|
Plagegeister aller Art und deren Bekämpfung: Smart Fortress 2012 / sicherheitscenter ausgeschaltetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.04.2012, 11:49 | #1 |
| Smart Fortress 2012 / sicherheitscenter ausgeschaltet Ich habe mir gestern irgendwie die wohl nervtötendste malware meines Lebens eingefangen: das Smart Fortress 2012. Nachdem dieser Mist alles blockiert hat, was ich versucht habe, habe ich erstmal denn PC abgewürgt und dann im abgesicherten modus gestartet. Dann einmal antivir durchlaufen lassen - kein Fund. Also Malwarebytes Anti-Malware im Quickscan drüberlaufen lassen - und siehe da: 6 Funde! Alles entfernt, neugestartet: alles funktioniert wieder. Ich habe außerdem entweder vor oder nach dem Anti-Malware-Scan noch die FixExe ausgeführt (was wohl unnötig war). Dann noch mal einen vollständigen Scan mit Malwarebyte - 1 Fund - entfernt. Schlussendlich habe ich noch tdsskiller installiert und ausgeführt. Da gab es noch einen Fund, bei dem ich auf "Delete" geklickt habe, vielleicht liegt ja auch da der Fehler. Seitdem bekomme ich bei jeder Anmeldung, egal bei welchem benutzerkonto, eine meldung, ungefähr in diesem Sinn: Fehler bei der Anwendungsinitialisierung. 0x800106ba kontte nicht gestartet werden, und dann noch etwas mit an Hilfe&Support wenden, wenn das Problem weiterhin besteht. Hinzu kommt noch, dass mein Sicherheitscenter nicht mehr funktioniert: in der Taskleiste steht der Windows-Sicherheitshinweis, dass mein Sicherheitscenter deaktiviert ist, und ich kann es nicht wieder einschalten. Wenn ich es versuche, kriege ich folgende Fehlermeldung: "Der Sicherheitscenterdienst konnte nicht gestartet werden." Nun weiß ich nicht, ob mein System auch wirklich sauber ist, deshalb dieses Posting. Hier noch die DDS.txt Code:
ATTFilter . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by *** at 11:40:36 on 2012-04-28 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.4094.2762 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Ralink\Common\RaRegistry.exe C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\System32\alg.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.at/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 194.183.128.35 194.183.128.36 TCP: Interfaces\{F7F47CC9-50DD-494F-B229-41D27BA5A4B5} : DhcpNameServer = 194.183.128.35 194.183.128.36 {0347C33E-8762-4905-BF09-768834316C61} {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {9030D464-4C02-4ABF-8ECC-5164760863C6} {DBC80044-A445-435b-BC74-9C25C1C588A9} {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hluc9alb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/ FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin.dll FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin2.dll FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin3.dll FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin4.dll FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin5.dll FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin6.dll FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin7.dll FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-14 86224] R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-14 110032] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2011-3-17 29261152] R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2010-10-8 185632] R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2010-10-8 211232] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-3-30 1295416] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-3-30 681016] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253600] S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000] S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968] S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2011-9-27 93848] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-04-28 08:28:24 4754944 ----a-w- C:\Users\***\unetbootin-windows-568.exe 2012-04-28 07:29:02 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2012-04-28 07:29:02 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-28 07:14:57 -------- d-----w- C:\Users\***\AppData\Local\Secunia PSI (BETA) 2012-04-28 07:14:47 -------- d-----w- C:\Program Files (x86)\Secunia 2012-04-28 03:22:23 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-28 03:21:10 2074160 ----a-w- C:\Users\***\tdsskiller.exe 2012-04-28 02:38:46 -------- d-----w- C:\Windows\pss 2012-04-27 08:25:53 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55E928D3-F6C4-4338-991F-EC43C0D3F47A}\mpengine.dll 2012-04-11 22:10:59 78848 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-11 22:10:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-11 22:10:59 219136 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-11 22:10:59 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-11 22:10:59 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-11 08:03:32 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2012-04-11 08:03:32 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat 2012-03-29 09:53:51 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-04-28 07:25:45 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-06 06:44:22 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-02-29 15:37:41 5632 ----a-w- C:\Windows\System32\wmi.dll 2012-02-29 13:52:46 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll 2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 11:40:49,90 =============== Hier noch die Logs von Malwarebyte: Der Full-Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.28.01 Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Matthias :: EL-PC [Administrator] 28.04.2012 05:50:07 mbam-log-2012-04-28 (05-50-07).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 671322 Laufzeit: 2 Stunde(n), 11 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Matthias\Matthias\SoftonicDownloader_fuer_k-lite-codec-pack.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.28.01 Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Matthias :: EL-PC [Administrator] 28.04.2012 04:59:48 mbam-log-2012-04-28 (04-59-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 287765 Laufzeit: 11 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|B7E8586E002691CF000061E3570F1C8B (Trojan.LameShield) -> Daten: C:\ProgramData\B7E8586E002691CF000061E3570F1C8B\B7E8586E002691CF000061E3570F1C8B.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\B7E8586E002691CF000061E3570F1C8B\B7E8586E002691CF000061E3570F1C8B.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 28. April 2012 04:48 Es wird nach 3719726 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista x64 Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : Matthias Computername : EL-PC Versionsinformationen: BUILD.DAT : 12.0.0.898 Bytes 31.01.2012 13:51:00 AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 18:00:32 AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 18:00:31 LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 18:00:34 AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 18:00:37 AVREG.DLL : 12.1.0.36 229128 Bytes 06.04.2012 10:32:55 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:12:01 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:10:05 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 08:01:34 VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 08:01:37 VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 08:01:37 VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 08:01:37 VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 08:01:37 VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 08:01:38 VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 08:01:38 VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 08:01:39 VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 08:01:39 VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 08:01:39 VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 08:52:37 VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 10:29:15 VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 10:32:55 VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 14:10:17 VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 14:10:01 VBASE019.VDF : 7.11.27.159 148992 Bytes 13.04.2012 14:14:27 VBASE020.VDF : 7.11.27.201 207360 Bytes 17.04.2012 15:46:59 VBASE021.VDF : 7.11.28.3 237568 Bytes 19.04.2012 16:36:14 VBASE022.VDF : 7.11.28.49 193536 Bytes 20.04.2012 21:58:21 VBASE023.VDF : 7.11.28.99 195072 Bytes 23.04.2012 08:26:05 VBASE024.VDF : 7.11.28.133 247808 Bytes 24.04.2012 14:46:51 VBASE025.VDF : 7.11.28.183 186880 Bytes 26.04.2012 14:46:51 VBASE026.VDF : 7.11.28.184 2048 Bytes 26.04.2012 14:46:51 VBASE027.VDF : 7.11.28.185 2048 Bytes 26.04.2012 14:46:51 VBASE028.VDF : 7.11.28.186 2048 Bytes 26.04.2012 14:46:51 VBASE029.VDF : 7.11.28.187 2048 Bytes 26.04.2012 14:46:51 VBASE030.VDF : 7.11.28.188 2048 Bytes 26.04.2012 14:46:51 VBASE031.VDF : 7.11.28.226 114176 Bytes 27.04.2012 02:46:33 Engineversion : 8.2.10.58 AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 17:39:36 AESCRIPT.DLL : 8.1.4.18 455034 Bytes 27.04.2012 14:47:50 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 20:00:48 AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 18:17:21 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.16.9 807287 Bytes 31.03.2012 08:54:02 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 27.04.2012 14:47:49 AEHEUR.DLL : 8.1.4.21 4682102 Bytes 27.04.2012 14:47:49 AEHELP.DLL : 8.1.20.0 254326 Bytes 27.04.2012 14:47:46 AEGEN.DLL : 8.1.5.28 422260 Bytes 27.04.2012 14:47:46 AEEXP.DLL : 8.1.0.33 82293 Bytes 27.04.2012 14:47:50 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 18:52:28 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41 AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38 AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38 AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 18:00:30 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37 SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51 AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39 NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00 RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\Matthias\AppData\Local\Temp\be37ead5.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Samstag, 28. April 2012 04:48 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\ProgramData\B7E8586E002691CF000061E3570F1C8B' Ende des Suchlaufs: Samstag, 28. April 2012 04:48 Benötigte Zeit: 00:00 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 1 Verzeichnisse wurden überprüft 2 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 2 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 0 Hinweise Ich hoffe, hier kann jemand etwas damit anfangen, und bedanke mich schonmal im voraus für jegliche Hilfe. |
30.04.2012, 13:34 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 / sicherheitscenter ausgeschaltet Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
01.05.2012, 00:10 | #3 |
| Smart Fortress 2012 / sicherheitscenter ausgeschaltet Scan ist fertig, hier das Log:
__________________Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=827c3d26e495e64ba886122c7abe5e33 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-30 10:24:51 # local_time=2012-05-01 12:24:51 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 17206596 17206596 0 0 # compatibility_mode=5892 16776638 100 56 242353 173334393 0 0 # compatibility_mode=8192 67108863 100 0 291 291 0 0 # scanned=401523 # found=1 # cleaned=0 # scan_time=14203 C:\Users\Wolfgang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\33RGCFD9\stream[2].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I |
01.05.2012, 15:19 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 / sicherheitscenter ausgeschaltet Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
01.05.2012, 15:45 | #5 |
| Smart Fortress 2012 / sicherheitscenter ausgeschaltet zu 1.) Mit Ausnahme des Sicherheitscenters (das ausgeschaltet ist und welches ich nicht wieder einschalten kann) und des Windows Defenders (da geht gar nichts mehr) funktioniert soweit eigentlich alles. zu 2.) Der einzige leere Ordner ist der von Open Office.org 3.1, wobei ich aber auch vor kurzem die neue Version 3.2 installiert habe, kann also auch daher kommen. Im Autostart-Ordner befindet sich nur Secunia PSI Tray, das habe ich allerdings erst nach dem Virenbefall und der Entfernung durch Malwarebytes installiert. Wenn ich da drauf klicke, passiert aber nichts. |
01.05.2012, 16:27 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 / sicherheitscenter ausgeschaltet Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> Smart Fortress 2012 / sicherheitscenter ausgeschaltet |
01.05.2012, 17:25 | #7 |
| Smart Fortress 2012 / sicherheitscenter ausgeschaltet Erledigt, hier das Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.05.2012 18:03:00 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Matthias\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,93% Memory free 8,18 Gb Paging File | 6,54 Gb Available in Paging File | 79,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 35,80 Gb Free Space | 7,69% Space Free | Partition Type: NTFS Computer Name: EL-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.01 18:00:45 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe PRC - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012.03.30 12:26:12 | 000,562,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.17 19:08:32 | 029,261,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe PRC - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe ========== Modules (No Company Name) ========== MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.01.27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.04.30 13:12:24 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.20 14:07:50 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.17 19:08:32 | 029,261,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.25 12:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.09.18 22:17:16 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.05.21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv) SRV - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv) SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 20:00:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI) DRV:64bit: - [2011.10.11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.07 00:06:48 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2011.01.27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.01.27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.09.23 09:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.24 15:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008.11.11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus) DRV:64bit: - [2006.11.22 09:12:00 | 000,275,456 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys -- (SANDRA) DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 2D 34 18 7C 31 CA 01 [binary data] IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\SearchScopes\{B95BBBC8-8E1F-4F2D-B95A-4C802F614257}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.10.02 20:23:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 01:53:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 12:12:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.10.02 20:23:46 | 000,000,000 | ---D | M] [2009.09.09 20:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2012.04.26 13:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\hluc9alb.default\extensions [2010.04.27 23:12:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\hluc9alb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.28 09:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.28 09:29:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.03.18 01:53:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.28 09:28:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 21:08:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 21:08:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.03 21:08:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 21:08:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 21:08:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 21:08:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Margaretha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.183.128.35 194.183.128.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F47CC9-50DD-494F-B229-41D27BA5A4B5}: DhcpNameServer = 194.183.128.35 194.183.128.36 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\Shell - "" = AutoRun O33 - MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: lonet - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SoftAuto.exe - hkey= - key= - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: 31640508.sys - Driver SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: 31640508.sys - Driver SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: 31640508.sys - Driver SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 31640508.sys - Driver SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.01 18:00:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2012.04.30 20:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.04.30 20:22:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Matthias\Desktop\esetsmartinstaller_enu.exe [2012.04.29 17:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.04.29 17:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.04.29 17:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.04.28 16:13:35 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\HpUpdate [2012.04.28 16:12:59 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012.04.28 11:41:56 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\platz! [2012.04.28 11:36:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matthias\Desktop\dds.com [2012.04.28 10:28:24 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\Users\Matthias\unetbootin-windows-568.exe [2012.04.28 09:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.04.28 09:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.04.28 09:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.04.28 09:14:57 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Secunia PSI (BETA) [2012.04.28 09:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012.04.28 05:22:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.04.28 05:21:10 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthias\tdsskiller.exe [2012.04.28 04:38:46 | 000,000,000 | ---D | C] -- C:\Windows\pss [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.01 18:00:45 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2012.05.01 18:00:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.01 16:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.01 15:13:03 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.01 15:13:03 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.30 20:22:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Matthias\Desktop\esetsmartinstaller_enu.exe [2012.04.29 17:29:26 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.04.28 16:17:28 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012.04.28 12:48:07 | 000,002,640 | ---- | M] () -- C:\Users\Matthias\Desktop\Attach.zip [2012.04.28 12:12:27 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.04.28 11:36:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matthias\Desktop\dds.com [2012.04.28 11:36:04 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable [2012.04.28 11:34:40 | 000,050,477 | ---- | M] () -- C:\Users\Matthias\Desktop\Defogger.exe [2012.04.28 10:31:50 | 001,590,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.28 10:31:50 | 000,680,288 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.28 10:31:50 | 000,646,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.28 10:31:50 | 000,146,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.28 10:31:50 | 000,123,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.28 10:28:28 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\Users\Matthias\unetbootin-windows-568.exe [2012.04.28 09:27:29 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.04.28 09:14:49 | 000,000,941 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.04.28 09:09:51 | 000,253,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.04.28 06:09:16 | 000,001,460 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps64.dat [2012.04.28 05:49:29 | 000,001,356 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2012.04.28 05:21:11 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthias\tdsskiller.exe [2012.04.28 04:56:08 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.22 04:16:25 | 000,000,220 | ---- | M] () -- C:\Users\Matthias\Desktop\Psychonauts.url [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.29 17:29:26 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.04.28 12:48:07 | 000,002,640 | ---- | C] () -- C:\Users\Matthias\Desktop\Attach.zip [2012.04.28 11:36:04 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable [2012.04.28 11:34:39 | 000,050,477 | ---- | C] () -- C:\Users\Matthias\Desktop\Defogger.exe [2012.04.28 09:32:46 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.04.28 09:32:46 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.04.28 09:14:49 | 000,000,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.04.28 09:14:49 | 000,000,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.04.28 04:56:08 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.22 04:16:25 | 000,000,220 | ---- | C] () -- C:\Users\Matthias\Desktop\Psychonauts.url [2011.12.26 04:44:14 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.27 14:46:49 | 011,165,696 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Sandra.mdb [2011.08.24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.06.02 19:17:48 | 000,000,765 | ---- | C] () -- C:\Windows\ONFORMAT.INI [2011.06.02 19:17:48 | 000,000,341 | ---- | C] () -- C:\Windows\RECMGRUN.INI [2011.06.02 19:17:36 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI [2011.03.26 17:41:16 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.03.26 16:57:47 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI [2011.03.18 11:17:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.17 17:43:18 | 000,001,356 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.18 15:20:02 | 000,000,278 | ---- | C] () -- C:\Windows\ACTIVEJP.INI [2010.05.27 18:01:56 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin ========== LOP Check ========== [2010.03.18 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org [2010.03.30 20:33:05 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\NwDocx [2009.09.14 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\OpenOffice.org [2011.04.28 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Sony [2009.09.17 19:24:55 | 000,000,000 | ---D | M] -- C:\Users\Margaretha\AppData\Roaming\OpenOffice.org [2009.12.20 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon [2012.03.29 14:56:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\BitTorrent [2010.11.16 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools Lite [2010.03.19 10:21:45 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dragon Age Toolset [2010.05.21 23:50:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FOG Downloader [2009.10.07 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GrabPro [2010.06.02 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\LG Electronics [2009.09.14 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org [2009.10.22 13:03:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Orbit [2011.07.13 19:23:40 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony [2010.03.18 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony Setup [2010.05.20 12:59:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tuige [2011.07.25 23:20:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\uqm [2010.05.19 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xyky [2011.08.27 14:16:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Amazon [2009.09.27 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\OpenOffice.org [2009.10.09 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Orbit [2010.04.10 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Sony [2012.05.01 02:17:59 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.09.26 17:53:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Adobe [2009.12.20 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon [2010.06.28 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Apple Computer [2011.03.18 11:30:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ATI [2011.10.14 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Avira [2012.03.29 14:56:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\BitTorrent [2010.08.01 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Creative [2010.11.16 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools Lite [2010.03.19 10:21:45 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dragon Age Toolset [2012.03.18 18:32:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\dvdcss [2010.05.21 23:50:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FOG Downloader [2009.10.07 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GrabPro [2009.12.07 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\HP [2012.04.28 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\HpUpdate [2009.09.09 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Identities [2010.06.02 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\InstallShield [2010.06.02 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\LG Electronics [2009.09.10 14:19:19 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Macromedia [2011.09.12 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Center Programs [2009.09.09 21:19:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Player Classic [2010.12.08 15:24:55 | 000,000,000 | --SD | M] -- C:\Users\Matthias\AppData\Roaming\Microsoft [2011.10.13 03:18:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\mIRC [2009.09.09 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mozilla [2009.09.14 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org [2009.10.22 13:03:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Orbit [2010.02.19 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Real [2009.09.15 14:38:08 | 000,000,000 | RH-D | M] -- C:\Users\Matthias\AppData\Roaming\SecuROM [2011.07.13 19:23:40 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony [2010.03.18 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony Setup [2010.05.20 12:59:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tuige [2011.07.25 23:20:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\uqm [2012.04.27 23:53:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\vlc [2010.05.19 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xyky < %APPDATA%\*.exe /s > [2011.06.05 19:04:42 | 000,010,134 | R--- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe [2010.02.19 16:18:38 | 000,009,454 | R--- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Installer\{88DAAF05-5A72-46D2-A7C5-C3759697E943}\_6FEFF9B68218417F98F549.exe [2010.03.18 18:42:11 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\Users\Matthias\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.09.13 17:46:13 | 010,627,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 680 bytes -> C:\Users\Matthias\Documents\WLAN-Modem.eml:OECustomProperty < End of report > |
01.05.2012, 18:00 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 / sicherheitscenter ausgeschaltet Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O3 - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [] File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\Shell - "" = AutoRun O33 - MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a [2011.07.25 23:20:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\uqm [2010.05.19 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xyky :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
01.05.2012, 22:25 | #9 |
| Smart Fortress 2012 / sicherheitscenter ausgeschaltet Beim ersten Versuch bekam ich einen Bluescreen of Death, beim zweiten klappte am Anfang alles, aber am Ende stürzte OTL ab. Beim dritten Versuch klappte dann alles, hier nun das log, das sich nach dem Neustart geöffnet hat. Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1419767165-1224086374-814660101-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\ not found. File K:\LaunchU3.exe -a not found. Folder C:\Users\Matthias\AppData\Roaming\uqm\ not found. Folder C:\Users\Matthias\AppData\Roaming\Xyky\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Christina ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Margaretha ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Matthias ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1638400 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6685274 bytes ->Flash cache emptied: 456 bytes User: Public User: Wolfgang ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 675385908 bytes ->Flash cache emptied: 841 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 10763472 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 455543792 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.097,00 mb [EMPTYFLASH] User: Administrator User: All Users User: Christina ->Flash cache emptied: 0 bytes User: Default User: Default User User: Margaretha ->Flash cache emptied: 0 bytes User: Matthias ->Flash cache emptied: 0 bytes User: Public User: Wolfgang ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully OTL by OldTimer - Version 3.2.42.2 log created on 05012012_231410 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\SETD2DA.tmp scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\SETDF2D.tmp scheduled to be moved on reboot. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... |
02.05.2012, 13:32 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 / sicherheitscenter ausgeschaltetZitat:
Dieses Tool ist KEIN Spielzeug! Deswegen gibt es von mir auch immer eine dementsprechende deutliche Warnung wenn es ausgeführt werden soll, man darf nicht einfach pauschal alles löschen wenn es etwas Verdächtiges findet!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 15:23 | #11 |
| Smart Fortress 2012 / sicherheitscenter ausgeschaltet Tja, das war wirklich nicht besonders klug von mir. Wieder was gelernt. Hier das log: Code:
ATTFilter 05:21:28.0779 3736 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 05:21:28.0847 3736 ============================================================ 05:21:28.0847 3736 Current date / time: 2012/04/28 05:21:28.0847 05:21:28.0847 3736 SystemInfo: 05:21:28.0847 3736 05:21:28.0847 3736 OS Version: 6.0.6002 ServicePack: 2.0 05:21:28.0847 3736 Product type: Workstation 05:21:28.0847 3736 ComputerName: EL-PC 05:21:28.0847 3736 UserName: Matthias 05:21:28.0847 3736 Windows directory: C:\Windows 05:21:28.0847 3736 System windows directory: C:\Windows 05:21:28.0847 3736 Running under WOW64 05:21:28.0847 3736 Processor architecture: Intel x64 05:21:28.0847 3736 Number of processors: 4 05:21:28.0847 3736 Page size: 0x1000 05:21:28.0847 3736 Boot type: Normal boot 05:21:28.0847 3736 ============================================================ 05:21:30.0192 3736 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 05:21:30.0224 3736 ============================================================ 05:21:30.0224 3736 \Device\Harddisk0\DR0: 05:21:30.0224 3736 MBR partitions: 05:21:30.0224 3736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385800 05:21:30.0224 3736 ============================================================ 05:21:30.0245 3736 C: <-> \Device\Harddisk0\DR0\Partition0 05:21:30.0245 3736 ============================================================ 05:21:30.0245 3736 Initialize success 05:21:30.0245 3736 ============================================================ 05:21:35.0066 2672 ============================================================ 05:21:35.0066 2672 Scan started 05:21:35.0066 2672 Mode: Manual; 05:21:35.0066 2672 ============================================================ 05:21:38.0520 2672 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 05:21:38.0520 2672 ACPI - ok 05:21:38.0691 2672 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 05:21:38.0691 2672 AdobeFlashPlayerUpdateSvc - ok 05:21:38.0754 2672 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 05:21:38.0785 2672 adp94xx - ok 05:21:38.0816 2672 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 05:21:38.0816 2672 adpahci - ok 05:21:38.0848 2672 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 05:21:38.0848 2672 adpu160m - ok 05:21:38.0863 2672 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 05:21:38.0863 2672 adpu320 - ok 05:21:38.0895 2672 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll 05:21:38.0910 2672 AeLookupSvc - ok 05:21:38.0941 2672 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys 05:21:38.0957 2672 AFD - ok 05:21:38.0957 2672 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 05:21:38.0957 2672 agp440 - ok 05:21:38.0973 2672 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 05:21:38.0988 2672 aic78xx - ok 05:21:39.0004 2672 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe 05:21:39.0004 2672 ALG - ok 05:21:39.0020 2672 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 05:21:39.0020 2672 aliide - ok 05:21:39.0035 2672 ALLOW-IO - ok 05:21:39.0191 2672 AMD External Events Utility (5eba5e837d6635aea999bae47e186c6f) C:\Windows\system32\atiesrxx.exe 05:21:39.0207 2672 AMD External Events Utility - ok 05:21:39.0207 2672 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 05:21:39.0207 2672 amdide - ok 05:21:39.0238 2672 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 05:21:39.0238 2672 AmdK8 - ok 05:21:43.0051 2672 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys 05:21:43.0285 2672 amdkmdag - ok 05:21:43.0535 2672 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys 05:21:43.0535 2672 amdkmdap - ok 05:21:43.0676 2672 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 05:21:43.0676 2672 AntiVirSchedulerService - ok 05:21:43.0801 2672 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 05:21:43.0801 2672 AntiVirService - ok 05:21:43.0848 2672 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll 05:21:43.0848 2672 Appinfo - ok 05:21:43.0895 2672 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 05:21:43.0895 2672 Apple Mobile Device - ok 05:21:44.0051 2672 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 05:21:44.0066 2672 arc - ok 05:21:44.0098 2672 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 05:21:44.0113 2672 arcsas - ok 05:21:44.0129 2672 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 05:21:44.0129 2672 AsyncMac - ok 05:21:44.0145 2672 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 05:21:44.0145 2672 atapi - ok 05:21:44.0191 2672 AtiHDAudioService (ffadd388d1e7f075857659928365d579) C:\Windows\system32\drivers\AtihdLH6.sys 05:21:44.0207 2672 AtiHDAudioService - ok 05:21:44.0254 2672 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 05:21:44.0270 2672 AudioEndpointBuilder - ok 05:21:44.0270 2672 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 05:21:44.0270 2672 AudioSrv - ok 05:21:44.0301 2672 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys 05:21:44.0301 2672 avgntflt - ok 05:21:44.0363 2672 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys 05:21:44.0363 2672 avipbb - ok 05:21:44.0426 2672 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 05:21:44.0441 2672 avkmgr - ok 05:21:44.0473 2672 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll 05:21:44.0473 2672 BFE - ok 05:21:44.0535 2672 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll 05:21:44.0551 2672 BITS - ok 05:21:44.0598 2672 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 05:21:44.0598 2672 blbdrive - ok 05:21:44.0723 2672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 05:21:44.0738 2672 Bonjour Service - ok 05:21:44.0926 2672 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 05:21:44.0941 2672 bowser - ok 05:21:44.0988 2672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 05:21:45.0004 2672 BrFiltLo - ok 05:21:45.0004 2672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 05:21:45.0004 2672 BrFiltUp - ok 05:21:45.0051 2672 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll 05:21:45.0066 2672 Browser - ok 05:21:45.0082 2672 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 05:21:45.0082 2672 Brserid - ok 05:21:45.0098 2672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 05:21:45.0098 2672 BrSerWdm - ok 05:21:45.0113 2672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 05:21:45.0113 2672 BrUsbMdm - ok 05:21:45.0113 2672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 05:21:45.0113 2672 BrUsbSer - ok 05:21:45.0145 2672 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 05:21:45.0145 2672 BTHMODEM - ok 05:21:45.0160 2672 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 05:21:45.0176 2672 cdfs - ok 05:21:45.0191 2672 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 05:21:45.0191 2672 cdrom - ok 05:21:45.0223 2672 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 05:21:45.0223 2672 CertPropSvc - ok 05:21:45.0238 2672 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 05:21:45.0238 2672 circlass - ok 05:21:45.0285 2672 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 05:21:45.0301 2672 CLFS - ok 05:21:45.0363 2672 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 05:21:45.0363 2672 clr_optimization_v2.0.50727_32 - ok 05:21:45.0488 2672 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 05:21:45.0488 2672 clr_optimization_v2.0.50727_64 - ok 05:21:45.0770 2672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 05:21:45.0801 2672 clr_optimization_v4.0.30319_32 - ok 05:21:45.0848 2672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 05:21:45.0879 2672 clr_optimization_v4.0.30319_64 - ok 05:21:45.0910 2672 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 05:21:45.0910 2672 cmdide - ok 05:21:45.0910 2672 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 05:21:45.0926 2672 Compbatt - ok 05:21:45.0926 2672 COMSysApp - ok 05:21:45.0926 2672 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 05:21:45.0926 2672 crcdisk - ok 05:21:46.0191 2672 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll 05:21:46.0191 2672 CryptSvc - ok 05:21:46.0301 2672 CTDevice_Srv (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe 05:21:46.0301 2672 CTDevice_Srv - ok 05:21:46.0441 2672 CTUPnPSv (8e26d772f53b7883a651e0e4a9598f21) C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe 05:21:46.0457 2672 CTUPnPSv - ok 05:21:46.0535 2672 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 05:21:46.0535 2672 DAUpdaterSvc - ok 05:21:46.0598 2672 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 05:21:46.0598 2672 DcomLaunch - ok 05:21:46.0645 2672 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 05:21:46.0660 2672 DfsC - ok 05:21:47.0504 2672 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe 05:21:47.0676 2672 DFSR - ok 05:21:48.0098 2672 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll 05:21:48.0098 2672 Dhcp - ok 05:21:48.0145 2672 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 05:21:48.0145 2672 disk - ok 05:21:48.0207 2672 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll 05:21:48.0207 2672 Dnscache - ok 05:21:48.0379 2672 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll 05:21:48.0395 2672 dot3svc - ok 05:21:48.0441 2672 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys 05:21:48.0441 2672 Dot4 - ok 05:21:48.0473 2672 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys 05:21:48.0473 2672 Dot4Print - ok 05:21:48.0488 2672 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys 05:21:48.0488 2672 dot4usb - ok 05:21:48.0520 2672 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll 05:21:48.0535 2672 DPS - ok 05:21:48.0551 2672 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 05:21:48.0566 2672 drmkaud - ok 05:21:48.0676 2672 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 05:21:48.0676 2672 DXGKrnl - ok 05:21:48.0723 2672 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 05:21:48.0738 2672 E1G60 - ok 05:21:48.0754 2672 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll 05:21:48.0754 2672 EapHost - ok 05:21:48.0785 2672 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 05:21:48.0801 2672 Ecache - ok 05:21:48.0848 2672 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe 05:21:48.0863 2672 ehRecvr - ok 05:21:48.0879 2672 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe 05:21:48.0879 2672 ehSched - ok 05:21:48.0910 2672 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll 05:21:48.0910 2672 ehstart - ok 05:21:48.0941 2672 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 05:21:48.0957 2672 elxstor - ok 05:21:49.0082 2672 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll 05:21:49.0098 2672 EMDMgmt - ok 05:21:49.0113 2672 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 05:21:49.0113 2672 ErrDev - ok 05:21:49.0145 2672 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll 05:21:49.0145 2672 EventSystem - ok 05:21:49.0191 2672 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 05:21:49.0191 2672 exfat - ok 05:21:49.0223 2672 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 05:21:49.0223 2672 fastfat - ok 05:21:49.0238 2672 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 05:21:49.0238 2672 fdc - ok 05:21:49.0254 2672 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll 05:21:49.0254 2672 fdPHost - ok 05:21:49.0270 2672 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll 05:21:49.0270 2672 FDResPub - ok 05:21:49.0316 2672 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 05:21:49.0316 2672 FileInfo - ok 05:21:49.0332 2672 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 05:21:49.0332 2672 Filetrace - ok 05:21:49.0332 2672 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 05:21:49.0348 2672 flpydisk - ok 05:21:49.0363 2672 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 05:21:49.0379 2672 FltMgr - ok 05:21:49.0504 2672 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll 05:21:49.0535 2672 FontCache - ok 05:21:49.0582 2672 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 05:21:49.0582 2672 FontCache3.0.0.0 - ok 05:21:49.0629 2672 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys 05:21:49.0645 2672 Fs_Rec - ok 05:21:49.0645 2672 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 05:21:49.0660 2672 gagp30kx - ok 05:21:49.0676 2672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 05:21:49.0676 2672 GEARAspiWDM - ok 05:21:49.0723 2672 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll 05:21:49.0754 2672 gpsvc - ok 05:21:49.0816 2672 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys 05:21:49.0832 2672 HdAudAddService - ok 05:21:49.0895 2672 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 05:21:49.0895 2672 HDAudBus - ok 05:21:49.0941 2672 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 05:21:49.0941 2672 HidBth - ok 05:21:49.0957 2672 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 05:21:49.0973 2672 HidIr - ok 05:21:49.0988 2672 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll 05:21:49.0988 2672 hidserv - ok 05:21:50.0004 2672 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 05:21:50.0004 2672 HidUsb - ok 05:21:50.0035 2672 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll 05:21:50.0035 2672 hkmsvc - ok 05:21:50.0066 2672 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 05:21:50.0066 2672 HpCISSs - ok 05:21:50.0176 2672 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 05:21:50.0176 2672 hpqcxs08 - ok 05:21:50.0191 2672 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 05:21:50.0191 2672 hpqddsvc - ok 05:21:50.0316 2672 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 05:21:50.0348 2672 HTTP - ok 05:21:50.0348 2672 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 05:21:50.0363 2672 i2omp - ok 05:21:50.0395 2672 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 05:21:50.0395 2672 i8042prt - ok 05:21:50.0426 2672 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 05:21:50.0426 2672 iaStorV - ok 05:21:50.0520 2672 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 05:21:50.0535 2672 IDriverT - ok 05:21:50.0707 2672 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 05:21:50.0738 2672 idsvc - ok 05:21:50.0754 2672 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 05:21:50.0770 2672 iirsp - ok 05:21:50.0816 2672 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll 05:21:50.0832 2672 IKEEXT - ok 05:21:50.0910 2672 IntcAzAudAddService (5d33d5dad5eb0f81fac17d3e70dff1dd) C:\Windows\system32\drivers\RTKVHD64.sys 05:21:50.0941 2672 IntcAzAudAddService - ok 05:21:50.0973 2672 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 05:21:50.0973 2672 intelide - ok 05:21:50.0973 2672 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 05:21:50.0973 2672 intelppm - ok 05:21:51.0004 2672 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll 05:21:51.0004 2672 IPBusEnum - ok 05:21:51.0020 2672 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 05:21:51.0035 2672 IpFilterDriver - ok 05:21:51.0113 2672 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll 05:21:51.0113 2672 iphlpsvc - ok 05:21:51.0129 2672 IpInIp - ok 05:21:51.0145 2672 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 05:21:51.0145 2672 IPMIDRV - ok 05:21:51.0160 2672 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 05:21:51.0160 2672 IPNAT - ok 05:21:51.0270 2672 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe 05:21:51.0301 2672 iPod Service - ok 05:21:51.0301 2672 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 05:21:51.0316 2672 IRENUM - ok 05:21:51.0332 2672 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 05:21:51.0332 2672 isapnp - ok 05:21:51.0363 2672 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 05:21:51.0363 2672 iScsiPrt - ok 05:21:51.0379 2672 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 05:21:51.0379 2672 iteatapi - ok 05:21:51.0410 2672 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 05:21:51.0410 2672 iteraid - ok 05:21:51.0426 2672 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 05:21:51.0426 2672 kbdclass - ok 05:21:51.0426 2672 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys 05:21:51.0426 2672 kbdhid - ok 05:21:51.0457 2672 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 05:21:51.0457 2672 KeyIso - ok 05:21:51.0504 2672 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys 05:21:51.0520 2672 KSecDD - ok 05:21:51.0551 2672 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 05:21:51.0551 2672 ksthunk - ok 05:21:51.0613 2672 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll 05:21:51.0613 2672 KtmRm - ok 05:21:51.0660 2672 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll 05:21:51.0676 2672 LanmanServer - ok 05:21:51.0723 2672 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll 05:21:51.0723 2672 LanmanWorkstation - ok 05:21:51.0770 2672 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys 05:21:51.0770 2672 Lbd - ok 05:21:51.0801 2672 libusb0 - ok 05:21:51.0801 2672 libusbd - ok 05:21:51.0816 2672 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 05:21:51.0832 2672 lltdio - ok 05:21:51.0879 2672 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll 05:21:51.0879 2672 lltdsvc - ok 05:21:51.0910 2672 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll 05:21:51.0910 2672 lmhosts - ok 05:21:51.0926 2672 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 05:21:51.0926 2672 LSI_FC - ok 05:21:51.0941 2672 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 05:21:51.0957 2672 LSI_SAS - ok 05:21:51.0957 2672 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 05:21:51.0973 2672 LSI_SCSI - ok 05:21:51.0973 2672 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 05:21:51.0973 2672 luafv - ok 05:21:52.0066 2672 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll 05:21:52.0066 2672 Mcx2Svc - ok 05:21:52.0129 2672 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 05:21:52.0129 2672 megasas - ok 05:21:52.0598 2672 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 05:21:52.0613 2672 MegaSR - ok 05:21:52.0707 2672 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 05:21:52.0707 2672 MMCSS - ok 05:21:52.0723 2672 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 05:21:52.0723 2672 Modem - ok 05:21:52.0754 2672 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 05:21:52.0754 2672 monitor - ok 05:21:52.0770 2672 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 05:21:52.0770 2672 mouclass - ok 05:21:52.0770 2672 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 05:21:52.0770 2672 mouhid - ok 05:21:52.0785 2672 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 05:21:52.0785 2672 MountMgr - ok 05:21:52.0816 2672 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 05:21:52.0816 2672 mpio - ok 05:21:52.0832 2672 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 05:21:52.0848 2672 mpsdrv - ok 05:21:52.0926 2672 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll 05:21:52.0926 2672 MpsSvc - ok 05:21:52.0957 2672 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 05:21:52.0973 2672 Mraid35x - ok 05:21:52.0988 2672 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 05:21:52.0988 2672 MRxDAV - ok 05:21:53.0020 2672 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 05:21:53.0020 2672 mrxsmb - ok 05:21:53.0051 2672 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 05:21:53.0051 2672 mrxsmb10 - ok 05:21:53.0066 2672 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 05:21:53.0066 2672 mrxsmb20 - ok 05:21:53.0082 2672 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 05:21:53.0098 2672 msahci - ok 05:21:53.0113 2672 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 05:21:53.0113 2672 msdsm - ok 05:21:53.0145 2672 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe 05:21:53.0145 2672 MSDTC - ok 05:21:53.0160 2672 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 05:21:53.0176 2672 Msfs - ok 05:21:53.0191 2672 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 05:21:53.0191 2672 msisadrv - ok 05:21:53.0223 2672 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll 05:21:53.0238 2672 MSiSCSI - ok 05:21:53.0238 2672 msiserver - ok 05:21:53.0254 2672 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 05:21:53.0254 2672 MSKSSRV - ok 05:21:53.0270 2672 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 05:21:53.0270 2672 MSPCLOCK - ok 05:21:53.0285 2672 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 05:21:53.0285 2672 MSPQM - ok 05:21:53.0348 2672 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 05:21:53.0363 2672 MsRPC - ok 05:21:53.0379 2672 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 05:21:53.0379 2672 mssmbios - ok 05:21:53.0473 2672 MSSQL$BWDATOOLSET - ok 05:21:53.0520 2672 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe 05:21:53.0535 2672 MSSQLServerADHelper - ok 05:21:53.0535 2672 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 05:21:53.0535 2672 MSTEE - ok 05:21:53.0598 2672 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 05:21:53.0598 2672 Mup - ok 05:21:53.0691 2672 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll 05:21:53.0691 2672 napagent - ok 05:21:53.0754 2672 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 05:21:53.0754 2672 NativeWifiP - ok 05:21:53.0816 2672 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 05:21:53.0832 2672 NDIS - ok 05:21:53.0832 2672 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 05:21:53.0832 2672 NdisTapi - ok 05:21:53.0848 2672 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 05:21:53.0848 2672 Ndisuio - ok 05:21:53.0895 2672 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 05:21:53.0895 2672 NdisWan - ok 05:21:53.0910 2672 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 05:21:53.0926 2672 NDProxy - ok 05:21:53.0957 2672 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll 05:21:53.0957 2672 Net Driver HPZ12 - ok 05:21:53.0957 2672 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 05:21:53.0957 2672 NetBIOS - ok 05:21:54.0004 2672 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 05:21:54.0004 2672 netbt - ok 05:21:54.0035 2672 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 05:21:54.0035 2672 Netlogon - ok 05:21:54.0066 2672 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll 05:21:54.0066 2672 Netman - ok 05:21:54.0098 2672 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll 05:21:54.0098 2672 netprofm - ok 05:21:54.0160 2672 netr7364 (b69d6bb680c85243af0263b3e01d5e77) C:\Windows\system32\DRIVERS\netr7364.sys 05:21:54.0191 2672 netr7364 - ok 05:21:54.0285 2672 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 05:21:54.0285 2672 NetTcpPortSharing - ok 05:21:54.0316 2672 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 05:21:54.0316 2672 nfrd960 - ok 05:21:54.0348 2672 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll 05:21:54.0348 2672 NlaSvc - ok 05:21:54.0363 2672 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 05:21:54.0363 2672 Npfs - ok 05:21:54.0379 2672 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll 05:21:54.0379 2672 nsi - ok 05:21:54.0395 2672 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 05:21:54.0395 2672 nsiproxy - ok 05:21:54.0598 2672 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 05:21:54.0645 2672 Ntfs - ok 05:21:54.0910 2672 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 05:21:54.0910 2672 Null - ok 05:21:54.0910 2672 nvlddmkm - ok 05:21:54.0941 2672 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 05:21:54.0957 2672 nvraid - ok 05:21:54.0973 2672 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 05:21:54.0973 2672 nvstor - ok 05:21:54.0988 2672 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 05:21:55.0004 2672 nv_agp - ok 05:21:55.0004 2672 NwlnkFlt - ok 05:21:55.0004 2672 NwlnkFwd - ok 05:21:55.0035 2672 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys 05:21:55.0035 2672 ohci1394 - ok 05:21:55.0129 2672 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 05:21:55.0145 2672 p2pimsvc - ok 05:21:55.0160 2672 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 05:21:55.0160 2672 p2psvc - ok 05:21:55.0191 2672 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 05:21:55.0207 2672 Parport - ok 05:21:55.0223 2672 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 05:21:55.0223 2672 partmgr - ok 05:21:55.0254 2672 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll 05:21:55.0254 2672 PcaSvc - ok 05:21:55.0285 2672 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 05:21:55.0285 2672 pci - ok 05:21:55.0316 2672 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys 05:21:55.0316 2672 pciide - ok 05:21:55.0348 2672 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 05:21:55.0348 2672 pcmcia - ok 05:21:55.0395 2672 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 05:21:55.0426 2672 PEAUTH - ok 05:21:55.0582 2672 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe 05:21:55.0582 2672 PerfHost - ok 05:21:55.0691 2672 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll 05:21:55.0754 2672 pla - ok 05:21:55.0816 2672 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll 05:21:55.0832 2672 PlugPlay - ok 05:21:55.0863 2672 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll 05:21:55.0863 2672 Pml Driver HPZ12 - ok 05:21:55.0926 2672 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 05:21:55.0926 2672 PNRPAutoReg - ok 05:21:55.0941 2672 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 05:21:55.0941 2672 PNRPsvc - ok 05:21:56.0066 2672 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll 05:21:56.0082 2672 PolicyAgent - ok 05:21:56.0254 2672 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 05:21:56.0254 2672 PptpMiniport - ok 05:21:56.0301 2672 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 05:21:56.0301 2672 Processor - ok 05:21:56.0332 2672 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll 05:21:56.0348 2672 ProfSvc - ok 05:21:56.0410 2672 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 05:21:56.0410 2672 ProtectedStorage - ok 05:21:56.0457 2672 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 05:21:56.0473 2672 PSched - ok 05:21:56.0535 2672 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 05:21:56.0566 2672 ql2300 - ok 05:21:56.0582 2672 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 05:21:56.0598 2672 ql40xx - ok 05:21:56.0629 2672 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll 05:21:56.0629 2672 QWAVE - ok 05:21:56.0645 2672 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 05:21:56.0645 2672 QWAVEdrv - ok 05:21:56.0879 2672 RalinkRegistryWriter (e155e09229624c69a1a6609c0cb3641f) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe 05:21:56.0879 2672 RalinkRegistryWriter - ok 05:21:56.0895 2672 RalinkRegistryWriter64 (42a952ca5f9de8fcec25307b19570bb9) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe 05:21:56.0910 2672 RalinkRegistryWriter64 - ok 05:21:56.0926 2672 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 05:21:56.0926 2672 RasAcd - ok 05:21:56.0957 2672 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll 05:21:56.0957 2672 RasAuto - ok 05:21:56.0988 2672 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 05:21:56.0988 2672 Rasl2tp - ok 05:21:57.0020 2672 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll 05:21:57.0035 2672 RasMan - ok 05:21:57.0066 2672 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 05:21:57.0082 2672 RasPppoe - ok 05:21:57.0098 2672 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 05:21:57.0098 2672 RasSstp - ok 05:21:57.0145 2672 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 05:21:57.0160 2672 rdbss - ok 05:21:57.0160 2672 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 05:21:57.0160 2672 RDPCDD - ok 05:21:57.0207 2672 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 05:21:57.0207 2672 rdpdr - ok 05:21:57.0207 2672 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 05:21:57.0223 2672 RDPENCDD - ok 05:21:57.0332 2672 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys 05:21:57.0348 2672 RDPWD - ok 05:21:57.0379 2672 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll 05:21:57.0379 2672 RemoteAccess - ok 05:21:57.0504 2672 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll 05:21:57.0504 2672 RemoteRegistry - ok 05:21:57.0535 2672 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe 05:21:57.0535 2672 RpcLocator - ok 05:21:58.0238 2672 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 05:21:58.0238 2672 RpcSs - ok 05:21:58.0316 2672 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 05:21:58.0316 2672 rspndr - ok 05:21:58.0348 2672 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 05:21:58.0348 2672 SamSs - ok 05:21:58.0520 2672 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\Sandra.sys 05:21:58.0535 2672 SANDRA - ok 05:21:58.0566 2672 SandraAgentSrv (0fbdf70e3a8623732efcdb9e56e79550) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe 05:21:58.0582 2672 SandraAgentSrv - ok 05:21:58.0598 2672 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 05:21:58.0613 2672 sbp2port - ok 05:21:58.0629 2672 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll 05:21:58.0645 2672 SCardSvr - ok 05:21:59.0317 2672 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll 05:21:59.0349 2672 Schedule - ok 05:21:59.0396 2672 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 05:21:59.0396 2672 SCPolicySvc - ok 05:21:59.0552 2672 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll 05:21:59.0567 2672 SDRSVC - ok 05:21:59.0599 2672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 05:21:59.0599 2672 secdrv - ok 05:21:59.0614 2672 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll 05:21:59.0614 2672 seclogon - ok 05:21:59.0630 2672 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll 05:21:59.0646 2672 SENS - ok 05:21:59.0661 2672 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 05:21:59.0677 2672 Serenum - ok 05:21:59.0692 2672 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 05:21:59.0692 2672 Serial - ok 05:21:59.0708 2672 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 05:21:59.0708 2672 sermouse - ok 05:21:59.0724 2672 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll 05:21:59.0739 2672 SessionEnv - ok 05:21:59.0739 2672 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 05:21:59.0739 2672 sffdisk - ok 05:21:59.0739 2672 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 05:21:59.0755 2672 sffp_mmc - ok 05:21:59.0755 2672 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 05:21:59.0755 2672 sffp_sd - ok 05:21:59.0755 2672 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 05:21:59.0771 2672 sfloppy - ok 05:21:59.0817 2672 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll 05:21:59.0833 2672 SharedAccess - ok 05:21:59.0911 2672 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll 05:21:59.0911 2672 ShellHWDetection - ok 05:21:59.0927 2672 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 05:21:59.0942 2672 SiSRaid2 - ok 05:21:59.0958 2672 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 05:21:59.0958 2672 SiSRaid4 - ok 05:22:00.0599 2672 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe 05:22:00.0692 2672 slsvc - ok 05:22:01.0364 2672 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll 05:22:01.0380 2672 SLUINotify - ok 05:22:01.0411 2672 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 05:22:01.0427 2672 Smb - ok 05:22:01.0458 2672 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe 05:22:01.0458 2672 SNMPTRAP - ok 05:22:01.0489 2672 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 05:22:01.0489 2672 spldr - ok 05:22:01.0567 2672 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe 05:22:01.0583 2672 Spooler - ok 05:22:01.0646 2672 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 05:22:01.0646 2672 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 05:22:01.0646 2672 sptd ( LockedFile.Multi.Generic ) - warning 05:22:01.0646 2672 sptd - detected LockedFile.Multi.Generic (1) 05:22:02.0099 2672 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 05:22:02.0114 2672 SQLBrowser - ok 05:22:02.0208 2672 SQLWriter (d63fc56c7c3f9b576bc25f617e3f7963) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 05:22:02.0224 2672 SQLWriter - ok 05:22:02.0302 2672 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 05:22:02.0317 2672 srv - ok 05:22:02.0349 2672 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 05:22:02.0364 2672 srv2 - ok 05:22:02.0380 2672 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 05:22:02.0380 2672 srvnet - ok 05:22:02.0411 2672 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll 05:22:02.0411 2672 SSDPSRV - ok 05:22:02.0458 2672 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll 05:22:02.0458 2672 SstpSvc - ok 05:22:02.0505 2672 Steam Client Service - ok 05:22:02.0583 2672 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll 05:22:02.0599 2672 stisvc - ok 05:22:02.0614 2672 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 05:22:02.0614 2672 swenum - ok 05:22:02.0677 2672 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll 05:22:02.0692 2672 swprv - ok 05:22:02.0724 2672 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 05:22:02.0739 2672 Symc8xx - ok 05:22:02.0739 2672 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 05:22:02.0755 2672 Sym_hi - ok 05:22:02.0771 2672 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 05:22:02.0771 2672 Sym_u3 - ok 05:22:02.0833 2672 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll 05:22:02.0849 2672 SysMain - ok 05:22:02.0880 2672 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll 05:22:02.0880 2672 TabletInputService - ok 05:22:02.0927 2672 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll 05:22:02.0927 2672 TapiSrv - ok 05:22:02.0958 2672 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll 05:22:02.0958 2672 TBS - ok 05:22:03.0474 2672 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys 05:22:03.0505 2672 Tcpip - ok 05:22:03.0817 2672 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys 05:22:03.0833 2672 Tcpip6 - ok 05:22:04.0052 2672 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 05:22:04.0067 2672 tcpipreg - ok 05:22:04.0083 2672 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 05:22:04.0099 2672 TDPIPE - ok 05:22:04.0114 2672 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 05:22:04.0114 2672 TDTCP - ok 05:22:04.0146 2672 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 05:22:04.0146 2672 tdx - ok 05:22:04.0177 2672 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 05:22:04.0192 2672 TermDD - ok 05:22:04.0286 2672 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll 05:22:04.0302 2672 TermService - ok 05:22:04.0458 2672 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll 05:22:04.0458 2672 Themes - ok 05:22:04.0567 2672 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 05:22:04.0567 2672 THREADORDER - ok 05:22:04.0614 2672 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll 05:22:04.0614 2672 TrkWks - ok 05:22:04.0739 2672 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe 05:22:04.0755 2672 TrustedInstaller - ok 05:22:04.0786 2672 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 05:22:04.0786 2672 tssecsrv - ok 05:22:04.0833 2672 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 05:22:04.0833 2672 tunmp - ok 05:22:04.0911 2672 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 05:22:04.0911 2672 tunnel - ok 05:22:04.0942 2672 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 05:22:04.0958 2672 uagp35 - ok 05:22:05.0239 2672 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 05:22:05.0255 2672 udfs - ok 05:22:05.0271 2672 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe 05:22:05.0271 2672 UI0Detect - ok 05:22:05.0286 2672 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 05:22:05.0302 2672 uliagpkx - ok 05:22:05.0333 2672 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 05:22:05.0349 2672 uliahci - ok 05:22:05.0380 2672 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 05:22:05.0380 2672 UlSata - ok 05:22:05.0411 2672 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 05:22:05.0427 2672 ulsata2 - ok 05:22:05.0442 2672 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 05:22:05.0458 2672 umbus - ok 05:22:05.0474 2672 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll 05:22:05.0474 2672 upnphost - ok 05:22:05.0536 2672 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 05:22:05.0536 2672 USBAAPL64 - ok 05:22:05.0614 2672 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys 05:22:05.0614 2672 usbbus - ok 05:22:05.0661 2672 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 05:22:05.0661 2672 usbccgp - ok 05:22:05.0692 2672 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 05:22:05.0692 2672 usbcir - ok 05:22:05.0692 2672 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys 05:22:05.0708 2672 UsbDiag - ok 05:22:05.0739 2672 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 05:22:05.0739 2672 usbehci - ok 05:22:06.0177 2672 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 05:22:06.0192 2672 usbhub - ok 05:22:06.0224 2672 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys 05:22:06.0224 2672 USBModem - ok 05:22:06.0255 2672 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 05:22:06.0271 2672 usbohci - ok 05:22:06.0286 2672 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 05:22:06.0286 2672 usbprint - ok 05:22:06.0458 2672 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 05:22:06.0474 2672 usbscan - ok 05:22:06.0474 2672 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 05:22:06.0489 2672 USBSTOR - ok 05:22:06.0505 2672 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 05:22:06.0505 2672 usbuhci - ok 05:22:06.0536 2672 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll 05:22:06.0536 2672 UxSms - ok 05:22:06.0630 2672 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe 05:22:06.0630 2672 vds - ok 05:22:06.0677 2672 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 05:22:06.0677 2672 vga - ok 05:22:06.0708 2672 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 05:22:06.0708 2672 VgaSave - ok 05:22:06.0724 2672 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 05:22:06.0739 2672 viaide - ok 05:22:06.0755 2672 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 05:22:06.0755 2672 volmgr - ok 05:22:06.0802 2672 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 05:22:06.0817 2672 volmgrx - ok 05:22:06.0942 2672 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 05:22:06.0974 2672 volsnap - ok 05:22:07.0005 2672 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 05:22:07.0021 2672 vsmraid - ok 05:22:07.0192 2672 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe 05:22:07.0224 2672 VSS - ok 05:22:07.0380 2672 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll 05:22:07.0380 2672 W32Time - ok 05:22:07.0427 2672 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 05:22:07.0427 2672 WacomPen - ok 05:22:07.0458 2672 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 05:22:07.0458 2672 Wanarp - ok 05:22:07.0474 2672 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 05:22:07.0474 2672 Wanarpv6 - ok 05:22:07.0505 2672 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll 05:22:07.0536 2672 wcncsvc - ok 05:22:07.0567 2672 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll 05:22:07.0583 2672 WcsPlugInService - ok 05:22:07.0614 2672 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 05:22:07.0614 2672 Wd - ok 05:22:07.0677 2672 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 05:22:07.0692 2672 Wdf01000 - ok 05:22:07.0755 2672 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 05:22:07.0755 2672 WdiServiceHost - ok 05:22:07.0771 2672 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 05:22:07.0771 2672 WdiSystemHost - ok 05:22:07.0786 2672 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll 05:22:07.0786 2672 WebClient - ok 05:22:07.0864 2672 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll 05:22:07.0864 2672 Wecsvc - ok 05:22:07.0880 2672 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll 05:22:07.0880 2672 wercplsupport - ok 05:22:07.0896 2672 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll 05:22:07.0911 2672 WerSvc - ok 05:22:07.0942 2672 WinDefend - ok 05:22:07.0942 2672 WinHttpAutoProxySvc - ok 05:22:08.0005 2672 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll 05:22:08.0005 2672 Winmgmt - ok 05:22:08.0271 2672 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll 05:22:08.0333 2672 WinRM - ok 05:22:08.0521 2672 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll 05:22:08.0536 2672 Wlansvc - ok 05:22:08.0708 2672 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 05:22:08.0755 2672 wlidsvc - ok 05:22:08.0849 2672 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys 05:22:08.0849 2672 WmiAcpi - ok 05:22:08.0911 2672 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe 05:22:08.0927 2672 wmiApSrv - ok 05:22:08.0942 2672 WMPNetworkSvc - ok 05:22:08.0974 2672 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll 05:22:08.0989 2672 WPCSvc - ok 05:22:09.0052 2672 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll 05:22:09.0052 2672 WPDBusEnum - ok 05:22:09.0192 2672 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 05:22:09.0208 2672 WpdUsb - ok 05:22:09.0489 2672 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 05:22:09.0505 2672 WPFFontCache_v0400 - ok 05:22:09.0536 2672 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 05:22:09.0536 2672 ws2ifsl - ok 05:22:09.0552 2672 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll 05:22:09.0552 2672 wscsvc - ok 05:22:09.0567 2672 WSearch - ok 05:22:09.0677 2672 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll 05:22:09.0724 2672 wuauserv - ok 05:22:09.0864 2672 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 05:22:09.0864 2672 WUDFRd - ok 05:22:09.0896 2672 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll 05:22:09.0896 2672 wudfsvc - ok 05:22:09.0942 2672 yukonx64 (eac900019d31fd79d400ae8626da640d) C:\Windows\system32\DRIVERS\yk60x64.sys 05:22:09.0958 2672 yukonx64 - ok 05:22:09.0974 2672 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 05:22:10.0036 2672 \Device\Harddisk0\DR0 - ok 05:22:10.0036 2672 Boot (0x1200) (86dfa5e1f432db283ad0f3cce4cd082f) \Device\Harddisk0\DR0\Partition0 05:22:10.0036 2672 \Device\Harddisk0\DR0\Partition0 - ok 05:22:10.0036 2672 ============================================================ 05:22:10.0036 2672 Scan finished 05:22:10.0036 2672 ============================================================ 05:22:10.0052 2988 Detected object count: 1 05:22:10.0052 2988 Actual detected object count: 1 05:22:23.0771 2988 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 05:22:23.0771 2988 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot 05:22:23.0802 2988 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot 05:22:24.0052 2988 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot 05:22:24.0052 2988 sptd ( LockedFile.Multi.Generic ) - User select action: Delete 05:22:29.0505 2776 Deinitialize success |
02.05.2012, 15:39 | #12 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 / sicherheitscenter ausgeschaltetZitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 19:51 | #13 |
| Smart Fortress 2012 / sicherheitscenter ausgeschaltet Musste vor dem Ausführen von Combofix Avira Antivir deinstallieren, da man es anscheinend nicht komplett ausschalten kann. Habe es nach dem Ende des Scans wieder installiert, und siehe da: die Meldung, dass mein Sicherheitscenter ausgeschaltet ist, kommt nicht mehr, und auch sonst sieht da alles wieder normal aus. Combofix hat den Computer neugestartet, ich habe dann noch einen manuellen Neustart ausgeführt, weil Firefox keine Seite mehr gefunden hat, jetzt geht alles wieder. Hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-02.03 - Matthias 02.05.2012 19:49:40.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.4094.2630 [GMT 2:00] ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Matthias\AmazonMP3Installer-de_DE.exe c:\users\Matthias\cjs2300GE.exe c:\users\Matthias\Runaway.exe c:\users\Matthias\tdsskiller.exe c:\users\Matthias\unetbootin-windows-568.exe c:\users\Matthias\uqm-0.7.0-installer.exe c:\windows\security\Database\tmp.edb c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-02 bis 2012-05-02 )))))))))))))))))))))))))))))) . . 2012-05-02 18:05 . 2012-05-02 18:22 -------- d-----w- c:\users\Matthias\AppData\Local\temp 2012-05-02 18:05 . 2012-05-02 18:05 -------- d-----w- c:\users\Wolfgang\AppData\Local\temp 2012-05-02 18:05 . 2012-05-02 18:05 -------- d-----w- c:\users\Margaretha\AppData\Local\temp 2012-05-02 14:15 . 2012-05-02 14:15 -------- d-----w- c:\users\Matthias\tdsskiller 2012-05-01 20:57 . 2012-05-01 20:57 -------- d-----w- C:\_OTL 2012-04-30 18:23 . 2012-04-30 18:23 -------- d-----w- c:\program files (x86)\ESET 2012-04-30 11:12 . 2012-04-30 11:12 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-29 15:28 . 2012-04-29 15:28 -------- d-----w- c:\program files\iPod 2012-04-29 15:28 . 2012-04-29 15:29 -------- d-----w- c:\program files\iTunes 2012-04-28 14:13 . 2012-04-28 14:25 -------- d-----w- c:\users\Matthias\AppData\Roaming\HpUpdate 2012-04-28 14:12 . 2012-04-28 14:12 -------- d-----w- c:\windows\Hewlett-Packard 2012-04-28 07:32 . 2012-04-28 07:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-04-28 07:29 . 2012-04-28 07:29 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-04-28 07:29 . 2012-04-28 07:28 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2012-04-28 07:29 . 2012-04-28 07:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-28 07:14 . 2012-04-28 07:14 -------- d-----w- c:\users\Matthias\AppData\Local\Secunia PSI (BETA) 2012-04-28 07:14 . 2012-04-28 07:14 -------- d-----w- c:\program files (x86)\Secunia 2012-04-28 03:22 . 2012-04-28 03:22 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-11 22:10 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 22:10 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 22:10 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-11 22:10 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-11 22:10 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-11 08:03 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat 2012-04-11 08:03 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-30 11:12 . 2012-03-29 09:53 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-30 11:12 . 2011-05-15 11:38 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 13:56 . 2011-09-12 15:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-23 08:18 . 2009-10-03 07:48 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 09:01 . 2012-02-15 09:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 09:01 . 2012-02-15 09:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-14 16:49 . 2012-03-14 10:04 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 16:49 . 2012-03-14 10:04 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-14 15:45 . 2012-03-14 10:04 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-02-14 15:45 . 2012-03-14 10:04 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-02-13 14:38 . 2012-03-14 10:04 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 14:12 . 2012-03-14 10:04 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-02-13 14:06 . 2012-03-14 10:04 834048 ----a-w- c:\windows\system32\d2d1.dll 2012-02-13 14:03 . 2012-03-14 10:04 1555968 ----a-w- c:\windows\system32\DWrite.dll 2012-02-13 13:47 . 2012-03-14 10:04 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-13 13:44 . 2012-03-14 10:04 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-3-30 562232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 253088] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 11:12] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.at/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 194.183.128.35 194.183.128.36 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\hluc9alb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-31640508.sys HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1419767165-1224086374-814660101-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:c1,73,af,40,43,7f,58,cc,91,49,5b,50,0d,35,06,f2,e9,10,91,0b,fb, a9,2f,a9,57,42,60,5b,97,33,15,02,57,35,23,c7,b3,a8,0c,07,fe,53,81,07,eb,77,\ "rkeysecu"=hex:8d,86,0b,e0,25,3b,bd,9a,ca,11,22,ed,85,05,19,d2 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files (x86)\Ralink\Common\RaRegistry.exe c:\program files (x86)\Secunia\PSI\PSIA.exe c:\program files (x86)\Secunia\PSI\sua.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-05-02 20:32:23 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-05-02 18:32 . Vor Suchlauf: 20 Verzeichnis(se), 41.596.309.504 Bytes frei Nach Suchlauf: 25 Verzeichnis(se), 43.015.397.376 Bytes frei . - - End Of File - - 42F3C599D33CF296A0844D3AEF6A10C6 |
02.05.2012, 20:17 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Smart Fortress 2012 / sicherheitscenter ausgeschaltet Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 21:59 | #15 |
| Smart Fortress 2012 / sicherheitscenter ausgeschaltet So, Scan ist fertig, habe avira zur Sicherheit vorher entfernt, damit es auch ja keine Probleme gibt. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-02 22:01:43 ----------------------------- 22:01:43.393 OS Version: Windows x64 6.0.6002 Service Pack 2 22:01:43.393 Number of processors: 4 586 0x1707 22:01:43.393 ComputerName: EL-PC UserName: 22:01:45.596 Initialize success 22:04:09.613 AVAST engine defs: 12050200 22:04:30.469 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 22:04:30.484 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3 22:04:30.484 Disk 0 MBR read successfully 22:04:30.484 Disk 0 MBR scan 22:04:30.500 Disk 0 Windows VISTA default MBR code 22:04:30.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476939 MB offset 2048 22:04:30.547 Disk 0 scanning C:\Windows\system32\drivers 22:04:41.469 Service scanning 22:04:42.719 Service ALLOW-IO D:\ALLOW-IO64.sys **LOCKED** 21 22:05:01.016 Modules scanning 22:05:01.016 Disk 0 trace - called modules: 22:05:01.047 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys 22:05:01.063 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c41790] 22:05:01.063 3 CLASSPNP.SYS[fffffa6000dd1c33] -> nt!IofCallDriver -> [0xfffffa800496d930] 22:05:01.391 5 acpi.sys[fffffa60008fffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800499b940] 22:05:04.203 AVAST engine scan C:\Windows 22:05:21.844 AVAST engine scan C:\Windows\system32 22:11:28.938 AVAST engine scan C:\Windows\system32\drivers 22:11:49.250 AVAST engine scan C:\Users\Matthias 22:43:43.707 AVAST engine scan C:\ProgramData 22:45:52.567 Scan finished successfully 22:50:12.864 Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat" 22:50:12.880 The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt" |
Themen zu Smart Fortress 2012 / sicherheitscenter ausgeschaltet |
administrator, adobe, alles blockiert, antivir, avira, blockiert, bonjour, dateisystem, defender, desktop, explorer, fehlermeldung, firefox, flash player, helper, heuristiks/extra, heuristiks/shuriken, home, malware, mozilla, nt.dll, pdf, plug-in, problem, programm, pup.offerbundler.st, secunia psi, server, svchost.exe, system, taskleiste, temp, trojan.lameshield, wscript.exe |