10.0980 3476    ============================================================
21:36:22.0882 1732    ============================================================
21:36:22.0882 1732    Scan started
21:36:22.0882 1732    Mode: Manual; 
21:36:22.0882 1732    ============================================================
21:36:23.0694 1732    1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
21:36:23.0709 1732    1394ohci - ok
21:36:23.0834 1732    ACDaemon        (288069f15e1c7498a5e7a2fbe2e8a70a) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:36:23.0834 1732    ACDaemon - ok
21:36:23.0896 1732    ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
21:36:23.0912 1732    ACPI - ok
21:36:23.0959 1732    AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
21:36:23.0959 1732    AcpiPmi - ok
21:36:24.0006 1732    ACPIVPC         (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys
21:36:24.0006 1732    ACPIVPC - ok
21:36:24.0130 1732    AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:36:24.0130 1732    AdobeARMservice - ok
21:36:24.0271 1732    AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:24.0333 1732    AdobeFlashPlayerUpdateSvc - ok
21:36:24.0427 1732    adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:36:24.0442 1732    adp94xx - ok
21:36:24.0505 1732    adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:36:24.0520 1732    adpahci - ok
21:36:24.0583 1732    adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:36:24.0598 1732    adpu320 - ok
21:36:24.0645 1732    AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:36:24.0645 1732    AeLookupSvc - ok
21:36:24.0708 1732    Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\windows\system32\drivers\Afc.sys
21:36:24.0708 1732    Afc - ok
21:36:24.0786 1732    AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
21:36:24.0817 1732    AFD - ok
21:36:24.0864 1732    agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
21:36:24.0864 1732    agp440 - ok
21:36:24.0910 1732    aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:36:24.0926 1732    aic78xx - ok
21:36:24.0973 1732    ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:36:24.0973 1732    ALG - ok
21:36:25.0020 1732    aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
21:36:25.0020 1732    aliide - ok
21:36:25.0051 1732    amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
21:36:25.0066 1732    amdagp - ok
21:36:25.0082 1732    amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
21:36:25.0082 1732    amdide - ok
21:36:25.0144 1732    AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:36:25.0144 1732    AmdK8 - ok
21:36:25.0160 1732    AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:36:25.0160 1732    AmdPPM - ok
21:36:25.0222 1732    amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
21:36:25.0222 1732    amdsata - ok
21:36:25.0285 1732    amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:36:25.0300 1732    amdsbs - ok
21:36:25.0347 1732    amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
21:36:25.0347 1732    amdxata - ok
21:36:25.0472 1732    AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:36:25.0472 1732    AntiVirSchedulerService - ok
21:36:25.0550 1732    AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:36:25.0550 1732    AntiVirService - ok
21:36:25.0628 1732    ApfiltrService  (fd6d4bc1cf7d1fec5a17588007ecafb5) C:\windows\system32\DRIVERS\Apfiltr.sys
21:36:25.0628 1732    ApfiltrService - ok
21:36:25.0675 1732    AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
21:36:25.0675 1732    AppID - ok
21:36:25.0722 1732    AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:36:25.0737 1732    AppIDSvc - ok
21:36:25.0800 1732    Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
21:36:25.0800 1732    Appinfo - ok
21:36:25.0846 1732    arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:36:25.0846 1732    arc - ok
21:36:25.0893 1732    arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:36:25.0893 1732    arcsas - ok
21:36:25.0956 1732    AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:36:25.0956 1732    AsyncMac - ok
21:36:26.0034 1732    atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
21:36:26.0034 1732    atapi - ok
21:36:26.0112 1732    AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:36:26.0143 1732    AudioEndpointBuilder - ok
21:36:26.0158 1732    Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:36:26.0174 1732    Audiosrv - ok
21:36:26.0268 1732    avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
21:36:26.0268 1732    avgntflt - ok
21:36:26.0346 1732    avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
21:36:26.0346 1732    avipbb - ok
21:36:26.0408 1732    avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
21:36:26.0408 1732    avkmgr - ok
21:36:26.0486 1732    AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
21:36:26.0486 1732    AxInstSV - ok
21:36:26.0564 1732    b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:36:26.0611 1732    b06bdrv - ok
21:36:26.0673 1732    b57nd60x        (6f41a4c5745bb99f89406f57164f099e) C:\windows\system32\DRIVERS\b57nd60x.sys
21:36:26.0673 1732    b57nd60x - ok
21:36:26.0892 1732    BCM43XX         (f9ce9b5e049efc66b8e6c73c18ee8438) C:\windows\system32\DRIVERS\bcmwl6.sys
21:36:26.0923 1732    BCM43XX - ok
21:36:27.0016 1732    BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:36:27.0016 1732    BcmSqlStartupSvc - ok
21:36:27.0172 1732    BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:36:27.0172 1732    BDESVC - ok
21:36:27.0250 1732    bdpredir        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\LHidUsbK.dll
21:36:27.0250 1732    bdpredir ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:27.0250 1732    bdpredir - detected Backdoor.Multi.ZAccess.gen (0)
21:36:27.0344 1732    Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:36:27.0344 1732    Beep - ok
21:36:27.0438 1732    BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
21:36:27.0453 1732    BFE - ok
21:36:27.0547 1732    BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
21:36:27.0594 1732    BITS - ok
21:36:27.0640 1732    blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:36:27.0640 1732    blbdrive - ok
21:36:27.0687 1732    blueletscoaudio (41ae9954eb2b9893242aa82980e66a4e) C:\windows\system32\tunmp.dll
21:36:27.0703 1732    Suspicious file (Forged): C:\windows\system32\tunmp.dll. Real md5: 41ae9954eb2b9893242aa82980e66a4e, Fake md5: 32ca18808933aa12e979375d07048a11
21:36:27.0703 1732    blueletscoaudio ( ForgedFile.Multi.Generic ) - warning
21:36:27.0703 1732    blueletscoaudio - detected ForgedFile.Multi.Generic (1)
21:36:27.0750 1732    bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
21:36:27.0750 1732    bowser - ok
21:36:27.0765 1732    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:36:27.0765 1732    BrFiltLo - ok
21:36:27.0781 1732    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:36:27.0781 1732    BrFiltUp - ok
21:36:27.0843 1732    Bridge0         (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys
21:36:27.0859 1732    Bridge0 - ok
21:36:27.0890 1732    Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
21:36:27.0890 1732    Browser - ok
21:36:27.0952 1732    Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:36:27.0984 1732    Brserid - ok
21:36:28.0030 1732    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:36:28.0030 1732    BrSerWdm - ok
21:36:28.0046 1732    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:36:28.0046 1732    BrUsbMdm - ok
21:36:28.0062 1732    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:36:28.0062 1732    BrUsbSer - ok
21:36:28.0140 1732    BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
21:36:28.0140 1732    BthEnum - ok
21:36:28.0155 1732    BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:36:28.0155 1732    BTHMODEM - ok
21:36:28.0186 1732    BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
21:36:28.0186 1732    BthPan - ok
21:36:28.0249 1732    BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
21:36:28.0280 1732    BTHPORT - ok
21:36:28.0342 1732    bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:36:28.0342 1732    bthserv - ok
21:36:28.0374 1732    BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
21:36:28.0374 1732    BTHUSB - ok
21:36:28.0452 1732    btwrchid        (0bd65191070a400fd1bd5385c0a30250) C:\windows\system32\vwlogger.dll
21:36:28.0452 1732    Suspicious file (Forged): C:\windows\system32\vwlogger.dll. Real md5: 0bd65191070a400fd1bd5385c0a30250, Fake md5: 32ca18808933aa12e979375d07048a11
21:36:28.0452 1732    btwrchid ( ForgedFile.Multi.Generic ) - warning
21:36:28.0452 1732    btwrchid - detected ForgedFile.Multi.Generic (1)
21:36:28.0623 1732    Cam5607         (58db523a2a714e57ad715bfde8a22a5a) C:\windows\system32\Drivers\BisonC07.sys
21:36:28.0623 1732    Cam5607 - ok
21:36:28.0686 1732    cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:36:28.0701 1732    cdfs - ok
21:36:28.0764 1732    cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
21:36:28.0779 1732    cdrom - ok
21:36:28.0826 1732    CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:36:28.0826 1732    CertPropSvc - ok
21:36:28.0873 1732    circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:36:28.0873 1732    circlass - ok
21:36:28.0920 1732    CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:36:28.0920 1732    CLFS - ok
21:36:29.0029 1732    clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:29.0029 1732    clr_optimization_v2.0.50727_32 - ok
21:36:29.0091 1732    clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:36:29.0107 1732    clr_optimization_v4.0.30319_32 - ok
21:36:29.0154 1732    CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:36:29.0154 1732    CmBatt - ok
21:36:29.0185 1732    cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
21:36:29.0200 1732    cmdide - ok
21:36:29.0247 1732    CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
21:36:29.0263 1732    CNG - ok
21:36:29.0372 1732    CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\windows\system32\drivers\CHDRT32.sys
21:36:29.0388 1732    CnxtHdAudService - ok
21:36:29.0466 1732    Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:36:29.0466 1732    Compbatt - ok
21:36:29.0528 1732    CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
21:36:29.0528 1732    CompositeBus - ok
21:36:29.0544 1732    COMSysApp - ok
21:36:29.0590 1732    crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:36:29.0590 1732    crcdisk - ok
21:36:29.0653 1732    CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
21:36:29.0668 1732    CryptSvc - ok
21:36:29.0731 1732    cwafrmiregistry (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\usnsvc.dll
21:36:29.0746 1732    cwafrmiregistry ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:29.0746 1732    cwafrmiregistry - detected Backdoor.Multi.ZAccess.gen (0)
21:36:29.0840 1732    DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:36:29.0840 1732    DcomLaunch - ok
21:36:29.0887 1732    defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:36:29.0902 1732    defragsvc - ok
21:36:29.0934 1732    DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
21:36:29.0934 1732    DfsC - ok
21:36:30.0012 1732    Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
21:36:30.0012 1732    Dhcp - ok
21:36:30.0043 1732    discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:36:30.0043 1732    discache - ok
21:36:30.0090 1732    Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:36:30.0090 1732    Disk - ok
21:36:30.0136 1732    Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
21:36:30.0152 1732    Dnscache - ok
21:36:30.0214 1732    dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
21:36:30.0230 1732    dot3svc - ok
21:36:30.0261 1732    DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
21:36:30.0261 1732    DPS - ok
21:36:30.0308 1732    drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:36:30.0324 1732    drmkaud - ok
21:36:30.0402 1732    DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
21:36:30.0417 1732    DXGKrnl - ok
21:36:30.0480 1732    E1000           (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\atdisk.dll
21:36:30.0480 1732    E1000 ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:30.0480 1732    E1000 - detected Backdoor.Multi.ZAccess.gen (0)
21:36:30.0511 1732    EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:36:30.0526 1732    EapHost - ok
21:36:30.0792 1732    ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:36:30.0854 1732    ebdrv - ok
21:36:30.0979 1732    EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
21:36:30.0979 1732    EFS - ok
21:36:31.0072 1732    ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
21:36:31.0088 1732    ehRecvr - ok
21:36:31.0119 1732    ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:36:31.0135 1732    ehSched - ok
21:36:31.0182 1732    elnkservice     (b6c06ea086e5eb936ff396feb797d4b9) C:\windows\system32\truecrypt.dll
21:36:31.0197 1732    Suspicious file (Forged): C:\windows\system32\truecrypt.dll. Real md5: b6c06ea086e5eb936ff396feb797d4b9, Fake md5: 32ca18808933aa12e979375d07048a11
21:36:31.0197 1732    elnkservice ( ForgedFile.Multi.Generic ) - warning
21:36:31.0197 1732    elnkservice - detected ForgedFile.Multi.Generic (1)
21:36:31.0291 1732    elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:36:31.0291 1732    elxstor - ok
21:36:31.0338 1732    ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
21:36:31.0338 1732    ErrDev - ok
21:36:31.0384 1732    EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:36:31.0384 1732    EventSystem - ok
21:36:31.0416 1732    ew_hwusbdev - ok
21:36:31.0416 1732    ew_usbenumfilter - ok
21:36:31.0462 1732    exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:36:31.0478 1732    exfat - ok
21:36:31.0494 1732    fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:36:31.0509 1732    fastfat - ok
21:36:31.0587 1732    Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
21:36:31.0587 1732    Fax - ok
21:36:31.0618 1732    fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:36:31.0618 1732    fdc - ok
21:36:31.0650 1732    fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:36:31.0650 1732    fdPHost - ok
21:36:31.0665 1732    FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:36:31.0665 1732    FDResPub - ok
21:36:31.0681 1732    FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:36:31.0681 1732    FileInfo - ok
21:36:31.0696 1732    Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:36:31.0696 1732    Filetrace - ok
21:36:31.0712 1732    flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:36:31.0712 1732    flpydisk - ok
21:36:31.0743 1732    FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:36:31.0743 1732    FltMgr - ok
21:36:31.0852 1732    FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll
21:36:31.0868 1732    FontCache - ok
21:36:31.0946 1732    FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:36:31.0946 1732    FontCache3.0.0.0 - ok
21:36:31.0977 1732    FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:36:31.0977 1732    FsDepends - ok
21:36:32.0008 1732    Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
21:36:32.0008 1732    Fs_Rec - ok
21:36:32.0071 1732    funfrm          (f626f291e3f56e8969e35945552feca3) C:\windows\system32\drivers\funfrm.sys
21:36:32.0071 1732    funfrm - ok
21:36:32.0118 1732    fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
21:36:32.0118 1732    fvevol - ok
21:36:32.0180 1732    gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:36:32.0180 1732    gagp30kx - ok
21:36:32.0242 1732    GBFSHook        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\dcomlaunch.dll
21:36:32.0242 1732    GBFSHook ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:32.0242 1732    GBFSHook - detected Backdoor.Multi.ZAccess.gen (0)
21:36:32.0305 1732    ggflt           (007aea2e06e7cef7372e40c277163959) C:\windows\system32\DRIVERS\ggflt.sys
21:36:32.0305 1732    ggflt - ok
21:36:32.0352 1732    ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\windows\system32\DRIVERS\ggsemc.sys
21:36:32.0352 1732    ggsemc - ok
21:36:32.0414 1732    gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
21:36:32.0445 1732    gpsvc - ok
21:36:32.0508 1732    ha10kx2k        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\sparrow.dll
21:36:32.0508 1732    ha10kx2k ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:32.0508 1732    ha10kx2k - detected Backdoor.Multi.ZAccess.gen (0)
21:36:32.0539 1732    hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:36:32.0539 1732    hcw85cir - ok
21:36:32.0601 1732    HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
21:36:32.0632 1732    HdAudAddService - ok
21:36:32.0679 1732    HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
21:36:32.0679 1732    HDAudBus - ok
21:36:32.0695 1732    HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:36:32.0695 1732    HidBatt - ok
21:36:32.0726 1732    HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:36:32.0726 1732    HidBth - ok
21:36:32.0757 1732    HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:36:32.0757 1732    HidIr - ok
21:36:32.0788 1732    hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
21:36:32.0788 1732    hidserv - ok
21:36:32.0804 1732    HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
21:36:32.0804 1732    HidUsb - ok
21:36:32.0851 1732    hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
21:36:32.0851 1732    hkmsvc - ok
21:36:32.0898 1732    HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
21:36:32.0913 1732    HomeGroupListener - ok
21:36:32.0960 1732    HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
21:36:32.0976 1732    HomeGroupProvider - ok
21:36:33.0022 1732    hpn             (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\SenFiltService.dll
21:36:33.0022 1732    hpn ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:33.0022 1732    hpn - detected Backdoor.Multi.ZAccess.gen (0)
21:36:33.0069 1732    HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
21:36:33.0069 1732    HpSAMD - ok
21:36:33.0147 1732    HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
21:36:33.0163 1732    HTTP - ok
21:36:33.0194 1732    huawei_cdcacm - ok
21:36:33.0210 1732    huawei_enumerator - ok
21:36:33.0210 1732    huawei_ext_ctrl - ok
21:36:33.0241 1732    huawei_wwanecm - ok
21:36:33.0272 1732    hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
21:36:33.0272 1732    hwpolicy - ok
21:36:33.0350 1732    i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
21:36:33.0350 1732    i8042prt - ok
21:36:33.0444 1732    IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:36:33.0444 1732    IAANTMON - ok
21:36:33.0506 1732    iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
21:36:33.0506 1732    iaStor - ok
21:36:33.0584 1732    iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
21:36:33.0600 1732    iaStorV - ok
21:36:33.0646 1732    icraplus        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\PSSdk23.dll
21:36:33.0646 1732    icraplus ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:33.0646 1732    icraplus - detected Backdoor.Multi.ZAccess.gen (0)
21:36:33.0771 1732    idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:36:33.0787 1732    idsvc - ok
21:36:34.0239 1732    igfx            (45d1a22c0e932768729dd422e175a448) C:\windows\system32\DRIVERS\igdkmd32.sys
21:36:34.0364 1732    igfx - ok
21:36:34.0489 1732    IGRS            (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
21:36:34.0504 1732    IGRS - ok
21:36:34.0738 1732    iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:36:34.0738 1732    iirsp - ok
21:36:34.0910 1732    IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
21:36:34.0926 1732    IKEEXT - ok
21:36:34.0972 1732    intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
21:36:34.0972 1732    intelide - ok
21:36:35.0035 1732    intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:36:35.0050 1732    intelppm - ok
21:36:35.0128 1732    IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:36:35.0128 1732    IPBusEnum - ok
21:36:35.0222 1732    IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:36:35.0222 1732    IpFilterDriver - ok
21:36:35.0269 1732    IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
21:36:35.0269 1732    IPMIDRV - ok
21:36:35.0316 1732    IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:36:35.0316 1732    IPNAT - ok
21:36:35.0394 1732    IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:36:35.0394 1732    IRENUM - ok
21:36:35.0440 1732    isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
21:36:35.0456 1732    isapnp - ok
21:36:35.0534 1732    iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
21:36:35.0550 1732    iScsiPrt - ok
21:36:35.0643 1732    iSMBIOS         (2e38da21b3efa515b50d717df47ac50e) C:\windows\system32\wmp54gssvc.dll
21:36:35.0643 1732    Suspicious file (Forged): C:\windows\system32\wmp54gssvc.dll. Real md5: 2e38da21b3efa515b50d717df47ac50e, Fake md5: 32ca18808933aa12e979375d07048a11
21:36:35.0643 1732    iSMBIOS ( ForgedFile.Multi.Generic ) - warning
21:36:35.0643 1732    iSMBIOS - detected ForgedFile.Multi.Generic (1)
21:36:35.0721 1732    iviVD           (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\astcc.dll
21:36:35.0721 1732    iviVD ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:35.0721 1732    iviVD - detected Backdoor.Multi.ZAccess.gen (0)
21:36:35.0784 1732    k57nd60x        (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys
21:36:35.0830 1732    k57nd60x - ok
21:36:35.0908 1732    kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
21:36:35.0908 1732    kbdclass - ok
21:36:35.0971 1732    kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
21:36:35.0986 1732    kbdhid - ok
21:36:36.0033 1732    KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:36:36.0033 1732    KeyIso - ok
21:36:36.0080 1732    KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
21:36:36.0080 1732    KSecDD - ok
21:36:36.0127 1732    KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
21:36:36.0142 1732    KSecPkg - ok
21:36:36.0220 1732    KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:36:36.0252 1732    KtmRm - ok
21:36:36.0408 1732    LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
21:36:36.0470 1732    LanmanServer - ok
21:36:36.0938 1732    LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
21:36:37.0078 1732    LanmanWorkstation - ok
21:36:37.0141 1732    lbtserv - ok
21:36:37.0328 1732    Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
21:36:37.0468 1732    Lenovo ReadyComm AppSvc - ok
21:36:37.0515 1732    Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
21:36:37.0562 1732    Lenovo ReadyComm ConnSvc - ok
21:36:37.0718 1732    lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:36:37.0718 1732    lltdio - ok
21:36:37.0812 1732    lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:36:37.0858 1732    lltdsvc - ok
21:36:37.0999 1732    lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:36:37.0999 1732    lmhosts - ok
21:36:38.0155 1732    lsdiorw         (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\trioservice.dll
21:36:38.0170 1732    lsdiorw ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:38.0170 1732    lsdiorw - detected Backdoor.Multi.ZAccess.gen (0)
21:36:38.0389 1732    LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:36:38.0404 1732    LSI_FC - ok
21:36:38.0467 1732    LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:36:38.0467 1732    LSI_SAS - ok
21:36:38.0514 1732    LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:36:38.0514 1732    LSI_SAS2 - ok
21:36:38.0576 1732    LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:36:38.0576 1732    LSI_SCSI - ok
21:36:38.0607 1732    luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:36:38.0607 1732    luafv - ok
21:36:38.0685 1732    Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
21:36:38.0685 1732    Mcx2Svc - ok
21:36:38.0779 1732    megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:36:38.0779 1732    megasas - ok
21:36:39.0044 1732    MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:36:39.0122 1732    MegaSR - ok
21:36:39.0153 1732    MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:36:39.0153 1732    MMCSS - ok
21:36:39.0231 1732    Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:36:39.0231 1732    Modem - ok
21:36:39.0294 1732    monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:36:39.0294 1732    monitor - ok
21:36:39.0481 1732    mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
21:36:39.0481 1732    mouclass - ok
21:36:39.0684 1732    mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:36:39.0684 1732    mouhid - ok
21:36:39.0746 1732    mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
21:36:39.0746 1732    mountmgr - ok
21:36:39.0980 1732    MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:36:40.0042 1732    MozillaMaintenance - ok
21:36:40.0089 1732    mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
21:36:40.0136 1732    mpio - ok
21:36:40.0167 1732    mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:36:40.0167 1732    mpsdrv - ok
21:36:40.0386 1732    MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
21:36:40.0448 1732    MpsSvc - ok
21:36:40.0557 1732    MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
21:36:40.0573 1732    MRxDAV - ok
21:36:40.0682 1732    mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
21:36:40.0744 1732    mrxsmb - ok
21:36:40.0791 1732    mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:36:40.0822 1732    mrxsmb10 - ok
21:36:40.0916 1732    mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:36:40.0916 1732    mrxsmb20 - ok
21:36:40.0978 1732    msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
21:36:40.0978 1732    msahci - ok
21:36:41.0072 1732    msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
21:36:41.0072 1732    msdsm - ok
21:36:41.0228 1732    MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:36:41.0275 1732    MSDTC - ok
21:36:41.0337 1732    Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:36:41.0337 1732    Msfs - ok
21:36:41.0353 1732    mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:36:41.0353 1732    mshidkmdf - ok
21:36:41.0384 1732    msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
21:36:41.0384 1732    msisadrv - ok
21:36:41.0493 1732    MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:36:41.0540 1732    MSiSCSI - ok
21:36:41.0540 1732    msiserver - ok
21:36:41.0602 1732    MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:36:41.0602 1732    MSKSSRV - ok
21:36:41.0665 1732    MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:36:41.0665 1732    MSPCLOCK - ok
21:36:41.0680 1732    MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:36:41.0680 1732    MSPQM - ok
21:36:41.0696 1732    MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:36:41.0712 1732    MsRPC - ok
21:36:41.0743 1732    mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
21:36:41.0743 1732    mssmbios - ok
21:36:41.0899 1732    MSSQL$MSSMLBIZ - ok
21:36:41.0961 1732    MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:36:41.0961 1732    MSSQLServerADHelper - ok
21:36:42.0039 1732    MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:36:42.0039 1732    MSTEE - ok
21:36:42.0117 1732    MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:36:42.0117 1732    MTConfig - ok
21:36:42.0226 1732    Mtlmnt5         (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\mssql$sony_mediamgr.dll
21:36:42.0242 1732    Mtlmnt5 ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:42.0242 1732    Mtlmnt5 - detected Backdoor.Multi.ZAccess.gen (0)
21:36:42.0289 1732    Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:36:42.0289 1732    Mup - ok
21:36:42.0351 1732    mvwebserver     (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\downloadmanagerlite.dll
21:36:42.0351 1732    mvwebserver ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:42.0351 1732    mvwebserver - detected Backdoor.Multi.ZAccess.gen (0)
21:36:42.0414 1732    napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
21:36:42.0445 1732    napagent - ok
21:36:42.0585 1732    NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:36:42.0616 1732    NativeWifiP - ok
21:36:42.0772 1732    NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
21:36:42.0788 1732    NDIS - ok
21:36:42.0866 1732    NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:36:42.0866 1732    NdisCap - ok
21:36:42.0928 1732    NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:36:42.0928 1732    NdisTapi - ok
21:36:43.0147 1732    Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
21:36:43.0147 1732    Ndisuio - ok
21:36:43.0256 1732    NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
21:36:43.0303 1732    NdisWan - ok
21:36:43.0350 1732    NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
21:36:43.0350 1732    NDProxy - ok
21:36:43.0459 1732    NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:36:43.0459 1732    NetBIOS - ok
21:36:43.0552 1732    NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
21:36:43.0568 1732    NetBT - ok
21:36:43.0630 1732    Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:36:43.0630 1732    Netlogon - ok
21:36:43.0771 1732    Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:36:43.0786 1732    Netman - ok
21:36:43.0833 1732    netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:36:43.0849 1732    netprofm - ok
21:36:43.0911 1732    NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:36:43.0927 1732    NetTcpPortSharing - ok
21:36:44.0286 1732    netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
21:36:44.0520 1732    netw5v32 - ok
21:36:45.0019 1732    nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:36:45.0034 1732    nfrd960 - ok
21:36:45.0128 1732    NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
21:36:45.0144 1732    NlaSvc - ok
21:36:45.0222 1732    Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:36:45.0222 1732    Npfs - ok
21:36:45.0253 1732    nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:36:45.0253 1732    nsi - ok
21:36:45.0284 1732    nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:36:45.0284 1732    nsiproxy - ok
21:36:45.0393 1732    Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
21:36:45.0424 1732    Ntfs - ok
21:36:45.0627 1732    ntsecure        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\pdlndint.dll
21:36:45.0627 1732    ntsecure ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:45.0627 1732    ntsecure - detected Backdoor.Multi.ZAccess.gen (0)
21:36:45.0705 1732    Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:36:45.0705 1732    Null - ok
21:36:45.0799 1732    nvax            (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\se45obex.dll
21:36:45.0799 1732    nvax ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:45.0799 1732    nvax - detected Backdoor.Multi.ZAccess.gen (0)
21:36:45.0861 1732    nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
21:36:45.0861 1732    nvraid - ok
21:36:45.0924 1732    nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
21:36:45.0939 1732    nvstor - ok
21:36:46.0002 1732    nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
21:36:46.0017 1732    nv_agp - ok
21:36:46.0095 1732    nwlnkspx        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\DFUBTUSB.dll
21:36:46.0095 1732    nwlnkspx ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:46.0095 1732    nwlnkspx - detected Backdoor.Multi.ZAccess.gen (0)
21:36:46.0126 1732    NWSAP           (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\USB28xxBGA.dll
21:36:46.0142 1732    NWSAP ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:46.0142 1732    NWSAP - detected Backdoor.Multi.ZAccess.gen (0)
21:36:46.0251 1732    odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:36:46.0282 1732    odserv - ok
21:36:46.0329 1732    odysseyIM4      (c18e7a0b26f4e342eb57a4c1297a14af) C:\windows\system32\ZSMC211.dll
21:36:46.0329 1732    Suspicious file (Forged): C:\windows\system32\ZSMC211.dll. Real md5: c18e7a0b26f4e342eb57a4c1297a14af, Fake md5: 32ca18808933aa12e979375d07048a11
21:36:46.0329 1732    odysseyIM4 ( ForgedFile.Multi.Generic ) - warning
21:36:46.0329 1732    odysseyIM4 - detected ForgedFile.Multi.Generic (1)
21:36:46.0392 1732    ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
21:36:46.0392 1732    ohci1394 - ok
21:36:46.0454 1732    oraclesnmppeerencapsulator (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\sonicatheaterinstallerservice.dll
21:36:46.0454 1732    oraclesnmppeerencapsulator ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:46.0454 1732    oraclesnmppeerencapsulator - detected Backdoor.Multi.ZAccess.gen (0)
21:36:46.0516 1732    ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:46.0532 1732    ose - ok
21:36:46.0594 1732    ozoneinstallerservice (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\gmer.dll
21:36:46.0594 1732    ozoneinstallerservice ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:46.0594 1732    ozoneinstallerservice - detected Backdoor.Multi.ZAccess.gen (0)
21:36:46.0641 1732    p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:36:46.0672 1732    p2pimsvc - ok
21:36:46.0750 1732    p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:36:46.0766 1732    p2psvc - ok
21:36:46.0797 1732    Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:36:46.0797 1732    Parport - ok
21:36:46.0828 1732    partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
21:36:46.0828 1732    partmgr - ok
21:36:46.0860 1732    Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:36:46.0860 1732    Parvdm - ok
21:36:46.0875 1732    PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:36:46.0875 1732    PcaSvc - ok
21:36:46.0922 1732    pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
21:36:46.0922 1732    pci - ok
21:36:46.0969 1732    pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
21:36:46.0969 1732    pciide - ok
21:36:47.0000 1732    pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:36:47.0016 1732    pcmcia - ok
21:36:47.0031 1732    pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:36:47.0031 1732    pcw - ok
21:36:47.0078 1732    pdlndoem        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\symantecantibotshim.dll
21:36:47.0078 1732    pdlndoem ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:47.0078 1732    pdlndoem - detected Backdoor.Multi.ZAccess.gen (0)
21:36:47.0156 1732    PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:36:47.0172 1732    PEAUTH - ok
21:36:47.0328 1732    pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
21:36:47.0359 1732    pla - ok
21:36:47.0484 1732    PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
21:36:47.0515 1732    PlugPlay - ok
21:36:47.0546 1732    PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:36:47.0546 1732    PNRPAutoReg - ok
21:36:47.0593 1732    PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:36:47.0608 1732    PNRPsvc - ok
21:36:47.0671 1732    PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
21:36:47.0686 1732    PolicyAgent - ok
21:36:47.0733 1732    Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
21:36:47.0749 1732    Power - ok
21:36:47.0811 1732    PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:36:47.0827 1732    PptpMiniport - ok
21:36:47.0858 1732    Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:36:47.0858 1732    Processor - ok
21:36:47.0905 1732    ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
21:36:47.0920 1732    ProfSvc - ok
21:36:47.0952 1732    ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:36:47.0952 1732    ProtectedStorage - ok
21:36:47.0998 1732    Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:36:47.0998 1732    Psched - ok
21:36:48.0030 1732    PS_MDP - ok
21:36:48.0170 1732    ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:36:48.0186 1732    ql2300 - ok
21:36:48.0310 1732    ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:36:48.0326 1732    ql40xx - ok
21:36:48.0388 1732    QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:36:48.0388 1732    QWAVE - ok
21:36:48.0420 1732    QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:36:48.0420 1732    QWAVEdrv - ok
21:36:48.0435 1732    RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:36:48.0435 1732    RasAcd - ok
21:36:48.0482 1732    RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:36:48.0498 1732    RasAgileVpn - ok
21:36:48.0513 1732    RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:36:48.0513 1732    RasAuto - ok
21:36:48.0529 1732    Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:36:48.0544 1732    Rasl2tp - ok
21:36:48.0591 1732    RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
21:36:48.0607 1732    RasMan - ok
21:36:48.0638 1732    RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:36:48.0638 1732    RasPppoe - ok
21:36:48.0685 1732    RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:36:48.0700 1732    RasSstp - ok
21:36:48.0747 1732    rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
21:36:48.0763 1732    rdbss - ok
21:36:48.0778 1732    rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:36:48.0778 1732    rdpbus - ok
21:36:48.0810 1732    RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
21:36:48.0810 1732    RDPCDD - ok
21:36:48.0872 1732    rdpdr           (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\afs2k.dll
21:36:48.0872 1732    rdpdr ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:48.0872 1732    rdpdr - detected Backdoor.Multi.ZAccess.gen (0)
21:36:48.0934 1732    RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:36:48.0934 1732    RDPENCDD - ok
21:36:48.0950 1732    RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:36:48.0950 1732    RDPREFMP - ok
21:36:48.0997 1732    RDPWD           (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
21:36:48.0997 1732    RDPWD - ok
21:36:49.0059 1732    rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
21:36:49.0075 1732    rdyboost - ok
21:36:49.0075 1732    ReadyComm.DirectRouter - ok
21:36:49.0106 1732    RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:36:49.0106 1732    RemoteAccess - ok
21:36:49.0137 1732    RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:36:49.0153 1732    RemoteRegistry - ok
21:36:49.0215 1732    RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
21:36:49.0231 1732    RFCOMM - ok
21:36:49.0293 1732    risdptsk        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\Intels51.dll
21:36:49.0309 1732    risdptsk ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:49.0309 1732    risdptsk - detected Backdoor.Multi.ZAccess.gen (0)
21:36:49.0371 1732    ROCKEYNT        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\WDM_YAMAHAAC97.dll
21:36:49.0371 1732    ROCKEYNT ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:49.0371 1732    ROCKEYNT - detected Backdoor.Multi.ZAccess.gen (0)
21:36:49.0418 1732    roxliveshare9   (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\VAIOMediaPlatform-PhotoServer-HTTP.dll
21:36:49.0434 1732    roxliveshare9 ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:49.0434 1732    roxliveshare9 - detected Backdoor.Multi.ZAccess.gen (0)
21:36:49.0465 1732    roxmediadb      (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\bjmcmng.dll
21:36:49.0465 1732    roxmediadb ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:49.0465 1732    roxmediadb - detected Backdoor.Multi.ZAccess.gen (0)
21:36:49.0496 1732    RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:36:49.0496 1732    RpcEptMapper - ok
21:36:49.0512 1732    RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:36:49.0527 1732    RpcLocator - ok
21:36:49.0574 1732    RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:36:49.0590 1732    RpcSs - ok
21:36:49.0652 1732    rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:36:49.0668 1732    rspndr - ok
21:36:49.0683 1732    RSUSBSTOR - ok
21:36:49.0699 1732    RtsUIR - ok
21:36:49.0730 1732    SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:36:49.0730 1732    SamSs - ok
21:36:49.0792 1732    sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
21:36:49.0792 1732    sbp2port - ok
21:36:50.0011 1732    SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
21:36:50.0042 1732    SBSDWSCService - ok
21:36:50.0151 1732    SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:36:50.0167 1732    SCardSvr - ok
21:36:50.0214 1732    scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
21:36:50.0214 1732    scfilter - ok
21:36:50.0292 1732    Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
21:36:50.0323 1732    Schedule - ok
21:36:50.0370 1732    SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:36:50.0370 1732    SCPolicySvc - ok
21:36:50.0416 1732    SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
21:36:50.0432 1732    SDRSVC - ok
21:36:50.0526 1732    SeaPort         (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:36:50.0526 1732    SeaPort - ok
21:36:50.0604 1732    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:36:50.0604 1732    secdrv - ok
21:36:50.0635 1732    seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:36:50.0635 1732    seclogon - ok
21:36:50.0650 1732    SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
21:36:50.0666 1732    SENS - ok
21:36:50.0697 1732    SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:36:50.0697 1732    SensrSvc - ok
21:36:50.0728 1732    Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:36:50.0728 1732    Serenum - ok
21:36:50.0744 1732    Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:36:50.0744 1732    Serial - ok
21:36:50.0791 1732    sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:36:50.0791 1732    sermouse - ok
21:36:50.0853 1732    SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
21:36:50.0869 1732    SessionEnv - ok
21:36:50.0931 1732    sfdrv01         (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\OEM02Dev.dll
21:36:50.0947 1732    sfdrv01 ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:50.0947 1732    sfdrv01 - detected Backdoor.Multi.ZAccess.gen (0)
21:36:50.0978 1732    sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
21:36:50.0978 1732    sffdisk - ok
21:36:50.0994 1732    sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
21:36:51.0009 1732    sffp_mmc - ok
21:36:51.0025 1732    sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
21:36:51.0025 1732    sffp_sd - ok
21:36:51.0040 1732    sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:36:51.0040 1732    sfloppy - ok
21:36:51.0118 1732    SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:36:51.0134 1732    SharedAccess - ok
21:36:51.0196 1732    ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
21:36:51.0212 1732    ShellHWDetection - ok
21:36:51.0274 1732    sis315          (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\atirage3.dll
21:36:51.0274 1732    sis315 ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:51.0274 1732    sis315 - detected Backdoor.Multi.ZAccess.gen (0)
21:36:51.0306 1732    sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
21:36:51.0321 1732    sisagp - ok
21:36:51.0368 1732    SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:36:51.0368 1732    SiSRaid2 - ok
21:36:51.0399 1732    SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:36:51.0399 1732    SiSRaid4 - ok
21:36:51.0446 1732    Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:36:51.0446 1732    Smb - ok
21:36:51.0493 1732    SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:36:51.0493 1732    SNMPTRAP - ok
21:36:51.0508 1732    spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:36:51.0524 1732    spldr - ok
21:36:51.0586 1732    Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
21:36:51.0602 1732    Spooler - ok
21:36:51.0867 1732    sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
21:36:51.0930 1732    sppsvc - ok
21:36:52.0054 1732    sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
21:36:52.0054 1732    sppuinotify - ok
21:36:52.0164 1732    SQLBrowser      (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:36:52.0164 1732    SQLBrowser - ok
21:36:52.0195 1732    SQLWriter       (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:36:52.0195 1732    SQLWriter - ok
21:36:52.0273 1732    srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
21:36:52.0288 1732    srv - ok
21:36:52.0320 1732    srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
21:36:52.0335 1732    srv2 - ok
21:36:52.0366 1732    srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
21:36:52.0382 1732    srvnet - ok
21:36:52.0429 1732    SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:36:52.0429 1732    SSDPSRV - ok
21:36:52.0522 1732    ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
21:36:52.0522 1732    ssmdrv - ok
21:36:52.0554 1732    SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:36:52.0554 1732    SstpSvc - ok
21:36:52.0616 1732    stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:36:52.0616 1732    stexstor - ok
21:36:52.0678 1732    StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
21:36:52.0710 1732    StiSvc - ok
21:36:52.0756 1732    swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
21:36:52.0756 1732    swenum - ok
21:36:52.0788 1732    swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:36:52.0803 1732    swprv - ok
21:36:52.0928 1732    SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
21:36:52.0944 1732    SysMain - ok
21:36:52.0990 1732    TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
21:36:52.0990 1732    TabletInputService - ok
21:36:53.0053 1732    TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
21:36:53.0053 1732    TapiSrv - ok
21:36:53.0084 1732    TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:36:53.0084 1732    TBS - ok
21:36:53.0287 1732    Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
21:36:53.0302 1732    Tcpip - ok
21:36:53.0552 1732    TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
21:36:53.0568 1732    TCPIP6 - ok
21:36:53.0739 1732    tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
21:36:53.0739 1732    tcpipreg - ok
21:36:53.0802 1732    TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
21:36:53.0802 1732    TDPIPE - ok
21:36:53.0833 1732    TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
21:36:53.0833 1732    TDTCP - ok
21:36:53.0880 1732    tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
21:36:53.0880 1732    tdx - ok
21:36:53.0911 1732    TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
21:36:53.0911 1732    TermDD - ok
21:36:53.0973 1732    TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
21:36:53.0989 1732    TermService - ok
21:36:54.0036 1732    Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:36:54.0036 1732    Themes - ok
21:36:54.0067 1732    THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:36:54.0067 1732    THREADORDER - ok
21:36:54.0145 1732    tosrfhid        (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\tng-doba.dll
21:36:54.0160 1732    tosrfhid ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:54.0160 1732    tosrfhid - detected Backdoor.Multi.ZAccess.gen (0)
21:36:54.0176 1732    TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:36:54.0192 1732    TrkWks - ok
21:36:54.0254 1732    TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
21:36:54.0254 1732    TrustedInstaller - ok
21:36:54.0285 1732    tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
21:36:54.0285 1732    tssecsrv - ok
21:36:54.0316 1732    TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
21:36:54.0332 1732    TsUsbFlt - ok
21:36:54.0379 1732    tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
21:36:54.0394 1732    tunnel - ok
21:36:54.0410 1732    uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:36:54.0410 1732    uagp35 - ok
21:36:54.0472 1732    udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
21:36:54.0472 1732    udfs - ok
21:36:54.0504 1732    UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:36:54.0519 1732    UI0Detect - ok
21:36:54.0566 1732    uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
21:36:54.0566 1732    uliagpkx - ok
21:36:54.0597 1732    umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
21:36:54.0613 1732    umbus - ok
21:36:54.0628 1732    UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:36:54.0628 1732    UmPass - ok
21:36:54.0660 1732    upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:36:54.0675 1732    upnphost - ok
21:36:54.0706 1732    usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\DRIVERS\usbccgp.sys
21:36:54.0706 1732    usbccgp - ok
21:36:54.0722 1732    USBCCID - ok
21:36:54.0784 1732    usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
21:36:54.0784 1732    usbcir - ok
21:36:54.0816 1732    usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
21:36:54.0816 1732    usbehci - ok
21:36:54.0862 1732    usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\DRIVERS\usbhub.sys
21:36:54.0878 1732    usbhub - ok
21:36:54.0894 1732    usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
21:36:54.0894 1732    usbohci - ok
21:36:54.0940 1732    usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:36:54.0956 1732    usbprint - ok
21:36:54.0987 1732    USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:36:54.0987 1732    USBSTOR - ok
21:36:55.0018 1732    usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
21:36:55.0018 1732    usbuhci - ok
21:36:55.0081 1732    usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
21:36:55.0096 1732    usbvideo - ok
21:36:55.0128 1732    UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:36:55.0128 1732    UxSms - ok
21:36:55.0159 1732    VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:36:55.0174 1732    VaultSvc - ok
21:36:55.0206 1732    vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
21:36:55.0206 1732    vdrvroot - ok
21:36:55.0268 1732    vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
21:36:55.0284 1732    vds - ok
21:36:55.0346 1732    vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:36:55.0346 1732    vga - ok
21:36:55.0362 1732    VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:36:55.0362 1732    VgaSave - ok
21:36:55.0393 1732    vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
21:36:55.0408 1732    vhdmp - ok
21:36:55.0455 1732    viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
21:36:55.0455 1732    viaagp - ok
21:36:55.0486 1732    ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:36:55.0486 1732    ViaC7 - ok
21:36:55.0533 1732    viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
21:36:55.0533 1732    viaide - ok
21:36:55.0580 1732    viairda         (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\ssm_mdm.dll
21:36:55.0580 1732    viairda ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:55.0580 1732    viairda - detected Backdoor.Multi.ZAccess.gen (0)
21:36:55.0642 1732    VICESYS         (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\epstnt01.dll
21:36:55.0642 1732    VICESYS ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:55.0642 1732    VICESYS - detected Backdoor.Multi.ZAccess.gen (0)
21:36:55.0689 1732    volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
21:36:55.0689 1732    volmgr - ok
21:36:55.0736 1732    volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:36:55.0736 1732    volmgrx - ok
21:36:55.0783 1732    volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
21:36:55.0798 1732    volsnap - ok
21:36:55.0845 1732    vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:36:55.0861 1732    vsmraid - ok
21:36:55.0986 1732    VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
21:36:56.0017 1732    VSS - ok
21:36:56.0048 1732    vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:36:56.0048 1732    vwifibus - ok
21:36:56.0110 1732    vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:36:56.0110 1732    vwififlt - ok
21:36:56.0157 1732    vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
21:36:56.0157 1732    vwifimp - ok
21:36:56.0204 1732    W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:36:56.0220 1732    W32Time - ok
21:36:56.0266 1732    WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:36:56.0266 1732    WacomPen - ok
21:36:56.0329 1732    WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:36:56.0329 1732    WANARP - ok
21:36:56.0329 1732    Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:36:56.0329 1732    Wanarpv6 - ok
21:36:56.0469 1732    wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
21:36:56.0500 1732    wbengine - ok
21:36:56.0547 1732    WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:36:56.0563 1732    WbioSrvc - ok
21:36:56.0610 1732    wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
21:36:56.0625 1732    wcncsvc - ok
21:36:56.0656 1732    WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:36:56.0656 1732    WcsPlugInService - ok
21:36:56.0703 1732    Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:36:56.0703 1732    Wd - ok
21:36:56.0750 1732    Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:36:56.0766 1732    Wdf01000 - ok
21:36:56.0781 1732    WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:36:56.0781 1732    WdiServiceHost - ok
21:36:56.0797 1732    WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:36:56.0797 1732    WdiSystemHost - ok
21:36:56.0844 1732    wdmirror        (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys
21:36:56.0844 1732    wdmirror - ok
21:36:56.0890 1732    WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
21:36:56.0906 1732    WebClient - ok
21:36:56.0937 1732    Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:36:56.0953 1732    Wecsvc - ok
21:36:56.0984 1732    wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:36:56.0984 1732    wercplsupport - ok
21:36:57.0046 1732    WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:36:57.0046 1732    WerSvc - ok
21:36:57.0062 1732    WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:36:57.0062 1732    WfpLwf - ok
21:36:57.0124 1732    WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
21:36:57.0140 1732    WimFltr - ok
21:36:57.0171 1732    WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:36:57.0171 1732    WIMMount - ok
21:36:57.0234 1732    Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:36:57.0249 1732    Winmgmt - ok
21:36:57.0374 1732    WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
21:36:57.0405 1732    WinRM - ok
21:36:57.0499 1732    WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
21:36:57.0499 1732    WinUsb - ok
21:36:57.0592 1732    Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:36:57.0608 1732    Wlansvc - ok
21:36:57.0670 1732    WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
21:36:57.0670 1732    WmiAcpi - ok
21:36:57.0733 1732    wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:36:57.0748 1732    wmiApSrv - ok
21:36:57.0904 1732    WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:36:57.0951 1732    WMPNetworkSvc - ok
21:36:58.0045 1732    WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:36:58.0045 1732    WPCSvc - ok
21:36:58.0092 1732    WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
21:36:58.0092 1732    WPDBusEnum - ok
21:36:58.0123 1732    ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:36:58.0123 1732    ws2ifsl - ok
21:36:58.0138 1732    WSearch - ok
21:36:58.0170 1732    wsvd            (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys
21:36:58.0185 1732    wsvd - ok
21:36:58.0341 1732    wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
21:36:58.0388 1732    wuauserv - ok
21:36:58.0528 1732    WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
21:36:58.0528 1732    WudfPf - ok
21:36:58.0591 1732    WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
21:36:58.0606 1732    WUDFRd - ok
21:36:58.0638 1732    wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
21:36:58.0653 1732    wudfsvc - ok
21:36:58.0684 1732    WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:36:58.0700 1732    WwanSvc - ok
21:36:58.0762 1732    zebrsce         (b89cfbe8cb247b57d8c10adaa66b462b) C:\windows\system32\crystalaps.dll
21:36:58.0762 1732    zebrsce ( Backdoor.Multi.ZAccess.gen ) - infected
21:36:58.0762 1732    zebrsce - detected Backdoor.Multi.ZAccess.gen (0)
21:36:58.0809 1732    MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:36:59.0012 1732    \Device\Harddisk0\DR0 - ok
21:36:59.0028 1732    Boot (0x1200)   (0a9d9ea56cd21d3efa49be73f2dd41cd) \Device\Harddisk0\DR0\Partition0
21:36:59.0028 1732    \Device\Harddisk0\DR0\Partition0 - ok
21:36:59.0043 1732    Boot (0x1200)   (bd4c0aac964d77a1a7c5c956d598e004) \Device\Harddisk0\DR0\Partition1
21:36:59.0043 1732    \Device\Harddisk0\DR0\Partition1 - ok
21:36:59.0074 1732    Boot (0x1200)   (6f28839ce5774006b0aeece42933d8d7) \Device\Harddisk0\DR0\Partition2
21:36:59.0074 1732    \Device\Harddisk0\DR0\Partition2 - ok
21:36:59.0074 1732    ============================================================
21:36:59.0074 1732    Scan finished
21:36:59.0074 1732    ============================================================
21:36:59.0090 1708    Detected object count: 34
21:36:59.0090 1708    Actual detected object count: 34
21:37:10.0540 1708    C:\windows\system32\LHidUsbK.dll - copied to quarantine
21:37:10.0540 1708    bdpredir ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:10.0618 1708    C:\windows\system32\tunmp.dll - copied to quarantine
21:37:10.0618 1708    blueletscoaudio ( ForgedFile.Multi.Generic ) - User select action: Quarantine 
21:37:10.0696 1708    C:\windows\system32\vwlogger.dll - copied to quarantine
21:37:10.0696 1708    btwrchid ( ForgedFile.Multi.Generic ) - User select action: Quarantine 
21:37:10.0728 1708    C:\windows\system32\usnsvc.dll - copied to quarantine
21:37:10.0728 1708    cwafrmiregistry ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:10.0790 1708    C:\windows\system32\atdisk.dll - copied to quarantine
21:37:10.0790 1708    E1000 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:10.0821 1708    C:\windows\system32\truecrypt.dll - copied to quarantine
21:37:10.0821 1708    elnkservice ( ForgedFile.Multi.Generic ) - User select action: Quarantine 
21:37:10.0868 1708    C:\windows\system32\dcomlaunch.dll - copied to quarantine
21:37:10.0868 1708    GBFSHook ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:10.0899 1708    C:\windows\system32\sparrow.dll - copied to quarantine
21:37:10.0899 1708    ha10kx2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:10.0946 1708    C:\windows\system32\SenFiltService.dll - copied to quarantine
21:37:10.0946 1708    hpn ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0008 1708    C:\windows\system32\PSSdk23.dll - copied to quarantine
21:37:11.0008 1708    icraplus ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0040 1708    C:\windows\system32\wmp54gssvc.dll - copied to quarantine
21:37:11.0040 1708    iSMBIOS ( ForgedFile.Multi.Generic ) - User select action: Quarantine 
21:37:11.0086 1708    C:\windows\system32\astcc.dll - copied to quarantine
21:37:11.0086 1708    iviVD ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0133 1708    C:\windows\system32\trioservice.dll - copied to quarantine
21:37:11.0133 1708    lsdiorw ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0196 1708    C:\windows\system32\mssql$sony_mediamgr.dll - copied to quarantine
21:37:11.0196 1708    Mtlmnt5 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0242 1708    C:\windows\system32\downloadmanagerlite.dll - copied to quarantine
21:37:11.0242 1708    mvwebserver ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0289 1708    C:\windows\system32\pdlndint.dll - copied to quarantine
21:37:11.0289 1708    ntsecure ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0352 1708    C:\windows\system32\se45obex.dll - copied to quarantine
21:37:11.0352 1708    nvax ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0398 1708    C:\windows\system32\DFUBTUSB.dll - copied to quarantine
21:37:11.0398 1708    nwlnkspx ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0461 1708    C:\windows\system32\USB28xxBGA.dll - copied to quarantine
21:37:11.0461 1708    NWSAP ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0492 1708    C:\windows\system32\ZSMC211.dll - copied to quarantine
21:37:11.0492 1708    odysseyIM4 ( ForgedFile.Multi.Generic ) - User select action: Quarantine 
21:37:11.0523 1708    C:\windows\system32\sonicatheaterinstallerservice.dll - copied to quarantine
21:37:11.0523 1708    oraclesnmppeerencapsulator ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0570 1708    C:\windows\system32\gmer.dll - copied to quarantine
21:37:11.0570 1708    ozoneinstallerservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0617 1708    C:\windows\system32\symantecantibotshim.dll - copied to quarantine
21:37:11.0617 1708    pdlndoem ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0664 1708    C:\windows\system32\afs2k.dll - copied to quarantine
21:37:11.0664 1708    rdpdr ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0679 1708    C:\windows\system32\Intels51.dll - copied to quarantine
21:37:11.0679 1708    risdptsk ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0773 1708    C:\windows\system32\WDM_YAMAHAAC97.dll - copied to quarantine
21:37:11.0773 1708    ROCKEYNT ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0804 1708    C:\windows\system32\VAIOMediaPlatform-PhotoServer-HTTP.dll - copied to quarantine
21:37:11.0804 1708    roxliveshare9 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0835 1708    C:\windows\system32\bjmcmng.dll - copied to quarantine
21:37:11.0835 1708    roxmediadb ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0898 1708    C:\windows\system32\OEM02Dev.dll - copied to quarantine
21:37:11.0898 1708    sfdrv01 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0929 1708    C:\windows\system32\atirage3.dll - copied to quarantine
21:37:11.0929 1708    sis315 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:11.0960 1708    C:\windows\system32\tng-doba.dll - copied to quarantine
21:37:11.0960 1708    tosrfhid ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:12.0007 1708    C:\windows\system32\ssm_mdm.dll - copied to quarantine
21:37:12.0007 1708    viairda ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:12.0069 1708    C:\windows\system32\epstnt01.dll - copied to quarantine
21:37:12.0069 1708    VICESYS ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:37:12.0085 1708    C:\windows\system32\crystalaps.dll - copied to quarantine
21:37:12.0085 1708    zebrsce ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine 
21:38:56.0692 3352    Deinitialize success

05.06.2012, 21:49

Swisstreasure

Moderator

Beiträge: 5694

#6 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

05.06.2012, 22:48

Kipcha

Member

Themenstarter

Beiträge: 61

#7 Es gab eine Fehlermeldung (siehe Anhang).
Nach dem Scan kam "Combofix hat die Anwesenheit von Rootkit festgestellt und muss nun den PC neustarten"
Musste den Computer nochmals neustarten, um ins Internet zu gelangen.

Hier der Log:

Code

ComboFix 12-06-05.03 - Lenovo 05.06.2012  22:10:38.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3005.1886 [GMT 2:00]
ausgeführt von:: c:\users\Lenovo\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lenovo\AppData\Roaming\Local
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\96579f65f829d41bbdd7c95022f8a78c.avi.ddr
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\crcl_john.rabe.xvid_cd1.avi.ddr
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\96579f65f829d41bbdd7c95022f8a78c.avi
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crcl_john.rabe.xvid_cd1.avi.ddp
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Yu_Gi_Oh_2x02_Ein_mysteri_ser_Duellant_Teil_2_.avi
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Yu_Gi_Oh_2x02_Einmysteri_serDuellantTeil2.avi.ddp
c:\users\Lenovo\AppData\Roaming\Local\Temp\DDM\Settings\Yu_Gi_Oh_2x02_Ein_mysteri_ser_Duellant_Teil_2_.avi.ddr
c:\users\Lenovo\Flash_Disinfector.exe
c:\windows\$NtUninstallKB60859$
c:\windows\$NtUninstallKB60859$\2914435058\@
c:\windows\$NtUninstallKB60859$\2914435058\L\xadqgnnk
c:\windows\$NtUninstallKB60859$\2914435058\loader.tlb
c:\windows\$NtUninstallKB60859$\2914435058\U\@00000001
c:\windows\$NtUninstallKB60859$\2914435058\U\@000000c0
c:\windows\$NtUninstallKB60859$\2914435058\U\@000000cb
c:\windows\$NtUninstallKB60859$\2914435058\U\@000000cf
c:\windows\$NtUninstallKB60859$\2914435058\U\@80000000
c:\windows\$NtUninstallKB60859$\2914435058\U\@800000c0
c:\windows\$NtUninstallKB60859$\2914435058\U\@800000cb
c:\windows\$NtUninstallKB60859$\2914435058\U\@800000cf
c:\windows\$NtUninstallKB60859$\825022382
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\IsUn0407.exe
c:\windows\system32\afs2k.dll
c:\windows\system32\astcc.dll
c:\windows\system32\atdisk.dll
c:\windows\system32\atirage3.dll
c:\windows\system32\avisynth.dll
c:\windows\system32\bjmcmng.dll
c:\windows\system32\crystalaps.dll
c:\windows\system32\dcomlaunch.dll
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\devil.dll
c:\windows\system32\DFUBTUSB.dll
c:\windows\system32\downloadmanagerlite.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\epstnt01.dll
c:\windows\system32\gmer.dll
c:\windows\system32\Intels51.dll
c:\windows\system32\LHidUsbK.dll
c:\windows\system32\mssql$sony_mediamgr.dll
c:\windows\system32\OEM02Dev.dll
c:\windows\system32\pdlndint.dll
c:\windows\system32\PSSdk23.dll
c:\windows\system32\se45obex.dll
c:\windows\system32\SenFiltService.dll
c:\windows\system32\sonicatheaterinstallerservice.dll
c:\windows\system32\sparrow.dll
c:\windows\system32\ssm_mdm.dll
c:\windows\system32\symantecantibotshim.dll
c:\windows\system32\tng-doba.dll
c:\windows\system32\trioservice.dll
c:\windows\system32\truecrypt.dll
c:\windows\system32\tunmp.dll
c:\windows\system32\USB28xxBGA.dll
c:\windows\system32\usnsvc.dll
c:\windows\system32\VAIOMediaPlatform-PhotoServer-HTTP.dll
c:\windows\system32\vwlogger.dll
c:\windows\system32\WDM_YAMAHAAC97.dll
c:\windows\system32\wmp54gssvc.dll
c:\windows\system32\ZSMC211.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bdpredir
-------\Service_blueletscoaudio
-------\Service_btwrchid
-------\Service_cwafrmiregistry
-------\Service_E1000
-------\Service_elnkservice
-------\Service_GBFSHook
-------\Service_ha10kx2k
-------\Service_hpn
-------\Service_icraplus
-------\Service_iSMBIOS
-------\Service_iviVD
-------\Service_lsdiorw
-------\Service_Mtlmnt5
-------\Service_mvwebserver
-------\Service_ntsecure
-------\Service_nvax
-------\Service_nwlnkspx
-------\Service_NWSAP
-------\Service_odysseyIM4
-------\Service_oraclesnmppeerencapsulator
-------\Service_ozoneinstallerservice
-------\Service_pdlndoem
-------\Service_rdpdr
-------\Service_risdptsk
-------\Service_ROCKEYNT
-------\Service_roxliveshare9
-------\Service_roxmediadb
-------\Service_sfdrv01
-------\Service_sis315
-------\Service_tosrfhid
-------\Service_viairda
-------\Service_VICESYS
-------\Service_zebrsce
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-05 bis 2012-06-05  ))))))))))))))))))))))))))))))
.
.
2012-06-05 20:22 . 2012-06-05 20:26    --------    d-----w-    c:\users\Lenovo\AppData\Local\temp
2012-06-05 20:22 . 2012-06-05 20:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-06-05 19:33 . 2012-06-05 19:37    --------    d-----w-    C:\TDSSKiller_Quarantine
2012-05-11 11:29 . 2012-03-31 04:39    3913072    ----a-w-    c:\windows\system32\ntoskrnl.exe
2012-05-11 11:29 . 2012-03-31 04:39    3968368    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2012-05-11 11:29 . 2012-03-31 02:36    2343424    ----a-w-    c:\windows\system32\win32k.sys
2012-05-11 11:29 . 2012-03-17 07:27    56176    ----a-w-    c:\windows\system32\drivers\partmgr.sys
2012-05-11 11:29 . 2012-03-03 05:31    1077248    ----a-w-    c:\windows\system32\DWrite.dll
2012-05-11 11:29 . 2012-03-30 10:23    1291632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2012-05-11 11:29 . 2012-03-31 04:29    936960    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 11:29 . 2012-03-31 04:30    1221632    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 11:29 . 2012-03-31 04:29    989184    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 11:29 . 2012-03-31 04:29    969216    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 10:29 . 2012-04-25 10:54    83392    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2012-05-08 10:29 . 2012-04-25 10:54    137928    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2012-05-05 06:38 . 2012-04-01 08:11    419488    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:38 . 2011-10-11 15:28    70304    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-10 09:55 . 2010-10-29 16:55    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2012-05-04 21:03 . 2011-05-08 14:00    97208    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-01-06 08:23    1410312    ----a-w-    c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2010-01-06 3122440]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-02-22 72192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2010-8-28 1462272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-02-07 13224]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs    REG_MULTI_SZ       ReadyComm.DirectRouter PS_MDP
.
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
pwd_2K
megamonitorsrv
PNDIS5
usbio
avgmfx86
se58mgmt
backupexecalertserver
abp480n5
mctaskmanager
filemon701
mstdc
cd20xrnt
NPPTNT
zpjobq
AVCSTRM
webcompserver
fsdfwd
nmwcd
VAIOMediaPlatform-VideoServer-HTTP
lxbs_device
IWCA
W8335XP
hsf_msft
pdlndsdl
AVWLP_USB
Defrag32
buslogic
mssql$microsoftbcm
mcpromgr
ndassvc
atimtag
dmio
dmisrv
rtport
winpppoverethernet
W700obex
db2governor
MA_CMIDI
hcwPP2
nuvaud2
pdlndqll
ossrv
kpfwsvc
hpdskflt
usbsermpt
enethusb
sonicwall_netextender
NWSIPX32
nlsvc
VX1000
ctac32k
TUWinStylerThemeSvc
dsunidrv
vncdrv
pensup
tvtpktfilter
MR97310_USB_DUAL_CAMERA
mhndrv
SbcpHid
aec
spmgr
ireike
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
SymIMMP
hcmon
iksysflt
IntelC51
useraccess7
mqdmbus
sp_clamsrv
RMSvc
nwlnkflt
PhilCam8116
ScanUSBEMPIA
rt2870
nim32
DCamUSBGrandTek
interactivelogon
citrixwmiservice
nhcDriverDevice
sysaudio
winmtsrv
regservice
raysatxsi5_0server
papycpu2
DELL_A02
sfusvc
nvnforce
sdbus
SISNICXP
cwcpsvc20
acs
TryAndDecideService
lxcc_device
clientservice
cfsvcs
mnmsrvc
p1131vid
hpqcxs08
zebrmdfl
belgium_id_card_service
w810bus
nidomainservice
TNaviSrv
adobeactivefilemonitor4.0
UPATC
kmixer
USBModem
uiusys
sdcoreservice
msi_wlan_service
symc8xx
arrayssl_vpn_service3,0,1,9
tmesbs32
AdobeActiveFileMonitor6.0
ccevtmgr
wlsetupsvc
NWHOST
toddsrv
TdmService
LHidUsbK
mqdmmdfl
U81xmdfl
sbcssvc
asc
PXRDDriver
Epiusb
VMAUDIO
k56
TMHIDSRV
RR2Ctrl
amon
networkx
eaps2kbd
agnfilt
portmapper
DCFS2K
s716obex
mqdmserd
ASUSVRC
w810mdm
SrvcEPECioctl
ZSMC301b
hclinetd
ROB_V
MpFilter
mpfp
tappsrv
EQDRV5
nocashio
mlkkbdntdriver
https-nassry
se44nd5
SNP2STD
lilsgt
epsonbidirectionalservice
tunnelguardservice
procexp90
RivaTuner32
mcafeeframework
dmserver
dlbx_device
wmccdsls
SNP2UVC
irda
s125bus
ofcservice
ssisvr32
dtsrvc
ichaud
LKbdFlt2
GTWModem
rca
rampartsvc
aswrdr
httpfilter
tlntsvr
wintabservice
atiavpci
SE2Cmdm
appmgmt
ELmon
mbmiodrvr
armoucfltr
FTDIBUS
downloadmanagerlite
FETNDISB
GBDevice
fireport
carboncopyscheduler
lxda_device
avcgbfl
wusb54gv2svc
tnbrlds
netw4x32
mediamaxxlservice
easdrv
digictrl
DC21x4
mferkdk
atinevxx
savscan
aswupdsv
aspi32
tsmservice
RIOUNIV
SE26mdm
BrScnUsb
SE27bus
zd1211u(zydas)
dbmanagerscheduler
alertservice
imaservice
smbios
pdreli
Bcim
tphkdrv
VX3000
dmboot
penrendezvous
lbtserv
usbscan
adsexpb
SE2Dmgmt
EagleNT
k750bus
USRpdA
smtpd32
aawservice
pserve
de_serv
stac97
SE2Dmdfl
UpdateCenterService
rtl8023
TICalc
lxdmCATSCustConnectService
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:38]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1989474913-106441546-910237228-1003Core.job
- c:\users\Lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 15:58]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1989474913-106441546-910237228-1003UA.job
- c:\users\Lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 15:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: Interfaces\{309C0938-CB29-4840-AA7A-7830A3FFDD25}: NameServer = 141.2.22.74,141.2.149.10
FF - ProfilePath - c:\users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6fjxnv6w.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://memebase.com/
FF - prefs.js: keyword.URL -       hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-TarzanAG Demo - c:\windows\IsUn0407.exe
AddRemove-Theme Park World - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3148)
c:\windows\system32\IcnOvrly.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-05  22:40:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-05 20:40
.
Vor Suchlauf: 9 Verzeichnis(se), 303.162.314.752 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 302.811.336.704 Bytes frei
.
- - End Of File - - 2B21AC08D957B64621806F1B0430BFE1

Anhang: Unbenannt.png

05.06.2012, 23:31

Swisstreasure

Moderator

Beiträge: 5694

#8 Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code


Driver::
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
pwd_2K
megamonitorsrv
PNDIS5
usbio
avgmfx86
se58mgmt
backupexecalertserver
abp480n5
mctaskmanager
filemon701
mstdc
cd20xrnt
NPPTNT
zpjobq
AVCSTRM
webcompserver
fsdfwd
nmwcd
VAIOMediaPlatform-VideoServer-HTTP
lxbs_device
IWCA
W8335XP
hsf_msft
pdlndsdl
AVWLP_USB
Defrag32
buslogic
mssql$microsoftbcm
mcpromgr
ndassvc
atimtag
dmio
dmisrv
rtport
winpppoverethernet
W700obex
db2governor
MA_CMIDI
hcwPP2
nuvaud2
pdlndqll
ossrv
kpfwsvc
hpdskflt
usbsermpt
enethusb
sonicwall_netextender
NWSIPX32
nlsvc
VX1000
ctac32k
TUWinStylerThemeSvc
dsunidrv
vncdrv
pensup
tvtpktfilter
MR97310_USB_DUAL_CAMERA
mhndrv
SbcpHid
aec
spmgr
ireike
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
SymIMMP
hcmon
iksysflt
IntelC51
useraccess7
mqdmbus
sp_clamsrv
RMSvc
nwlnkflt
PhilCam8116
ScanUSBEMPIA
rt2870
nim32
DCamUSBGrandTek
interactivelogon
citrixwmiservice
nhcDriverDevice
sysaudio
winmtsrv
regservice
raysatxsi5_0server
papycpu2
DELL_A02
sfusvc
nvnforce
sdbus
SISNICXP
cwcpsvc20
acs
TryAndDecideService
lxcc_device
clientservice
cfsvcs
mnmsrvc
p1131vid
hpqcxs08
zebrmdfl
belgium_id_card_service
w810bus
nidomainservice
TNaviSrv
adobeactivefilemonitor4.0
UPATC
kmixer
USBModem
uiusys
sdcoreservice
msi_wlan_service
symc8xx
arrayssl_vpn_service3,0,1,9
tmesbs32
AdobeActiveFileMonitor6.0
ccevtmgr
wlsetupsvc
NWHOST
toddsrv
TdmService
LHidUsbK
mqdmmdfl
U81xmdfl
sbcssvc
asc
PXRDDriver
Epiusb
VMAUDIO
k56
TMHIDSRV
RR2Ctrl
amon
networkx
eaps2kbd
agnfilt
portmapper
DCFS2K
s716obex
mqdmserd
ASUSVRC
w810mdm
SrvcEPECioctl
ZSMC301b
hclinetd
ROB_V
MpFilter
mpfp
tappsrv
EQDRV5
nocashio
mlkkbdntdriver
https-nassry
se44nd5
SNP2STD
lilsgt
epsonbidirectionalservice
tunnelguardservice
procexp90
RivaTuner32
mcafeeframework
dmserver
dlbx_device
wmccdsls
SNP2UVC
irda
s125bus
ofcservice
ssisvr32
dtsrvc
ichaud
LKbdFlt2
GTWModem
rca
rampartsvc
aswrdr
httpfilter
tlntsvr
wintabservice
atiavpci
SE2Cmdm
appmgmt
ELmon
mbmiodrvr
armoucfltr
FTDIBUS
downloadmanagerlite
FETNDISB
GBDevice
fireport
carboncopyscheduler
lxda_device
avcgbfl
wusb54gv2svc
tnbrlds
netw4x32
mediamaxxlservice
easdrv
digictrl
DC21x4
mferkdk
atinevxx
savscan
aswupdsv
aspi32
tsmservice
RIOUNIV
SE26mdm
BrScnUsb
SE27bus
zd1211u(zydas)
dbmanagerscheduler
alertservice
imaservice
smbios
pdreli
Bcim
tphkdrv
VX3000
dmboot
penrendezvous
lbtserv
usbscan
adsexpb
SE2Dmgmt
EagleNT
k750bus
USRpdA
smtpd32
aawservice
pserve
de_serv
stac97
SE2Dmdfl
UpdateCenterService
rtl8023
TICalc
lxdmCATSCustConnectService
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
• Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
• Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
• Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
• Mache nichts am PC solange ComboFix läuft.

• In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
• Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

06.06.2012, 00:30

Kipcha

Member

Themenstarter

Beiträge: 61

#9 Combofix hat ganz normal gearbeitet.
Dann kam der Neustart. Hochfahren war ganz normal, Anmeldebildschirm auch. Der Desktop hat aber nicht geladen. Er war komplett schwarz, nur das Icon vom Muelleimer und die Taskleiste waren da. Es kam die Fehlermeldung:
"C:/windows/system32/config/systemprofile/Desktop bezieht sich auf einen Pfad, der nicht verfuegbar ist. Dieser kann auf der Festplatte dieses Computers oder im Netzwerk sein. Stellen Sie sicher, dass eine Verbinung mit dem Internet oderm dem eigenen Netzwerk besteht und wiederholen Sie den Vorgang. Es kann sein, dass Informationen in einen anderen Pfad verschoben wurden, wenn der Pfad weiterhin nicht ermittelt werden kann."

Als ich das auf das Menue gegangen bin und C: oeffnen wollte, blieb der PC kurz haengen und es sind ein paar mehr Icons auf dem Desktop erschienen, aber er ist immer noch schwarz und die Tastatur hat sich umgestellt.
Combofix hat nichts mehr von sich hoeren lassen. Die einzigen Textdokumente im Combofixordner sind "Combofix" und "Resident"
Das steht im ersten Dokument:

ComboFix 12-06-05.03 - Lenovo 05.06.2012 23:49:16.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3005.2212 [GMT 2:00]
ausgeführt von:: C:\Users\Lenovo\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: C:\Users\Lenovo\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

06.06.2012, 00:57

Swisstreasure

Moderator

Beiträge: 5694

#10 Kannst Du aber noch normal starten?

06.06.2012, 01:06

Kipcha

Member

Themenstarter

Beiträge: 61

#11 Ja. Das Problem tritt erst nach der Anmeldung auf mein Profil auf

06.06.2012, 14:37

Swisstreasure

Moderator

Beiträge: 5694

#12 Hast Du die Windows CD zur Hand? Du musst eine Reperatur durchführen.

06.06.2012, 15:40

Kipcha

Member

Themenstarter

Beiträge: 61

#13 Nein, leider nicht.
Ich hab den Laptop geschenkt bekommen und Windows war schon vorinstalliert. Eine CD hab ich nicht dazu bekommen.

06.06.2012, 16:11

Swisstreasure

Moderator

Beiträge: 5694

#14 Also der Dekstop ist schwarz oder kannst Du da normal arbeiten?

06.06.2012, 16:23

Kipcha

Member

Themenstarter

Beiträge: 61

#15 Ich kann noch normal arbeiten. Der Hintergrund ist schwarz, zur Zeit ist nur das Icon vom Papierkorb und die Taskleiste mit Menue zu sehen. Ins Internet kann ich nur ueber Internet Explorer (alte Version). VLC-Player kann ich oeffnen, aber man hoert keine Musik.

Edit:
Abspeichern kann ich anscheinend auch nichts. Hab versucht ein Screenshot zu machen. Es kam immer eine Fehlermeldung, dass das Dokument nicht gespeichert werden kann. OpenOffice kann ich auch nicht oeffnen.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3